FireTalks from Shmoocon 2010 (Hacking Illustrated Series InfoSec Tutorial Videos) FireTalks from Shmoocon 2010 Grecs and the folks at Shmoo were kind enough to let me record the FireTalks from Shmoocon 2010. More details about the event can be found here: http://www.novainfosecportal.com/2010/01/06/shmoocon-2010-firetalks/ Here are the recordings, in streaming and downloadable versions, along with a description of each night's talks: Night 1 Name Title Description David “ReL1K” Kennedy Social Engineering Toolkit v0.4 Overview The Social-Engineer Toolkit v0.4 (SET) Codename “Pink Pirate” will be released at the firetalk exclusively on BackTrack 4. SET is a security professionals most valuable tool when it comes to social engineering attacks and incorporates some heavily advanced and complicated attacks. The new version is one of the biggest releases yet and incorporate new methods for attacking the clients and some super top secret stuff being released during the talk. Michael “theprez98″ Schearer SHODAN for Penetration Testers SHODAN is a computer search engine. But is is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities. Marcus J. Carey Influencing Security This talk compares information security and health epidemics such as HIV/AIDS. I’ll discuss critical behavior changes which have reduced HIV/AIDS in some countries and what information security can learn from the same approach. Adrian “IronGeek” Crenshaw Funnypots and Skiddy Baiting Ever wanted to screw with those that screw with you? Honeypots might be ok for research, but they don't allow you to have fun at an attacker's expense the same way funnypot and skiddy baiting does. In this talk I'll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Some of the topics to be covered are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive, Robots.txt trolling, And more… Night 2 Name Title Description Nicholas “aricon” Berthaume Browser Fingerprinting Using a Stopwatch There are number of methods for fingerprinting a user’s browser. Most of the commonly employed methods are poor at best and can be spoofed. I believe that a another approach is needed. Using mod_security and standard deviation to detect rendering engine nuances for accurate browser and patch level detection server-side. When using JavaScript, header analysis and CSS implementations are not enough. Zero Chaos Pentoo Ever wish you could carry around your favorite pen-testing distribution on a cd, or a usb stick? Tried popular offerings but feeling like they pander to a different segment? Come hear about Pentoo. At Pentoo we pander to experienced linux users who are more likely to use their gpu for cracking passwords than “teh cubez” and fancy window makers. Come see what all the fuss it about. Benny “security4all” ??? Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie Everyone of us has busy periods or just too many things todo. You start sleeping less and drinking loads of coffee. Both of which are not good for your health. This talk will talk about why our body and mind actually need sleep and how you can hack it. We will discuss some methods on how to enable yourself to stay awake for 20 hours a day without turning into a zombie (and without the use of drugs). Christian “cmlh” Heinrich Payment Application – Don’t Secure Sh!t (PA-DSS) Considering a majority of PCI related presentations focus on the “benefit” and “increase” to “security” are delivered by consultants and vendors whose sole agenda is their financial benefit in implementing PCI-DSS, the failures and their root causes within the lesser known Payment Application Data Security Standard (PA-DSS) will be explored. Both nights as one 2:20:29 long video: To download, right click the link below: (451MB)

https://archive.org/details/ShmooconFiretalks2010 If you would like the talks in a little better quality, here there are separated into the two nights at a higher bitrate: Night 1

To download, right click the link below:(303MB)

http://blip.tv/file/get/Irongeek-shmooconfiretalks20101888.mp4 Night 2

To download, right click the link below:(272MB)

http://blip.tv/file/get/Irongeek-shmooconfiretalks20102210.mp4

Printable version of this article