Editor's Picks

Best Talks at ShmooCon XX (Final)

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at ShmooCon XX (Final)

  1. 1

    A Commencement into Real Kubernetes Security

    Jay Beale, Mark Manning

    In "A Commencement into Real Kubernetes Security," Mark Manning and Jay Beale challenge conventional wisdom surrounding Kubernetes security, urging practitioners to shift their focus from theoretical, "scariest" threats to practical, real-world attack vectors. The talk…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  2. 2

    Pages from a Sword-Maker's Notebook pt. III, "The cursed blade"

    Vyrus

    In "Pages from a Sword-Maker's Notebook pt. III, 'The cursed blade'," security researcher Vyrus unveils a compelling narrative of how he ingeniously transformed an open-source **Mimikatz packer** into an intelligence-gathering instrument. The talk, delivered at ShmooCon…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  3. 3

    Attacking Classified Safes and Vaults from the Cold War to Now

    Deviant Ollam

    In "Attacking Classified Safes and Vaults from the Cold War to Now," renowned physical security expert Deviant Ollam takes the ShmooCon audience on a captivating journey through the clandestine history and modern realities of breaching secure containers. Drawing from his…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  4. 4

    Taking Over Millions of Accounts from Abandoned Startups

    Dylan Ayrey

    This talk, presented by Dylan Ayrey at ShmooCon, exposes a critical vulnerability in the widespread "Login with Google" **OAuth** implementation that allows attackers to take over millions of user accounts associated with defunct startups. Ayrey demonstrates how, by acquiring…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  5. 5

    Our Time in a Product Review Cabal: And All the Malware and Bugs that Came With It

    Adam Schaal, Matt Virus

    In "Our Time in a Product Review Cabal: And All the Malware and Bugs that Came With It," Adam Schaal and Matt Virus pull back the curtain on the murky world of online product reviews and the surprisingly prevalent security risks lurking within the cheap, cloud-connected devices…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  6. 6

    Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government Regulation

    Andy Sellars, Mike Specter

    In "Software Screws Around, Reverse Engineering Finds Out," Andy Sellars and Mike Specter deliver a compelling argument about the critical, yet often unacknowledged, role of independent, adversarial security research in shaping government regulation and consumer protection in…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★
  7. 7

    The Cost of an Incident

    Amanda Draeger

    In "The Cost of an Incident," Amanda Draeger, a Cyber Risk Engineer, dissects the multifaceted financial implications of cyber incidents, offering a critical perspective for security professionals struggling to justify investments to organizational leadership. Drawing from her…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★
  8. 8

    The Unethical Engineer's Guide to Event Ticket Acquisition

    Karl Koscher

    In "The Unethical Engineer's Guide to Event Ticket Acquisition," Karl Koscher delivers a thought-provoking and technically rich presentation on the various sophisticated methods that could be employed to bypass the anti-bot measures of high-demand event ticketing systems…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆
  9. 9

    Building and Hacking USB with FPGAs

    Michael Ossmann

    In this ShmooCon talk, Michael Ossmann, founder and CTO of Great Scott Gadgets, delves into the evolution and application of open-source tools and hardware for building and hacking USB devices using **Field-Programmable Gate Arrays (FPGAs)**. The presentation traces a decade of…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆
  10. 10

    Modern-day SOC Evolution from Open Source to Unlimited Budget

    Grifter, pope

    In this insightful ShmooCon talk, "Modern-day SOC Evolution from Open Source to Unlimited Budget," Grifter (Neil Wier) and Pope offer a comprehensive look at the essential components of a robust modern Security Operations Center (SOC). Drawing from over two decades of…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★
  11. 11

    The Permission Slip Attack — Leveraging a Confused Deputy in Android with 'pSlip'

    Edward Warren

    Edward Warren's ShmooCon 2025 talk, "The Permission Slip Attack," unveils a critical vulnerability pattern in Android applications that leverages the **confused deputy** problem. This attack allows an unprivileged, malicious application to coerce a trusted, privileged…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★
  12. 12

    Windows Projected File System — The Reality Stone

    Casey Smith

    In his ShmooCon talk, "Windows Projected File System — The Reality Stone," renowned security researcher Casey Smith introduced a novel and powerful defensive technique leveraging the **Windows Projected File System (PFS)**. This often-overlooked, built-in Windows feature allows…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★

View all talks at ShmooCon XX (Final) →