More CanSecWest/core06 liveblogging…
by Jose NazarioA few notes on the talks I’ve liked thus far:
HD Moore’s Metasploit 3.0 framework presentation. Written in Ruby, it is far more flexible and efficient. About one month ago, some of us were joking that you could slap a Ruby on Rails front-end on it and hook it up with something like Backpack for that ultimate “Getting things pwned” web-app.
Jim DeLeskie & Danny McPherson on “Protecting the Infrastructure.” Stuff we do every day, but you gotta like it : ) Seems a bunch of other people did, too.
Christopher Abad’s “Advancements in Anonymous eAnnoyance” presentation. Abad’s talk was the usual mix of rambling stuff, hardcore math (decryption via Photoshop …), and lots of humor. Great stuff.
Dennis Cox’s “Insiders View: Network Security Devices” presentation. Going from packets to Mbps throughput, to the inner workings of many hardware devices (i.e. storing lots of state, huge memory allocation, and hosing your numbers because you can’t have it all). This area is a huge thing this year at CSW, and this was probably my favorite talk on it so far.
Alex Stamos & Scott Stender’s “Attacking Web Services” presentation. While they went way over time, it was neat to see what they did and how they did it. While we were all anxious to move on to Chris’ talk, I think most everyone appreciated the material.
Edward Balas & Michael Davis’ “Next Generation Sebek” presentation. I only caught a bit of this, but some good stuff. Grab the slides when you can.
Halvar Flake’s “More on Uninitialized Variables” presentation. My brain hurts after this, but I think I got this talk more than I have his past ones. Not that I can yet fully utilitize the info, but … as usual, great stuff.
Oh, and I had a great talk this morning with some folks on high-throughput malware analysis using open source tools. Something I’ll have to try when I get back to the office. So far all of the talks I’ve seen have been great.
And now I’m off to lightning talks …
