Friday, January 12, 2024
Time One Track Mind
1200 Registration Opens

Opening Remarks, Rumblings, Ruminations, and Rants

1530 TaskMooster
1600 I Can LTE Even… [MVP edition]


1630 Tobacco 2.0: When Money Buys the Truth & the Outcome

Libby Liu and Joan Donovan

1700 DNS is Still Lame: Why it’s a problem and what we can do about it

Ian Foster

1730 A Legal Defense Fund for Hackers

Harley Geiger and Charley Snyder

1800 Why We Need to Stop Panicking About Zero-Days

Katie Nickels

1845 Registration Closes


Saturday, January 13, 2024
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000 Groovy X-Ray Reverse Engineering like it’s the 70s

Aleksandar Nikolic and Travis Goodspeed

FedRAMP is Broken (And Here’s How to Fix It)

Shea Nangle and Wendy Knox Everette

Hack the Planet Gently With a Code of Practice

Leonard Bailey, Harley Geiger, Katie Moussouris, Casey Ellis, and Jen Ellis (moderator)

1100 FuzzLLM: Fuzzing Large Language Models to Discover Jailbreak Vulnerabilities

Ian G. Harris and Marcel Carlsson

Ewe Cant Trusst Yore Eers: An Overview of Homophone Attacks

Aaron Brown

The Cosmic Turtle of Code:
It’s graphs all the way down

Mark Griffin

1200 Back (45 Years?) in the USSR: Exploring the Russian Elbrus Architecture (With a 25-year-old Exploit!)


Breaking HTTP Servers, Proxies, and Load Balancers Using the HTTP Garden

Ben Kallus and Prashant Anantharaman

Driving Forward in Android Drivers: Exploring the future of Android kernel hacking

Seth Jenkins

1300 Break
1400 Hacking Network APIs

Dan Nagle

Tracking the World’s Dumbest Cyber-Mercenaries

Eva Galperin

Hi My Name is Keyboard

Marc Newlin

1430 Improving Red Team Maturity Through Red Team as Code (RTaC)

Jack (Hulto)

14 Questions Are All You Need

Carson Zimmerman

1500 Going Meta–Pulling Info from Encrypted Radios

Luke Berndt

NTLMv1-SSP DES Mechanics Explained

EvilMog (Dustin Heywood)

Intel is a Fallacy, But I May Be Biased

Andy Piazza (klrgrz)

1515 No, SBOM Will Not Solve All Your Software Supply Chain Problems

Andrew Hendela

1530 Attacking Web Applications With JS-Tap

Drew Kirkpatrick (hoodoer)

Building Canaries with ELK and ElastAlert

Andrew Januszak

Lean, Developer-Friendly Threat Modeling

Falcon Darkstar Momot

1545 Hacking the Planet (Under Glass)

Rich Wickersham

1600 Cache Crashers: Exploiting and Detecting Vulnerabilities in Memcached

Bryan Alexander

Level Up

Kirsten Renner

You Wouldn’t Scrape the Internet to Make an LLM: Law and Policy of Scraping the Ago of AI

Kurt Opsahl

1615 Sobriety Hacks! Unleashing the Power of Incremental Change

Jennifer VanAntwerp

1630 Exploitable Security Architecture Mistakes We Just Keep Making


“About Time” to Peak Into CN eCrime Ecosystem

Mao Sui

Backtrace in Time: Revealing Attackers’ Sleep Patterns and Days Off in RDP Brute-Force Attacks with Calendar Heatmaps

Andréanne Bergeron

1700 0wn the Con

The Shmoo Group

Blue2thprinting (blue-[tooth)-printing]: Answering the question of ‘WTF am I even looking at?!’

Xeno Kovah

AI Enhanced Hacks: Model in the Middle

Ryan Ashley and Ari Chadda

1815 Registration Closes

Saturday Night Fun

Sunday, January 14, 2024
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000 Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS

Dillon Franke

More Money, Fewer FOSS Security Problems? The Data, Such As It Is

John Speed Meyers, Sara Ann Brackett, and Stewart Scott

Bad Romance: The TTPs of “pig butchering” scammers

Sean Gallagher

1100 BBOT: The Dangers and Rewards of Building a Recursive Internet Scanner

TheTechromancer (Joel Moore)

War Planning for Tech Companies

Greg Conti and Tom Cross

CISO Risk Dumpster Fires: SEC Turns Up the Heat

Liz Wharton, Danette Edwards, and Cyndi Gula

1200 Unlocking Enterprise-scale Security Visibility

Eknath Venkataramani and Frank Olbricht

Summiting the Pyramid (of Pain)

Michaela Adams, Roman Daszczyszak, and Steve Luke

Network Layer Confusion: Fun at the boundaries

Joshua DeWald

1300 TaskMooster

Closing Remarks

1500 End of Con – See You Next Year!