well we just got done with the morning keynote with John Dvorak, went really well and John talked briefly about the history of computing and trends now and in the coming future. really good talk and he was hilarious while he was talking. It was interesting to get opinions or insight on where computing is going from someone who has basically watch it evolve and grow with it. good talk
i got in after Lance Spitzner yesterday but i heard it went well.
last nite Joel Dubin talked about about PCI Compliance, it was at the perfect level for me. I didnt really know anything about it so it was a great high level overview of the 12 commandments of PCI compliance, what's painful about it (section 6.6) and what isn't so painful about it. really good talk, and he gave links to where you can get more information.
Brian (slimjim100) talked about using Cain and Abel http://www.oxid.it/cain.html
it was a good talk and great demo. we basically MITM'ed the local wfi hotspot at the location had an assistant browsing around using insecure protocols so you we could see can sniffing up passwords for different sites, serving up fake SSL certs. Brian is a layer2 ninja so he talked alot about how cain worked at layer 2 and how well the tools works when you can use it on a LAN.
I talked about Metasploit Basics. We discussed the interfaces, exploit types, payloads, aux modules and some fun tricks. For the demo i did a user interaction browser exploit with VNC inject payload and the SMB_relay attack where you get a user to browse to your SMB server and do a pass the hash attack. I'll be posting my day 1 slides on the blog this morning and i also did some backup hack videos that the attendees will get on their DVD and that should get posted to EH.net and LearnSecurityOnline.com shortly. All the conference materials are supposed to be available on the chicagon site after the event as well.
We also had some guys from the local 2600 chapter/DEFCON 312 group and it was cool to have some community security guys in attendance to let us know how we did. so kudos to them for coming out.
tonight we have me doing post-exploitation fun with the metasploit meterpreter payload and Tom Liston doing a talk on malware. should be good.