It’s Conference Time…
July 23, 2010
The coming week is the big conference week of the year for us – Blackhat, Defcon and BSides. And it’s going to be a busy week.
Here’s the thing – even if you’re seriously committed, you can’t see everything. There’s overlap on most days and multiple tracks.
So… if you’re looking to be a better pen-tester, which talks should you make sure to see? I’ve put together a list of talks that I think will really benefit those of you who are looking to improve your hacking & pen-testing skills specifically…
July 28, 2010
Blackhat
Attacking Kerberos Deployments
Understanding the Windows SMB NTLM Weak Nonce vulnerability
Hacking Java Clients
Adventures in Limited User Post Exploitation
Social Networking Special Ops: Extending data visualization tools for faster Pwnage
BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing
SAP Backdoors: A ghost at the heart of your business
Mastering the Nmap Scripting Engine
BSides
Ryan Linn - Multi-Player MetaSploit
Dave Kennedy (Rel1K) – SET 0.6 release with special PHUKD Key
frank^2 – Fuck Tools, Do It yourself Jerk
Joshua “Jabra” Abraham – Fierce v2
July 29, 2010
Blackhat
Constricting the Web: Offensive Python for Web Hackers
Memory Corruption Attacks: The (almost) Complete History…
Breaking Browsers: Hacking Auto-Complete (turbo talk)
There’s a party at Ring0 (and you’re invited)
How I met your girlfriend
Hacking and protecting Oracle Database Vault
Hacking Browser’s DOM – Exploiting Ajax and RIA
Lord of the Bing: Taking back search engine hacking from Google and Bing
Advanced AIX Heap Exploitation Methods
BSides
Egyp7 – Beyond r57
HDM – Fun with VxWorks
Ray Kelly - A mechanics view of SQL injection
Defcon
Exploitable Assumptions Workshop
July 30, 2010
Defcon
SIE Passive DNS and the ISC DNS Database
Cloud Computing, a Weapon of Mass Destruction?
Who Cares About IPv6?
Token Kidnapping’s Revenge
Exploiting WebSphere Application Server’s JSP Engine
Like a Boss: Attacking JBoss
Hacking Oracle From Web Apps
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection
July 31, 2010
Defcon
Exploiting SCADA Systems
masSEXploitation
From “No Way” to 0-day: Weaponizing the Unweaponizable
Advanced Format String Attacks
Connection String Parameter Attacks
August 1, 2010
Defcon
Web Services We Just Don’t Need (By our own instructor Mike Bailey)
Powershell…omfg
So Many Ways to Slap A Yo-Ho:: Xploiting Yoville and Facebook for Fun and Profit
You Spent All That Money And You Still Got Owned…
SHODAN for Penetration Testers
Whew… what a list. We’re going to be busy gathering a whole bunch of info for new modules for THA members and putting together a huge amount of new content in August.
Thanks to my friend SecBarbie for the idea to do a talk schedule…
