Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: vegas

Vegas Baby!

It’s been an odd year so far… the blog has been quiet, and I’ve stepped back a little due to personal reasons over the past few months. Still, it’s overdue time for the summer cons, and this years trivector of chaos (BSidesLV, Blackhat and Defcon) is looking to be the biggest yet.

This will be my 4th trip to Las Vegas, and one thing I learnt from my first visit was to “throw the plans out the window!”. I spent far too long planning each and every aspect of my trip that first year, and as a result I missed out on a lot of things. Still, live and learn eh!

There will (almost) always be the chance to go back and watch the videos from most presentations (excluding those from Skytalks and the underground track at BSidesLV). So take time to meet people, talk shop and discuss things. One of my big goals this year is to meet new people… so say hi if  you see me. I only bite when provoked ;)

Instead of setting things in stone I wanted to pick a couple of talks I really want to hit when in Vegas. So, without further ado, here’s my top talks to attend… it’s a short list, so don’t take offence if you’re talks not on it. Sorry….

- BSidesLV -

Top Picks:

  • Empirical Exploitation (HD Moore)
  • Burp Suite – Informing the 99% of What the 1%’ers Are Knowingly Taking Advantage Of (James Lester & Joseph Tartaro)
HD always puts on a good show, so I’m interested to see what comes out from his bag of crazy this year. The Burp Suite talk also looks to be interesting. Like many I spend a good deal of my life stuck in Burp Suite, so anything that can be done to expand and improve is a good thing in my book!

Bonus Round:

  • Breaking Microsoft Dynamics Great Plains – An Insider’s Guide (David Keene)

I have a soft spot for Microsoft Dynamics, as my girlfriend is an AX programmer… What can I say ;)

Note:

BSidesLV has an entire track (underground) that won’t be recorded or discussed in the press… if you can, these are probably some of the best talks to see. Unedited, raw, and unapologetic!

- Blackhat -

Due to Blackhat and BSidesLV taking place at the same time I’m not sure how long I’ll have to look around and see talks. Still, if possible I want to swing by and catch at least one talk…

Top Picks:

  • SexyDefense – Maximizing the home-field advantage (Iftach Ian Amit)
  • Confessions of a WAF Developer: Protocol-Level Evasion of Web Application Firewalls (Ivan Ristic)
I’m interested to see where Ian has gone with this since discussions (started?) in Cali last year. Sexy Defense has been talked about a lot, so I hope to see some actionable pointers.

Bonus Round:

  • iOS Security (Dallas De Atley)

How can I not put Apple’s official talk on the list… although I’m not heavy into iOS or mobile, I’m interested to see what Apple talk about, given their historic silence on anything even remotely security related!

- Defcon 20 -

Defcon turns 20… almost old enough to get wasted and wake up in its own vomit! Still, this year looks like it’s going to be fun.

Top Picks:

  • Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface (Charlie Miller)
  • Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol (Martin Gallo)
  • Weaponizing the Windows API with Metasploit’s Railgun (David ‘thelightcosine’ Maloney)

SAP, NFC and Metasploit… what’s not to love!

Bonus Round:

Note:

Skytalks are a side area where unrecorded presentations take place. Last year it was home to some of the best presentations of the con… if you take the time to see just one talk, make it something from Skytalks!

Hope to see you in Vegas!

Blackhat/BSides/DefCon

I’ve been putting off my selections for this years Blackhat/Bsides/DefCon for as long as I could for a number of reasons. The biggest is, that I have absolutely no idea where I should be and what I should be trying to see. As if things weren’t already confusing enough, this years conferences schedules are even more packed than last years. More tracks at Blackhat, and the addition of BSides (which I totally missed last year).

Still, I guess it’s about as late as it can be, and it’s time to put down a few key presentations that I hope to see. I’m going to limit myself to 3 per conference, as after last year, I know that seeing that talks isn’t as easy as it seems ;)

  • Ivan Ristic: State of SSL on the Internet: 2010 Survey, Results and Conclusions Routers
  • Nathan Hamiel, Marcin Wielgoszewski: Constricting the Web: Offensive Python for Web Hackers
  • Barnaby Jack: Jackpotting Automated Teller Machines Redux

  • Dave Kennedy (Rel1K): SET 0.6 release with special PHUKD Key
  • frank^2: Fuck Tools, Do It yourself Jerk
  • Frank Breedijk, Ian Southam: The road to hell is paved with best practices

  • Ed Schaller: Exploiting WebSphere Application Server’s JSP Engine
  • Joseph McCray: You Spent All That Money And You Still Got Owned…
  • Chema Alonso, José Palazón “Palako”: FOCA2 – The FOCA Strikes Back

I’ll be in town a few days before the conference to take part in some training… so if anybody is about and wants to catchup for some drinks, just shoot me a message.

Looking forward to seeing you all in Vegas…

Follow

Get every new post delivered to your Inbox.

Join 120 other followers