Hey back again, sorry I didn't post sooner I just been busy with my new job. Anyways, this year CSI was a wonderful experience. Met a lot of cool people from different parts of the world.
The courses I took mainly focused on computer forensic and attacks & countermeasures. The most interesting course for me was the "Malware Reverse Engineering and Behavioral Analysis" taught by Visveswaran Chidambaram from Infosys Technologies. This session through live demos taught us how to unearth malware's secrets by studying its behavior on a safe lab environment using Vmware and several tools such as Regmon and Filemon from Sysinternals and Ollydbg.
Another interesting course was the "Web Site Vulnerabilities: Trends, Business Effects, How to Fight Them" taught by Jeremiah Grossman from WhiteHat Security, Inc and also the coauthor of "Cross Site Scripting Attacks: Xss Exploits and Defense". I've learned that 9 out of 10 websites are vulnerable to attacks and if your work for a financial institution like I do, you might be interested to know that the top 3 vulnerabilities for banking websites are XSS, SQL Injection and Information leakage.
Last but not least, I would also like to mention the "VoIP Attacks!" course taught by Dustin Trammel a security researcher. He spoke about current attacks against VoIP systems and tools that are helping hackers launch these attacks. A couple of tools he mentioned was written by him. Dustin is an interesting character. This guy likes green. From his head to his toe and even his laptop is green. Anyways this session was an interesting and intuitive course and overall a good presentation.
I also for the first time, participated in a Capture the Flag event using EH-Net BackTrack. What I've learned from this challenge is that I have to improve on my speed. Damn! these people are fast. Oh well, better luck next time.
Last edited by blackazarro
on Sat Nov 24, 2007 5:01 pm, edited 1 time in total.
Security+, OSCP, CEH