Page 46 - Cyber Warnings
P. 46
ShmooCon 2016 – Insights from the Trenches
By Brian Winkler, Solutions Architect, Hexis Cyber Solutions
-“How do you handle pass the hash attacks on NTLM or other non-salted hashing authentication
protocols?”
-“How would you catch file-less malware attacks?”
-“Unknown Variants?”
-“What about macro-malware campaigns which remain obfuscated even after payloads are
downloaded?”
These are the kinds of questions an exhibitor must be prepared to answer during a session at a
ShmooCon Conference, a three day hacker conference on the East Coast that has become so
popular, it sold out in 9 seconds this year. It’s not for the faint of heart. To quote one of my all-time
favorite, classic aviator movies, these are “the top 1%... the elite, the BEST of the best. We’ll make
you better”.
Well, ShmooCon doesn’t attract fighter pilots (and it’s arguably uncertain whether ShmooCon
makes them better or they make it better). These are cybersecurity experts: analysts, developers,
incident responders, pen-testers, White hat hackers… the ones on the front lines. Like Granger,
they are “the ones who get it done”… protecting American infrastructure, that is, from attack, theft,
exploitation, and espionage. I don’t know how they do it, really - eat, sleep, breath, and reverse-
engineer malware - but I’m glad they are on it.
Rewind 11 years… Don (Beetle) Bailey (distinguished member of “The Shmoo Group”, a forward-
thinking, non-profit security think-tank, founded by Bruce Potter in the late 1990s), is sitting around
with other Shmoo Group members and creators of “ShmooCon” (a real hacker conference for real
hackers). Soon after, Don would hand over the reins to Bruce & Heidi Potter (though Bruce humbly
admits Heidi runs the show).
Fast forward to January 2016. Today, Bruce Potter serves as CTO for Hexis Cyber Solutions’ sister
company, KEYW Corporation, and I’m enjoying an amazing talk called “The Road to SYSTEM –
46 Cyber Warnings E-Magazine – January 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
