According to TonyZ (Fixvirus.com)
DefCon23 100 talks and pdf’s
I chose 3 to focus on: Added a fourth later in day :). Created a separate post with another-5th: http://oversitesentry.com/defcon-talk-your-domain-is-compromised-now-what/ )
Risk discussion: Bruce Potter A hacker’s Guide to Risk
and more good risk info… to come.
WiFi IDS/Firewall for windows: Vivek Ramachandran
There is a lot in this presentation – and it looks like Vivek is proposing a Wifi Firewall/IDS using SQLITE data collection and comparisons
Nemus or Lance Butler: Hacking SQL Injection for Remote Code Execution on a LAMP stack.
Have to dissect this still… but this could be the architecture of a SQL DB
From here Nemus uses Curl scripts to attack the DB.
Brent White “Hacking Web Apps”
If you are interested in pentesting and checking web apps this is a great pdf to dissect.
Typical of pentesters here is Brent’s process:
1. Evidence gathering
2. Discovery/ OS INT
3. Automated Scanning (Low-hanging fruit)
4. Manual Testing