LLMpediaThe first transparent, open encyclopedia generated by LLMs

ShmooCon

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cult of the Dead Cow Hop 4
Expansion Funnel Raw 82 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted82
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
ShmooCon
NameShmooCon
StatusActive
GenreTechnology conference
FrequencyAnnual
VenueVaries (United States)
LocationUnited States
First2005
OrganizerThe Shmoo Group
Attendance~1,500 (varies)

ShmooCon ShmooCon is an annual technology conference focused on computer security, network defense, hardware research, and privacy. Founded in 2005, it brings together researchers, practitioners, activists, and enthusiasts for technical presentations, hands-on workshops, and community-driven events. The conference is run by a volunteer collective and emphasizes practical demonstrations, open discussion, and the exploration of offensive and defensive techniques relevant to information security.

History

ShmooCon was founded in 2005 by members of The Shmoo Group, an informal collective of security researchers with ties to earlier gatherings and publications in the hacking community such as 2600: The Hacker Quarterly, DEF CON, Black Hat Briefings, HOPE (conference), and Chaos Communication Congress. Early editions positioned the event alongside regional meetings like BSides and national forums including RSA Conference and OWASP Global AppSec, creating a distinct niche for blue‑team and red‑team demonstrations. Over the years, the event has featured speakers and contributors connected to organizations and movements such as Electronic Frontier Foundation, EFF, Tor Project, OpenBSD, FreeBSD, Linux Foundation, Mozilla Foundation, SANS Institute, CERT/CC, USENIX Association, and various university research labs.

ShmooCon’s timeline includes growth in attendance, diversification of tracks, and responses to policy debates involving surveillance and disclosure practices exemplified by controversies around Vulnerabilities Equities Process, WannaCry, Stuxnet, and public discussions involving agencies like NSA, GCHQ, FBI, and DoD. Significant moments have included panels on disclosure ethics paralleling debates seen at Black Hat USA and community-led efforts echoing initiatives from DEF CON Groups and BSides Conferences.

Organization and Format

The conference is produced by The Shmoo Group, a volunteer collective whose membership overlaps with contributors to Shmoo, Phrack, 2600, and independent research groups. Operations typically mirror nonprofit conference models seen at Chaos Communication Camp and NLnet Labs—with volunteer staffing, ticket lotteries, and code-of-conduct policies influenced by standards from IEEE and ACM.

Venue selection and logistics have placed the event in major U.S. cities with infrastructure comparable to those used by Convention Center venues that host DEF CON, RSA Conference, and Black Hat USA. ShmooCon employs a program committee and speaker review process analogous to academic peer review practices at USENIX Security Symposium, ACM CCS, IEEE S&P, and NDSS Symposium. Financially, the conference balances sponsorship models similar to Google, Microsoft, Facebook, and smaller vendor participation, while maintaining independence through community donations and merchandise sales.

Programming and Tracks

Programming typically spans multiple tracks, including exploit development, wireless and RF research, embedded systems, privacy tools, and operational security. Track themes often intersect with work presented at ACM SIGCOMM, IEEE INFOCOM, Black Hat Arsenal, REcon, and Chaos Communication Congress. Workshops provide hands-on instruction in topics tied to projects such as Metasploit Framework, Wireshark, Burp Suite, Aircrack-ng, Ghidra, radare2, and OpenWRT.

Special tracks and villages have mirrored community initiatives found at DEF CON, for example hardware labs akin to Hardware Hacking Village, lockpicking sessions inspired by DEF CON Lockpicking Village, and privacy booths resembling Tor Project meetups. Call-for-papers (CFP) cycles, lightning talks, and demo tables encourage a mix of full-length presentations, short talks, and live demonstrations similar to programming at BSides and ShmooCon-like regional events.

Notable Talks and Workshops

Over its history, the conference has hosted influential talks and workshops touching on vulnerabilities, protocol analysis, and real-world exploit chains. Presentations have examined topics comparable to disclosures at Black Hat USA and USENIX Enigma, such as supply-chain threats reminiscent of Operation Aurora, firmware exploitation parallels to research on Stuxnet, and side-channel analysis like work showcased at CHES. Speakers and authors have included researchers affiliated with institutions such as MIT, Stanford University, Carnegie Mellon University, University of California, Berkeley, and private labs associated with Google Project Zero and independent research outfits.

Hands-on workshops have taught reverse engineering techniques using tools related to Ghidra, dynamic analysis methods like those in Valgrind and DynamoRIO, and hardware teardown practices reflecting methodologies from iFixit contributors. Notable demonstrations have also covered practical privacy tools including implementations tied to Tor Project, Signal (software), and anonymity techniques paralleling academic work in PETs.

Community and Culture

The conference culture emphasizes openness, responsible disclosure, and peer mentorship, with a social atmosphere comparable to gatherings such as DEF CON, BSides, HOPE (conference), and regional Chaos Communication Congress meetups. Community norms draw from hacker ethics found in publications like 2600: The Hacker Quarterly and movements associated with Electronic Frontier Foundation activism. Social programming includes challenges, capture-the-flag (CTF) style puzzles similar to events at DEF CON CTF, meetups with authors of influential works such as those from No Starch Press, and charity drives akin to initiatives by Hackers for Charity.

The volunteer-driven structure fosters collaboration between independent researchers, academic teams, and corporate security groups from companies like Google, Microsoft, Facebook, Amazon (company), and security vendors, while maintaining a DIY ethos shared with Maker Faire communities.

Attendance and Impact

Typical attendance ranges in the low thousands, drawing participants from security teams, incident response units, academic labs, independent researchers, and hobbyists. The event has influenced industry practices and awareness through demonstrations that informed patching priorities in vendors such as Cisco Systems, Microsoft, Apple Inc., Intel, AMD, and Qualcomm. Research presented at the conference has been cited in follow-up work at venues like IEEE S&P, ACM CCS, and USENIX Security Symposium, and has contributed to public conversations involving policymakers and standards bodies including IETF and NIST.

ShmooCon’s blend of technical depth, community engagement, and practical demonstrations continues to shape the ecosystem of computer security conferences, inspiring regional initiatives and contributing to collective knowledge shared across academic, commercial, and activist spheres.

Category:Computer security conferences