Hi CrzyAzn. If it's a computer forensics competition, I suppose you have to deal with some kind of .pcap file. If so, just open it with Wireshark, filter only HTTP requests (http.request) and look for a request that contains the "Authorization" header line. Once you found it, you will need to decode the base64 string that follows the "basic" (on the header line) to get the credentials.

gnix

ps: Wireshark has also a http.authbasic filter which should allow you to filter every basic HTTP authentication request. However, I've never had the opportunity to test this expression.

I agree with H1t M0nk3y. This year we were definitely to many for the Riviera. The entire space outside of track1-5 wasn't enough for the hundreds of people changing track and often the rooms were to small to handle everybody.

In addition, most of the people were just there to drink. I saw people with beers and alcohol in the hallway, in the contest room and in the speaker rooms. Probably, most of them were more interested in alcohol and strange haircuts than security stuff.

That said. I would like to suggest few presentations very interesting (from my point of view) and very well structured and entertaining.

• Mastering the Nmap Scripting Engine (very good speakers)
• Insecurity Engineering of Physical Security Systems (interesting stuff)
• Exploiting WebSphere Application Server's JSP Engine (very good speaker)
• pyREtic - In-memory Reverse Engineering for Obfuscated Python (interesting stuff)

Unfortunately, these are the only interesting presentations that I saw at Defcon 18 and I was wondering if you have some other presentations to suggest.

gnix

Be careful when you use the scanf function to read a string and you don't specify the length of a string. Often, a format with %s is vulnerable to a buffer overflow attack.

gnix

Hi all,

I would like to get certified in “wireless security” and I am evaluating some Wireless-Security-certifications. Did anyone get the Offensive Security’s OSWP certification? What do you think about it?

gnix