sábado, 28 de abril de 2012

Three Reasons why you should listen to what Brett Moore has to said...

There are clearly too many conferences and as a result too many material too catch up. But the difficulties as you probably experience is not finding free time to read it, but rather filtering the insightful research among all the noise.
The best way of course is following recommendation from friends (exclude twitter from this equation, giving the tendency to RT information without reading it) or just read the presentation from "respected" researchers but this is a double edge sword, because presenters has the need to be on the media as part of their business model and so the quality usually decrease and at the same time you narrow down your chances to find some fresh material.

In any case, if there is a researcher that never disappoint is Brett Moore. This guy that came from the further island of New Zeland (country famous for adding fluor on water and as a result breeding  generations of rugby players, hackers and sheep lovers) is one of the big institutions of the antipodes.

There three things that you will always find on a Brett Moore presentation:

  • Brett has a technical standard, and no matter in which conference he is talking, he never lower the quality.
  • He is always as clear as water on his presentation, you will never see him hiding any technical detail. Every piece of the puzzle is always on his slides.
  • Everything he present is based on a real world challenge he had to face at some point. He didn't find a way to bypass SAFESEH because the protection was there, but rather because he had a bug and need to exploit it. This give him an advantage over most of the 90% of the material around, his stuff works. Researchers tend to fall into the Strawberry pudding rule, where requirements to implement their technique are so big that is almost impossible to do so, unless you do it in their own controlled environment. Brett always present a real scenario where the challenge pop up.

If i didn't convince you by now, try reading his new presentation for Syscan 2012 http://www.insomniasec.com/publications/Post%20Exploitation%20Process%20Continuation.pptx on post exploitation process continuation.

PS: Last advice on Mr. Moore, never try to outdrink him or piss him off when he is drunk. You have been warned.