27 January 2015

Conference Recap Shmoocon 2015

Andre Gerard

It has been a week since our team returned from ShmooCon and had a chance to digest all the great things we observed over the few days of the conference.

For those that don’t know, ShmooCon is “an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions”.

Synack was proud to attend, present and sponsor ShmooCon 2015 as well as take two Synack Red Team members and three lucky Twitter users.

While everyone enjoyed the opportunity to connect with great people they may have never met before in person and/or catching up with friends from years past, others expressed how they enjoyed the wireless CTF and ShmooCon Fire Talks. Some also learned about an SSH Ranking project and others spent time looking for the rogue cell basestation guys who either didn’t show up this year or have gotten much sneakier.

The talk presented by Synack, “There’s Waldo! Tracking Users via Mobile Apps” (Colby Moore and Patrick Wardle), presented a case study detailing how we were able to track tens of thousands of users actual locations in real-time, determine pattern of life, and subsequently determine true identities. Using a targeted approach we showed just how easy it might be to reveal the identity of and track your favorite athlete, politician, or movie star. The talk was presented to a packed room, and was very well received.

At the con we received an overwhelming amount of interest from the security community. Some just curious about what Synack is all about, others itching to join. Bottom line, the vetted researcher / crowd sourced model seemed to resonate very well. Our 3D printer giveaway helped drive continuous traffic to our booth, and we couldn’t ask for more than a booth full of curious hackers asking the difficult questions about why we are different / what makes us the top dogs and ultimately looking to join our Red Team!

As part of the raffle, we asked people what would be the first thing they would create if they were to win the 3D printer and the results are too good to not share. We’ve grouped them by topic area – enjoy and see you next year!

shmoocon graphic