ShmooCon 2013 Review – Malware Persistence and Shmooganography

Posted: February 20, 2013 in Lock Picking, Malware, Security Awareness, Threats
Tags: , , ,

Like any other HackerCon there are good and bad things, so I will jump right into the interesting stuff.  The start of the conference was a little slow taking less of an attacker security approach, which I prefer.  In any event around midafternoon was a talk called “Wipe the Drive!!! Techniques for Malware Persistence”.    Mark Baggett and Jake Williams discussed some amazing techniques used by attackers.  I mean things that even memory forensics don’t catch.  They were discussing persistence tactics like:

  1. You remove malware and later your computer scans for a wireless access point as a part of normal activity and that scan releases the malware again.
  2. Your remove malware and later you plug in a standard clean USB key.  At this point the trigger of the key being plugged in releases the malware and infects the system.

Again their entire suggestion on the talk was to suggest wiping the drive is again the only safe way to possibly remove malware and to think otherwise might be foolish.

Day 2 and More

On the second day I ended up attending a few different sessions.  There was a talk on running a CTF that went through some of the tactics but mostly explained the amount of time it takes to setup and run a CTF.  Several of the other talks I went to were less than technical in my opinion and I felt everything could be Googled in about the same time I was in the presentation.  There was one exception, Carson Zimmerman packed the room (seriously no sitting space) with his talk on “Ten Strategies of World Class Computer Security Incident Response Team”.  I came in late, but what I saw was good.

ShmooganographyOther activities at the Con were always entertaining.  The Lockpick village always provides a good time filler in-between sessions.  I enjoyed spending some time handing out a few Hacker&Agent card decks to  kids.  Also, there was plenty of hacker and security speak in the evenings at the hotel bar.  Otherwise if you like games there were some contests on the Xbox or I would suggest testing your skills by taking a stab at Shmooganography. If you get a chance and get into the 2014 conference its worth at least taking a look.  Below is a preview of the 2013 contest.

Again overall a good Con, but I think some of the talks need to be more technical and in-depth next year.

Advertisements
Comments
  1. Magnificent goods from you, man. I’ve understand your stuff previous to and you are just extremely wonderful.

  2. Minda says:

    I see a lot of interesting posts on your blog.
    You have to spend a lot of time writing, i know how to save you a lot of time, there is a tool that creates unique,
    google friendly articles in couple of seconds, just
    type in google – k2 unlimited content

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s