domingo, 26 de octubre de 2008

Thoughts on slide design

One of the things researcher should think about, whether they like it or not, is slide design.
Showing your results is an important part of the research, because its the point you justify the budget invested. Obviously, there is no need of slides when you got a remote on IIS 6, but for those of us who are mortals (a.k.a non-sinans) we need to show pretty things and make people happy.
This not only apply for business meeting but most important for conferences.
How many times you spent looking at lousy slides, full of bullet points that are in the middle between a paper and presentation slides. The true is, as Dave says, you have two types of public: the one in the conference and the people that will download the slides later.
But even if you have to keep in mind the online public, why not making your slides pretty?

I have been researching about the best way to improve my slides, for the keynote i'm presenting at H2HC in November.
And here are some tips I have been collecting.

Is not about the software
I have always thought that openoffice was ugly, and it actually is. But that doesn't mean you can make a wonderful presentation with it. Just avoid using their feature as much as possible. And if you have to do boxes, try to make them different as their are supposed to (drop the line, add transparency, shadow, use non-default color, etc).

This is probably the best advice I can give. You presentation gets on a completely new level when you start adding images. Either if you use them as background or as an accessory, you need to get good resolution image. Let me repeat this again because is important, GOOD RESOLUTION. Don't accept anything less than 1024x768.
If you can afford them, get them from
If you are poor Argentinian, you can get a lot of amazing images from, the "advance search" allow you to search only for Creative Commons-licensed content.

Use the rule of third.
I did a couple of photography's courses in the past and one of the most important lesson I got on composition was the famous rule of third. Basically you need to draw insivible lines dividing your photo vertically and horizontally in 3 parts, leaving 9 squares.
The points where the invisible lines cross each other, are the aureal points, which are the places where the viewer puts more emphasis when looking at a picture. A simple arrangement of the content can improve you slide a lot.

Your slide need to be balanced. If you put all the attention on one side of your slide, there has to be text or image in the other side that can help the viewer keep their attention in the center of the image.

Just Phrases
Try to avoid as much text as possible. Only use phrases that help you with your statement. Slides are usually there to support your presentation rather than repeat what you have said.

Slides take tremendous amount of work that you might not be able to invest, but if you do it, you won't regret it. But no matter how pretty you made your slides, at the end, it's always about the speaker.


PS: For those of us who can read spanish, the axolotl magazine has publish Cari's work on Heian's poetry.

miércoles, 15 de octubre de 2008

Ba-Con and EkoParty 2008

Testing, testing. One, two, three.
Testing, testing. One, two, three.
Maybe this is working. I don't know. If you can even hear me. I don't know.
But if you can hear me, listen.

Conference season is over in Buenos Aires and it was a total success. Here is my small review

dragos Ba-Con was in a really nice hotel in downtown Buenos Aires. If they keep it in the same place next year is gonna be even better, since they are changing the hotel's street into a big sidewalk and thats the Irish Pub's zone.
I went through all the presentations, some of them I already read their ppt before, others were not really of my interest.

SecViz 2007: was interesting. Splunk people made a really nice flash animation feed by xml that show information over time. If I were a network admin, i will totally used just to make my work look fancier.

WPA/WPA2: It was good, actually the first time i ever went into a Cedric's talk.

A Practical Approach to Mitigate and Remove Malware: It was a really good presentation, not because the material was good but rather Ching Tim Meng's skills as a presenter. He can make you laugh over Indonesia's cassava farming policy.

Pass-the-hash Toolkit for Windows: The toolkit is pretty good, the research even better, specially if you keep in mind that Hernan did it back in 1992ad with softice. No symbols, no IDA. For some people it was like reversing with punched cards.

Hacking PXE without reboot: I'm glad i finally met Julien. We talked a lot but never met the man behind ERESI. The presentation was pretty good, at some point he said "and now we are gonna read assembler" and there was assembler.

Alex Sotirov's on Brownser: I did read the slides from their blackhat's presentation, but see it live was a jaw breaker. All my respect to Alex and Mark.

Eko-Party was amazing. You can see the organizers hard work on their tired faces. We did two trainnings the first day, Pablo gave a condensed version of Unethical Hacking and Dami did the same for Stack Overflow. A bunch of people came into the training, hopefully we are gonna repeat the experience next year. (I'm glad i didn't put myself into any training/presentation, since i loose my voice on day 1, as Mariano Nuñez said, I sound like the godfather).

I didn't went into many presentation since I had meeting and stuff like that. But I get to see the following:

1st day:
Keynote: Dave Aitel Even tho my review wont't fair, i'm just going to said the 90's joke was hilarious.
Pablo Sole's Adobe embedded talk First time seeing pablo talking and he did amazingly good on stage.
Late Night Talks: (this was a really nice idea, basically they invite everyone into a bar and people gave 20 minutes talk)
Fernando Gont on Something related with protocols: The presentation was too formal and technical (?!) to give it on a bar. I think only 3 people paid attention to their talk, and they were sitted on the same table. Anyways, fernando either has guts or he doesn't care. I think the dictionary add a new verb after him:
gont: For the verb "to gont"
Clarify the meaning of and discourse in a learned but boring way to a bunch of drunked hackers

Andrew Cushman's on Exploiting Index: It was good presentation for the bar and the result can be seen here (Apparently they know about our advisory leech script "", hehe)

2nd day:
Sebastián García - Dime cómo atacas y te diré quién eres: Profiling attackers by the way they press keys on a shell or made mistake. I have to left the presentation in the middle, but apparently at the end he just said "all the things just presented, they don't work anymore these days". Brutally honest, for that last phrase he got my respect.
Luciano Bello - Maximiliano Bertacchini Debian's OpenSSL random number generator Bug: Great presentation, lot of graphs of keys, computers, Alice and Bob. Although, I think there was a question never asked but i believe everyone wants to heard his answer "Did you regret publishing the bug?" :).
Nicolas Economou - Alfredo Ortega Smartphones (in)security: Nice presentation, the climax got into its maximum peek when they hack their iphone's abo and SMS Luciano.

That it. Been doing boring work the last week. If you want to heard the juicy details about this MS Tuesday, check out:

Last but not least, We are gonna be soon in Brazil for the H2HC! Pablo would be giving an cool presentation on ID's and I will be giving the Keynote called "Apology of 0days". If you are in Sao Paulo the 8/9th of November, Immunity had a booth at the conference and we will be doing the NOP Certification