Friday, August 11, 2006

Home from BlackHat and Defcon

I've been busy busy busy since I got home from BlackHat. And probably more busy in the next coming week.

TC and I gave our JavaScript Malware talk (Hacking Intranet Websites from the Outside) to a packed 1,000 plus audience. Everyone was completely engaged and we opened a lot of eyes. XSS and JavaScript Malware is no longer the kind and gentle vulnerability is used to be. Lots of press were in also attendence, including Brian Krebs from the Washington Post who called the presentation "rather disturbing". The media attention has been crazy (USA Today, eWeek, Infomation Week, you name it). I think we even scared most of the experts with the demos. Everyone ran home and changed the p/w on their DSL router. :) Tons of people stopped us during the remaining BH and Defcon saying that we had the best talk. For a presenter, there is no better feedback. We'll chalk this one up as a 100% success. Slides and PoC available for download.

Beyond the show itself we hung out with RSnake, Arian Evans (and g/f), Andrew van der Stock, Bob Auger, Danny Allen, Kurt Roemer, Erik Peterson, Matt Fisher, Billy Hoffman, and a bunch of others from SPI/Cenzic/Watchfire and elsewhere. We had an absolute blast. And the WASC meet-up at the Shadow bar was great fun as well. About 30 people attended with lots of laughs and stories. This is really why you attend the infosec conferences. You never know what exactly your going to learn or who your going to meet. RSnake has some Defcon pictures here. I posted some below.


Arian sporting an approving grin moments before security guards surrounded his laptop. We must have been the only shady looking hacker type characters at Defcon. Riiiiiiight. :)



RSnake and Andrew van der Stock at breakfast



The akward moment between Billy and RSnake


Matt in his B-Day chair at 4am breakfast



Robert in his classic hacker superman pose



TC and Matt doing SamBuca shots while they light each others mouth on fire.

No comments: