miércoles, 15 de octubre de 2008

Ba-Con and EkoParty 2008


Testing, testing. One, two, three.
Testing, testing. One, two, three.
Maybe this is working. I don't know. If you can even hear me. I don't know.
But if you can hear me, listen.

Conference season is over in Buenos Aires and it was a total success. Here is my small review

dragos Ba-Con was in a really nice hotel in downtown Buenos Aires. If they keep it in the same place next year is gonna be even better, since they are changing the hotel's street into a big sidewalk and thats the Irish Pub's zone.
I went through all the presentations, some of them I already read their ppt before, others were not really of my interest.

SecViz 2007: was interesting. Splunk people made a really nice flash animation feed by xml that show information over time. If I were a network admin, i will totally used just to make my work look fancier.

WPA/WPA2: It was good, actually the first time i ever went into a Cedric's talk.

A Practical Approach to Mitigate and Remove Malware: It was a really good presentation, not because the material was good but rather Ching Tim Meng's skills as a presenter. He can make you laugh over Indonesia's cassava farming policy.

Pass-the-hash Toolkit for Windows: The toolkit is pretty good, the research even better, specially if you keep in mind that Hernan did it back in 1992ad with softice. No symbols, no IDA. For some people it was like reversing with punched cards.

Hacking PXE without reboot: I'm glad i finally met Julien. We talked a lot but never met the man behind ERESI. The presentation was pretty good, at some point he said "and now we are gonna read assembler" and there was assembler.

Alex Sotirov's on Brownser: I did read the slides from their blackhat's presentation, but see it live was a jaw breaker. All my respect to Alex and Mark.

Eko-Party was amazing. You can see the organizers hard work on their tired faces. We did two trainnings the first day, Pablo gave a condensed version of Unethical Hacking and Dami did the same for Stack Overflow. A bunch of people came into the training, hopefully we are gonna repeat the experience next year. (I'm glad i didn't put myself into any training/presentation, since i loose my voice on day 1, as Mariano Nuñez said, I sound like the godfather).

I didn't went into many presentation since I had meeting and stuff like that. But I get to see the following:

1st day:
Keynote: Dave Aitel Even tho my review wont't fair, i'm just going to said the 90's joke was hilarious.
Pablo Sole's Adobe embedded talk First time seeing pablo talking and he did amazingly good on stage.
Late Night Talks: (this was a really nice idea, basically they invite everyone into a bar and people gave 20 minutes talk)
Fernando Gont on Something related with protocols: The presentation was too formal and technical (?!) to give it on a bar. I think only 3 people paid attention to their talk, and they were sitted on the same table. Anyways, fernando either has guts or he doesn't care. I think the dictionary add a new verb after him:
gont: For the verb "to gont"
Clarify the meaning of and discourse in a learned but boring way to a bunch of drunked hackers

Andrew Cushman's on Exploiting Index: It was good presentation for the bar and the result can be seen here (Apparently they know about our advisory leech script "ms.py", hehe)

2nd day:
Sebastián García - Dime cómo atacas y te diré quién eres: Profiling attackers by the way they press keys on a shell or made mistake. I have to left the presentation in the middle, but apparently at the end he just said "all the things just presented, they don't work anymore these days". Brutally honest, for that last phrase he got my respect.
Luciano Bello - Maximiliano Bertacchini Debian's OpenSSL random number generator Bug: Great presentation, lot of graphs of keys, computers, Alice and Bob. Although, I think there was a question never asked but i believe everyone wants to heard his answer "Did you regret publishing the bug?" :).
Nicolas Economou - Alfredo Ortega Smartphones (in)security: Nice presentation, the climax got into its maximum peek when they hack their iphone's abo and SMS Luciano.

That it. Been doing boring work the last week. If you want to heard the juicy details about this MS Tuesday, check out:
http://addxorrol.blogspot.com/
http://blogs.technet.com/swi/default.aspx

Last but not least, We are gonna be soon in Brazil for the H2HC! Pablo would be giving an cool presentation on ID's deplib.py and I will be giving the Keynote called "Apology of 0days". If you are in Sao Paulo the 8/9th of November, Immunity had a booth at the conference and we will be doing the NOP Certification

Cheers

No hay comentarios: