It’s been an odd year so far… the blog has been quiet, and I’ve stepped back a little due to personal reasons over the past few months. Still, it’s overdue time for the summer cons, and this years trivector of chaos (BSidesLV, Blackhat and Defcon) is looking to be the biggest yet.
This will be my 4th trip to Las Vegas, and one thing I learnt from my first visit was to “throw the plans out the window!”. I spent far too long planning each and every aspect of my trip that first year, and as a result I missed out on a lot of things. Still, live and learn eh!
There will (almost) always be the chance to go back and watch the videos from most presentations (excluding those from Skytalks and the underground track at BSidesLV). So take time to meet people, talk shop and discuss things. One of my big goals this year is to meet new people… so say hi if you see me. I only bite when provoked 😉
Instead of setting things in stone I wanted to pick a couple of talks I really want to hit when in Vegas. So, without further ado, here’s my top talks to attend… it’s a short list, so don’t take offence if you’re talks not on it. Sorry….
– BSidesLV –
- Empirical Exploitation (HD Moore)
- Burp Suite – Informing the 99% of What the 1%’ers Are Knowingly Taking Advantage Of (James Lester & Joseph Tartaro)
HD always puts on a good show, so I’m interested to see what comes out from his bag of crazy this year. The Burp Suite talk also looks to be interesting. Like many I spend a good deal of my life stuck in Burp Suite, so anything that can be done to expand and improve is a good thing in my book!
- Breaking Microsoft Dynamics Great Plains – An Insider’s Guide (David Keene)
I have a soft spot for Microsoft Dynamics, as my girlfriend is an AX programmer… What can I say 😉
BSidesLV has an entire track (underground) that won’t be recorded or discussed in the press… if you can, these are probably some of the best talks to see. Unedited, raw, and unapologetic!
– Blackhat –
Due to Blackhat and BSidesLV taking place at the same time I’m not sure how long I’ll have to look around and see talks. Still, if possible I want to swing by and catch at least one talk…
- SexyDefense – Maximizing the home-field advantage (Iftach Ian Amit)
- Confessions of a WAF Developer: Protocol-Level Evasion of Web Application Firewalls (Ivan Ristic)
I’m interested to see where Ian has gone with this since discussions (started?) in Cali last year. Sexy Defense has been talked about a lot, so I hope to see some actionable pointers.
- iOS Security (Dallas De Atley)
How can I not put Apple’s official talk on the list… although I’m not heavy into iOS or mobile, I’m interested to see what Apple talk about, given their historic silence on anything even remotely security related!
– Defcon 20 –
Defcon turns 20… almost old enough to get wasted and wake up in its own vomit! Still, this year looks like it’s going to be fun.
- Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface (Charlie Miller)
- Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol (Martin Gallo)
- Weaponizing the Windows API with Metasploit’s Railgun (David ‘thelightcosine’ Maloney)
SAP, NFC and Metasploit… what’s not to love!
Skytalks are a side area where unrecorded presentations take place. Last year it was home to some of the best presentations of the con… if you take the time to see just one talk, make it something from Skytalks!
Hope to see you in Vegas!