Great DefCon Talks

According to TonyZ (Fixvirus.com)

DefCon23  100 talks and pdf’s

I chose 3  to focus on:   Added a fourth later in day :). Created a separate post with another-5th: http://oversitesentry.com/defcon-talk-your-domain-is-compromised-now-what/ )

 

Risk  discussion: Bruce Potter  A hacker’s Guide to Risk

Risk”vs.”Threat”vs.”Vulnerability
Risk”tends”to”be”bigger/more”general”than”threat.” Multiple”threats”can”role”up”in”to”a”single”risk
Threats”rely”on”vulnerabilities”to”be”realized

and more good risk info… to come.

WiFi IDS/Firewall for windows: Vivek Ramachandran

wifiidsarchitecturediagram

There is a lot in this presentation – and it looks like Vivek is proposing a Wifi Firewall/IDS using SQLITE data collection and comparisons

 

Nemus or Lance Butler: Hacking SQL Injection for Remote Code Execution on a LAMP stack.

Have to dissect this still…  but this could be the architecture of a SQL DB

SQLarchitectureSQLi

From here Nemus uses Curl scripts to attack the DB.

Brent White “Hacking Web Apps”

If you are interested in pentesting and checking web apps this is a great pdf to dissect.

Typical of pentesters here is Brent’s process:

1. Evidence gathering

2. Discovery/ OS INT

3. Automated Scanning (Low-hanging fruit)

4. Manual Testing

 

 

 

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.