This information is from a previous year. Please visit for up to date information.

  • The registration for all workshops will open up on 9/26 @ 10am PDT.
  • Workshop registration is free, but is only open to currently registered ShellCon attendees.
  • You will need the Order ID that was sent to you in the Order Confirmation email from
  • Workshop registrations without a valid Order ID will be canceled and someone from the waitlist will be selected.
  • Once your workshop registration has been validated, you will receive a confirmation via email.
  • Workshops will be held in Salons C and D at the end of the main hallway.
  • Please arrive 30 minutes before the workshop's scheduled start time to be checked in.
  • At 15 minutes before the start time, available seats will be filled from those present with preference given to those on the waitlist.
  • Track C: Friday 0800-1200

The major cause of API and web application insecurity is insecure software development practices. This highly intensive and interactive 4-hour seminar will provide essential application security training for web application and API developers and architects.

The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

Our focus will be web application security basics.

  • OWASP Top Ten 2017
  • OWASP Top Ten Proactive Controls v3
  • OWASP ASVS 4.0
Reg Closed

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences...
Read More

  • Track D: Friday 0800-1200

This workshop will take student’s Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and malicious network traffic analysis. We will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Placement, techniques, and collection of network traffic will be discussed in detail. Throughout the workshop, we’ll examine what different attacks and malware look like in Wireshark. Students will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and a potential breach to the network. There will be plenty of take home labs for additional practice.

Reg Closed

Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments,...
Read More

  • Track C: Friday 1300-1700

Introduction to Linux Memory Corruption is an introductory workshop aimed at teaching students the basics of reverse engineering and exploiting stack based overflows on modern systems (AMD64). This workshop is aimed at students with no prior reverse engineering or exploitation experience and takes them through writing their first memory corrupting exploit.


  • Experience writing and reading code (C/C++/assembler preferred)
  • Linux computer or Linux virtual machine
  • Understanding of common numbering systems including base 2, 10, and 16
  • All required software installed (list to be sent out before class)


  • Experience using a debugger and/or disassembler
  • Experience reading and/or writing assembly for at least one architecture
  • Understanding of common calling conventions
  • Understanding of memory segments and allocation

Please come to the workshop with the following already set up and ready to go. There will not be time during the workshop to complete these setup tasks.

  • x86_64 Linux VM or system (preferably kali) NOTE: THIS MUST BE A 64BIT DISTRO AND COMPUTER
  • Linux man pages (man 2 and 3)
  • Make sure the following software is installed: nasm, gdb, objdump, readelf
  • Install gef with gdb and verify that it works
Reg Closed

Joe is a member of the Red Team at Verizon Media where he plots world domination and builds offensive tooling. He has a passion for reverse engineering, exploitation, teaching, and...
Read More

  • Track D: Friday 1300-1700

Many cryptographic exploits require little to no understanding of math, but cryptography’s reputation as an impenetrable Gordian knot of arcane symbols and proofs (thanks, academics) keeps many capable application security professionals from even TRYING to understand cryptography.

Consider the replay attack: capture an encrypted message and send it again, with catastrophic results, if, for instance, the message means “transfer $100 from my bank account to yours.” If you understood that, congratulations, you’ve just learned one way to attack modern cryptosystems. Come learn about more attacks that don’t take math chops to understand, and learn to use attack tools for the attacks that do!

Reg Closed

Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel...
Read More

  • Track C: Saturday 0800-1200
  • Slides

Wireless devices are becoming exceedingly prevalent in our homes and offices. Many companies are making a switch to wire-free workplaces for the sake of convenience and cost. But how safe are these devices and connections, and how do hackers go about breaking into wireless systems? This course will explore some basic concepts of radio frequencies and associated wireless security topics through a lightning series of content presentation, demos, and hands-on labs. If you bought that Alfa card but haven’t got around to learning how to use it yet, this is the class for you. We will cover exploits for Wi-Fi, Bluetooth, RFID, and 2.4 GHz wireless mice, along with exploring software defined radio and topics for further individual research.

Course Requirements:

  • Laptop (recommend running Windows bare-metal, with VMware and enough disk space / memory for a virtual instance of Kali)
  • iOS or Android mobile device with the free nRF Connect application installed

Someone without any special equipment should still gain a deep perspective on the topics to be covered however the following equipment will be useful:

  • Wi-Fi: Wireless adapter capable of packet injection and monitor mode (recommend Alfa awus036ach)
  • BLE: Nordic NRF52840-DONGLE, Optional Ubertooth One
  • 2.4 HID: Nordic NRF52840-DONGLE (recommend having a second dongle since the reflashing process may limit device functionality)
  • Optional: CrazyRadio PA dongle
Reg Closed

Maxine is a US Army Veteran, currently attending the University of Washington – Tacoma as a Senior pursuing a degree in Information Assurance and Cybersecurity. She has experience as a...
Read More

  • Track D: Saturday 0800-1200

Defenders, this training will show you common Group Policy Security misconfigurations and how to mitigate them. Red Teamers, if you’re looking for a new way to get Domain Admin, this is for you as well. Hands-on demos are included to give you a chance to practice what you’ve learned.

Students must have a laptop with virtualization software (VirtualBox, VMware Workstation, etc.) and at least 40GB of drive space free. A basic understanding of Active Directory, PowerShell, Group Policies, and authentication concepts is helpful but not required.

Reg Closed

Hudson Bush is a Security Architect that injects Threat Modeling into everything he does. He mostly works with Government Regulatory Compliance, Risk Management, and Business Impact Analysis. His goal is...
Read More

  • Track C: Saturday 1300-1700

Hands-on exercise setting up a lab for stimulus-response based alert writing using the free version of Splunk as a SIEM. Includes installation of Splunk log forwarder, Splunk Enterprise GUI console, log forwarding configuration, log normalization, stimulus-response activities, log review, and alert writing. Methodology good for Blue Teams looking to build alerts based on actual attack output; good for Red Teams looking to understand the output from their activities.


VirtualBox VMs will be provided with networking pre-configured. Hands-on familiarity with basic *nix command line strongly encouraged. Enough CPU/RAM to support at least 1 VM, either *nix or Windows, whichever is least similar to the host OS.

Reg Closed

Mary Cordova has worked in the threat detection and response space for various industry leaders in gaming, media, and entertainment. She lurks around several L.A. based infosec communities.

Read More
  • Track D: Saturday 1300-1700

This is Studly McBeefy’s and Beefy McStudly’s PowerShell workshop. The aim of this workshop is to get you competent in PowerShell quickly. There are no quirky gimmicks or “master class” shenaniganry here. Our approach is simple; we’ll walk through a bunch of things you should know and see what happens. If you’re the curious type you’ll dig deeper in each area on your own. If not, you should still be able to fumble though quite a bit. At the end of it all you should be able to read a lot of the PowerShell out there, and be able to churn out simple code to accomplish a wide range of tasks.

Reg Closed

Pookiebear is an Incident Responder at a leading healthcare provider. He has several years of experience using scripting to solve business, technology, and operational problems.

Read More

StudlyBeefyMcBeefyStudly is many things — DEF CON Goon, Chaotic Neutral Troublemaking Aficionado, Fornax Coversapien, Principal Systems Engineer, Raging Alcoholic, Firestarter… The list goes on. They have spent nearly 20 years...
Read More

© 2019 ShellCon