ShmooCon and The Shmoo Group are pleased to announce (most of) the speakers for ShmooCon 2018.  We’re still waiting to get final confirmation from just a few folks, but here’s all the folks who promised to be there in January so far.

We’ll get bios and abstracts posted soon and watch for that schedule to be updated in the next week or so as well.


  • The Friedman Tombstone – A Cipher in Arlington National Cemetery – Elonka Dunin
  • Your Cerebellum as an Attack Surface: How Does the Brain Stay Secure? – Avani Wildani
  • Pseudo-Doppler Redux – Michael Ossmann, Schuyler
  • Running a Marathon Without Breaking a Sweat? Forensic Manipulation of Fitness App Data. – Mika Devonshire
  • Don’t Ignore GDPR; It Matters Now! – Thomas Fischer
  • Tap, Tap, Is This Thing On? Testing EDR Capabilities – Casey Smith


  • Embedded Device Vulnerability Analysis Case Study Using TROMMEL – Kyle O’Meara, Madison Oliver
  • ODA: A Collaborative, Open Source Reversing Platform in the Cloud – Anthony DeRosa, Bill Davis
  • Opening Closed Systems with GlitchKit – Kate Temkin, Dominic Spill
  • When CAN CANT – Tim Brom, Mitchell Johnson
  • OK Google, Tell Me About Myself – Lisa Chang
  • Building a GoodWatch – Travis Goodspeed
  • SIGINT on a budget: Listening in, gathering data and watching — for less than $100 – Phil Vachon, Andrew Wong
  • 0wn the Con


  • CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency – Ian Foster
  • afl-unicorn: Fuzzing the ‘Unfuzzable’ – Nathan Voss
  • Better Git Hacking: Extracting “Deleted” Secrets from Git Databases with Grawler – Justin Regele
  • radare2 in Conversation – Richard Seymour


  • Getting Cozy with OpenBSM Auditing on MacOS …the Good, the Bad, & the Ugly – Patrick Wardle
  • Profiling and Detecting all Things SSL with JA3 – John Alhouse, Jeff Atkinson
  • Catch Me If You Can: A Decade of Evasive Malware Attack and Defense – Alexei Bulazel Bulent Yener
  • Securing Bare Metal Hardware at Scale – Paul McMillan, Matt King
  • The Background Noise of the Internet – Andrew Morris
  • Deep Learning for Realtime Malware Detection – Domenic Puzio, Kate Highnam
  • Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale – Mike Flossman, Eva Halperin, Cooper Quintin
  • Defending Against Robot Attacks – Brittany Postnikoff


  • Someone is Lying to You on the Internet – Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions – Leah Figueroa
  • AWS Honey Tokens with SPACECRAB – Dan Bourke
  • Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs – Lauren Deason
  • Bludgeoning Bootloader Bugs: No Write Left Behind – Rebecca Shapiro


  • Electronic Voting in 2018: Threat or Menace – Matt Blaze, Joe Hall, Margaret MacAlpine, Harri Hursti
  • Do as I Say, Not as I Do: Hacker Self Improvement and You. – Russell Handorf
  • Hacking the News: an Infosec Guide to the Media, and How to Talk to Them. – Sean Gallagher, Steve Ragan, Paul Wagenseil
  • Pages from a Sword-Maker’s Notebook pt. II – Vyrus
  • Building Absurd Christmas Light Shows – Rob Joyce
  • CITL – Quantitative, Comparable Software Risk Reporting – Sarah Zatko, Tim Carstens, Parker Thompson, Peiter “Mudge” Zatko, Patrick Stach
  • IoT RCE, a Study With Disney – Lilith Wyatt
  • This Is Not Your Grandfather’s SIEM – Carson Zimmerman


  • A Social Science Approach to Cybersecurity Education for all Disciplines – Aunshul Rege
  • Listing the 1337: Adventures in Curating HackerTwitter’s Institutional Knowledge – hex waxwing, Daniel Gallagher
  • Skill Building By Revisiting Past CVEs – Sandra Escandor-OKeefe