After 5 years, I have finally added a contributing writer to the blog. MJ Power (aka Mike Morton) is a good friend and fellow founder of NTO. Mr. Power and I created NTOSpider together, with me leading up the vision and him being the real C++ master and architect. After 9 years of NTOSpider development Mr. Power is ready to lend some of his experience and thoughtfulness to this blog and its readers.
Blackhat: Already kicked off and there are a number of good talks this year. I recommend the picks from Veracode for those going to Blackhat. As usual its unlikely that I will be attending any talks at Blackhat because I have so many meetings throughout the day.
B-Sides: Last year I kept hearing about all the great discussions going on at the mansion, and was very bummed that I didnt get time over there.
This year I decided that NTO needed to help out in any way it could, so we are sponsoring breakfast and co-sponsoring lunch on Thursday. If your there, please say hi and toss your card in to win a cool prize. Given the size of the audience, everyone has reasonable odds of winning.
I am also planning to sit in on as many talks at B-Sides as possible. For Wednesday track 3 looks the most interesting and fun to me, with two exception, the first at 1:30 Davi’s talk looks a bit more interesting than the DDoS talk in Track 3, and then again at 2:30 when Rafal Los does his talk. On Thursday its more of a mix,
- 10:30 – Track 1 – How to Get Fired After a Security Incident
- 11:30 – Track 1 – Cyber Fast Track (how can you pass on Mudge?!)
- 12:30 – Track 1 – Long Beard’s Guide to Exploit Dev (Track 2 close 2nd place)
- 1:30 – Track 3 – Cultural Cues from High Risk Professions (curious title, possibly very interesting)
- 2:30 – Track 2 – Hacking webapps is more fun when the end result is a shell! (of course Im going to pick a web app talk)
- 3:30 – Track 2 – Better to burn out than to fade away? (have to pick the panel, but HD Moore in track 1 is close 2nd)
- 4:30 – Track 1 – How to pass audits with non-compliant systems (Track 3 a close 2nd)
Defcon: As usual Defcon always has an interesting collection of talks, and there are plenty to look forward to. However, due to scheduling issues I have to leave on Friday night, so I wont be able to catch much of anything this year. The ones I would look for are:
- Malware Freak Show 3: They’re pwning er’body out there! (Nicholas Percoco is always interesting)
- Cellular Privacy: A Forensic Analysis of Android Network Traffic
- Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP
- Bulletproofing The Cloud: Are We Any Closer To Security?
- Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud
- Don’t Fix It In Software
- Hacking Google Chrome OS
- “Whoever Fights Monsters…” Confronting Aaron Barr, Anonymous, and Ourselves
- Are You In Yet? The CISO’s View of Pentesting
- Web Application Analysis With Owasp Hatkit
If your in town, ping me on my cell (if you have it) or send me a msg on Twittier @mightyseek