Best Talks at ShmooCon XX (Final)
Hand-picked from in-depth reviewer verdicts. View all talks at ShmooCon XX (Final) →
- 1. A Commencement into Real Kubernetes Security — Jay Beale, Mark Manning
In "A Commencement into Real Kubernetes Security," Mark Manning and Jay Beale challenge conventional wisdom surrounding Kubernetes security, urging practitioners to shift their focus from theoretical, "scariest" threats to practical…
- 2. Pages from a Sword-Maker's Notebook pt. III, "The cursed blade" — Vyrus
In "Pages from a Sword-Maker's Notebook pt. III, 'The cursed blade'," security researcher Vyrus unveils a compelling narrative of how he ingeniously transformed an open-source **Mimikatz packer** into an intelligence-gathering instrument…
- 3. Attacking Classified Safes and Vaults from the Cold War to Now — Deviant Ollam
In "Attacking Classified Safes and Vaults from the Cold War to Now," renowned physical security expert Deviant Ollam takes the ShmooCon audience on a captivating journey through the clandestine history and modern realities of breaching…
- 4. Taking Over Millions of Accounts from Abandoned Startups — Dylan Ayrey
This talk, presented by Dylan Ayrey at ShmooCon, exposes a critical vulnerability in the widespread "Login with Google" **OAuth** implementation that allows attackers to take over millions of user accounts associated with defunct…
- 5. Our Time in a Product Review Cabal: And All the Malware and Bugs that Came With It — Adam Schaal, Matt Virus
In "Our Time in a Product Review Cabal: And All the Malware and Bugs that Came With It," Adam Schaal and Matt Virus pull back the curtain on the murky world of online product reviews and the surprisingly prevalent security risks lurking…
- 6. Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government Regulation — Andy Sellars, Mike Specter
In "Software Screws Around, Reverse Engineering Finds Out," Andy Sellars and Mike Specter deliver a compelling argument about the critical, yet often unacknowledged, role of independent, adversarial security research in shaping government…
- 7. The Cost of an Incident — Amanda Draeger
In "The Cost of an Incident," Amanda Draeger, a Cyber Risk Engineer, dissects the multifaceted financial implications of cyber incidents, offering a critical perspective for security professionals struggling to justify investments to…
- 8. The Unethical Engineer's Guide to Event Ticket Acquisition — Karl Koscher
In "The Unethical Engineer's Guide to Event Ticket Acquisition," Karl Koscher delivers a thought-provoking and technically rich presentation on the various sophisticated methods that could be employed to bypass the anti-bot measures of…
- 9. Building and Hacking USB with FPGAs — Michael Ossmann
In this ShmooCon talk, Michael Ossmann, founder and CTO of Great Scott Gadgets, delves into the evolution and application of open-source tools and hardware for building and hacking USB devices using **Field-Programmable Gate Arrays…
- 10. Modern-day SOC Evolution from Open Source to Unlimited Budget — Grifter, pope
In this insightful ShmooCon talk, "Modern-day SOC Evolution from Open Source to Unlimited Budget," Grifter (Neil Wier) and Pope offer a comprehensive look at the essential components of a robust modern Security Operations Center (SOC)…
- 11. The Permission Slip Attack — Leveraging a Confused Deputy in Android with 'pSlip' — Edward Warren
Edward Warren's ShmooCon 2025 talk, "The Permission Slip Attack," unveils a critical vulnerability pattern in Android applications that leverages the **confused deputy** problem. This attack allows an unprivileged, malicious application…
- 12. Windows Projected File System — The Reality Stone — Casey Smith
In his ShmooCon talk, "Windows Projected File System — The Reality Stone," renowned security researcher Casey Smith introduced a novel and powerful defensive technique leveraging the **Windows Projected File System (PFS)**. This…