Month: October 2017

Wildfires in Northern California have decimated entire communities. The fires that started on Oct. 8 have spread to over seven counties and have become the deadliest and most destructive series of fires in California history, claiming the lives of at least 42 people and destroying over 6,000 homes (1)(2).

In the spirit of community building at ShellCon we would like to encourage our attendees to donate to any organization that is actively engaged in Northern California Wildfires relief efforts. You may choose a charity of your choice; however, we’d recommend to follow this advice:

“Before you donate to a charity, make sure you know where your aid is going. The Center for International Disaster Information recommends checking with a charity monitoring organization like GiveWell, Charity Navigator, Charity Watch, or the Better Business Bureau before donating.” (3)

Here are some organizations we recommend:

Salvation Army: https://www.classy.org/checkout/donation?eid=149213
Red Cross: https://www.redcross.org/donate/donation (Select “California Wildfires” from drop-down)
DirectRelief: https://secure.directrelief.org/site/Donation2 (Select “California Wildfires” from drop-down)
Sonoma Humane: http://sonomahumane.org/fire/
Marin Humane: https://www.marinhumane.org/

We’d like to keep track of much our participants donate! Help us by reporting your donation at the Registration Desk. As a small token of our appreciation, we will be handing out one raffle ticket per every $20 dollar donation.

Sources:
(1)http://www.kfyrtv.com/content/news/UPDATE—Death-toll-from-California-fires-now-at-42-451445093.html
(2)http://www.npr.org/sections/thetwo-way/2017/10/18/558477133/a-thirds-of-californias-fire-evacuees-still-waiting-to-go-home
(3)http://abc7.com/take-action-how-to-help-north-bay-fire-victims/2515175/

All ShellCon participants are expected to follow the Code of Conduct outlined below. In short, be excellent to each other.

ShellCon is committed to creating a conference that is as diverse and inclusive as possible. We are dedicated to providing a harassment-free conference experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age or religion. We do not tolerate harassment of conference participants in any form.

Because of the nature of challenges facing the security industry today, there may be educational discussions at ShellCon which include some sexually explicit topics, images, and content. However, gratuitously explicit language or imagery for the sake of vulgarity is not appropriate for any ShellCon venue or event. Representatives at sponsorship booths are expected to meet the same standard of professionalism,a and the manifest of superfluous sexual appeal (in the manner of “Booth Babes”) is prohibited. Conference participants violating these rules may be sanctioned or expelled from the conference without a refund at the discretion of the conference organizers. Our full Code of Conduct can be found at: https://shellcon.io/code-of-conduct/

At 12:45 during lunch, Adam Brand will be presenting “Hacking Tech Interviews”, a career focused presentation.

Hacking Tech Interviews

Learn how to hack tech interviews to your advantage in this story-filled talk from an infosec consulting director who has conducted over 120 tech interviews in the past few years. There are a surprising number of people that aren’t aware of some key basic steps to take before, during, and after a tech interview to maximize their chances of success. First-hand accounts of interviews gone horribly wrong and ones that went surprisingly well will be shared, along with a summary of key learnings across the interviews.

Adam Brand Bio

Adam Brand has more than 17 years’ experience in information technology and security. He is a Director with Protiviti, where he helps companies secure their environments and also leads Protiviti’s medical device security practice. Related to this talk, Adam has given over 120 tech interviews in the past few years at Protiviti, and is a key tech interviewer for Protiviti’s Western region.

Bring your appetites to ShellCon this Thursday! We will have Mediterranean lunch for registered attendees at 12:30. Vegetarian options are available.

Here at ShellCon, we like food. Especially cake and ice cream.

Come join us at 3:50PM for ice cream, cup cakes, and talking to people about how good the ice cream and cupcakes are.

Time: 8PM

Did we mention we have a bonfire with pizza this year at ShellCon? That’s right, our after-party “Firetalks” are actually around a fire, on the beach!

Join us post-con at the Dockweiler RV park for pizza, soda/water and good times. No official talks or presentations are scheduled, but bring a beach chair, an appetite and a blanket (it can get cold at night) and enjoy the fireside conversations with your fellow attendees.

See the map below! Please note it will be dark by 8PM, and you will need to follow the LED lit path we will provide (outlined in red).

Christina Olson will present this micro workshop at 1600 – 1800 in the Hacker Village

Have you ever wanted to take apart android malware for yourself, or even just see what the inside of an APK looks like? In this workshop we will cover Android system concepts, compare uncompiled code with compiled and reversed code, and take apart an application using freely available tools. You’ll learn how to get the application off your phone, how to unpack an apk, decompile and interpret automatically reversed java code, and more.

A laptop is required.

Dan Crowley will be presenting this micro workshop at 1330 – 1530 in the Hacker Village!

Crypto bugs in 2017 are like SQL injection bugs in the 90s: They’re everywhere (even in the products of the biggest names in tech!), and they’re trivial to exploit given a little bit of know-how and the right tools. FeatherDuster is a tool meant to make breaking crypto easier and faster for noobs and experts alike. Come along and learn to brush away magical crypto fairy dust with FeatherDuster!

Participants should have FeatherDuster (https://github.com/nccgroup/featherduster) and socat installed, and will benefit from having a working knowledge of Python. A laptop is required.

Our full list of abstracts are available here!

Most of our speaker bios are also published (click on their name), with a few more coming soon!

We have a great con this year and we are really excited to see what the speakers bring.

Emily Chance

OSINT for Pen Tests

Emily is a consultant with moderately good OSINT skills and incredibly poor bio-writing skills. When not staring at text boxes wondering what to write, she watches horror movies or musicals with her dog and attempts to find more ways to automate her job.

Twitter: g_solaria

1 2