We are proud to announce the following selection of talks and speakers for ShmooCon 2015.  Thanks again to everyone who submitted.


  • Don’t Look Now! Malicious Image Spam – Kathy Liszka
  • Userland Persistence on Mac OS X “It Just Works” – Joshua Pitts
  • SEWiFi: Building a Security Enhanced WiFi Dongle. – Ryan Holeman
  • Simple Windows Application Whitelisting Evasion – Casey Smith
  • Betting BIOS Bugs Won’t Bite Y’er Butt?- Xeno Kovah and Corey Kallenberg
  • Five Not-Totally-Crazy Ways to Build for Usability – Elissa Shevinsky


  • Understanding a New Memory Corruption Defense: Use-after-Free (UaF) Mitigation and Bypass – Jarod DeMott
  • The Windows Sandbox Paradox – James Forshaw
  • Manually Searching Advisories and Blogs for Threat Data – “Who’s Got Time for That?” – Elvis Hovor and Shimon Modi
  • Micronesia: Sub-kernel kit for Host Introspection in Determining Insider Threat – Loc Nguyen
  • Infrastructure Tracking with Passive Monitoring and Active Probing – Anthony Kasza and Dhia Mahjoub
  • Cockroach Analysis: A Statistical Analysis of the Flash and Java Files that Infest the Internet – David Dorsey
  • Practical Machine Learning – Terry Helms
  • No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap  – Andrew Morris
  • There’s Waldo! Tracking Users via Mobile Apps – Colby Moore and Patrick Wardle
  • The Joy Of Intelligent Proactive Security – Scott Behrens and Andy Hoernecke


  • 0wn the Con 
  • White is the New Black: Why White Data Really Matters – Irena Damsky
  • NaCl: A New Crypto Library – Daniel J. Bernstein and Tanja Lange
  • Knock Knock: A Survey of iOS Authentication Methods – David Schuetz
  • NSA Playset: USB Tools – Dominic Spill, Michael Ossmann, Jared Boone
  • The Dark Art of Data Visualization – David Pisano
  • httpscreenshot – A Tool for Both Teams – Steve Breen and Justin Kennedy
  • Automated Binary Analysis with Pin and Python – Omar Ahmed and Tyler Bohan
  • Eliminating Timing Side-channels. A Tutorial – Peter Schwabe
  • Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry – Kristen K. Greene, Joshua Franklin and John Kelsey 


  • Ask the EFF – Kurt Opsahl and Nate Cardozo
  • How Random is Your RNG – Meltem Sonmez Turan, John Kelsey, Kerry McKay
  • The Mile High Club: Getting Root at 40,000 Feet – Wesley Wineberg
  • Mascots, March Madness & #yogapants: Hacking goes to College – Aviel Rubin, Zack Allen, Chris Cullison
  • Deception for the Cyber Defender: To Err is Human; to Deceive, Divine – Tom Cross, Dave Raymond, Greg Conti
  • Rethinking Security’s Role in Computer Science Education – Sarah Zatko
  • The Internet of TR-069 Things: One Exploit to Rule them All – Lior Oppenheim and Shahar Tal
  • Quantum Computing 01100101 – Tess Schrodinger
  • Where the Wild Things Are: Encryption, Police Access & the User – Whitney Merrill
  • Analysis of POS Malware – Brandon Benson