Bottom line: Brucon was awesome! And now my “trademark” post on what I learned (with lots of pictures):
- Belgian beer is the best in the world, especially when enjoyed in its country of origin with friends
- Samy really is my hero, he can meet your girlfriend, and gave an awesome presentation. He also gave me a really good idea to extend www.securityfail.com to look for that…
- Wicked Clown gave a great presentation an showed how you can get around execution restrictions using RDP and the Terminal Services Client. Neat stuff and shows you don’t need to think in binary and code in assembly to find vulnerabilities.
- Nessus training goes much smooth when the VMware images are distributed on USB sticks.
- The “winner” of powerpoint karoke is really chosen by which slide deck you get at random, I just happened to get “Honey, I’d like to have a threesome”. Fortunately it was not captured on video but I am thinking of asking Frank for the slides and submitting it to other conferences.
- Duvel not only tastes better in Belgium, but also has the same alcohol content (about 9%) and earns the nickname “Devil”
- I’m thinking about “pimping” my presentations, “Foshizzle” (I also think I want to dress like a pimp for Halloween)
- Nickerson gave a talk about f****ing s**t up. He covered such topics as hacking into manufacturer plants to build full scale robitoc donasaur references, hacking into medical equipment for population control, and other such horrible disasters, This sounds shocking, but the point I took away from this was you can tell your customers “this could” happen, and they will carry on with a risk decision that will most likely save them the most money, which means they will do nothing. We need to work with out customers to fully explain the reprocussions of vulnerabilities, becase just saying, “look, I got shell!” doesn’t mean anything to people other than us.
- Joe McCray really is the black SQL ninja samurai, like for real. Some very cool SQL injection stuff that he showed, different ways to encode. I also picked up a few tricks from Ryan Dewhurts on using “null” table names when injecting SQL.
- For an energy drink, Club Mate tastes okay, I think I just need to drink more of it.
- You can sum up the economics of software security in the words of WuTang Clan: “Cash Rules Everything Around Me”.
- Tom from the disaster protocol podcast means it when he says he’s going to punch you in the face.