.

BSidesDelaware 2010

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Sep 02, 2010 9:28 pm

BSidesDelaware 2010

BSidesDelaware 2010
November 6, 2010
New Castle, DE


Didn't get enough at #BSidesLasVegas? Didn't get to go? Didn't get to speak? Don't know what it is? If you're from the east coast and not flying to Texas for BSidesDFW you now have plans.

Cost: Free (as always!)

Venue

Wilmington University, New Castle Campus
320 N. DuPont Highway
New Castle, DE 19720-6491


For more info:
http://www.securitybsides.com/BSidesDelaware

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri Sep 03, 2010 6:18 am

Re: BSidesDelaware 2010

Hmm, this is close to me.  Anyone else thinking about going to this one?
~~~~~~~~~~~~~~
Ketchup
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Oct 25, 2010 9:24 am

Re: BSidesDelaware 2010

I'm registered for this and coming in from CT.  This will be my first one.
Certs: GCWN
(@)Dewser
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Sat Nov 06, 2010 6:35 pm

Re: BSidesDelaware 2010

Just came back from it.  It was very cool, loved the info on Shodan, ShoNuff and Lockpicking. 
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Nov 08, 2010 10:44 am

Re: BSidesDelaware 2010

Could someone do a write up of it, let us know as much as you can in 1000 or so words? :)
OSWP, Sec+
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Mon Nov 08, 2010 10:12 pm

Re: BSidesDelaware 2010

Unfortunately, I arrived late to the Security B-Sides Delaware conference, to my first conference no less. Long story.  Anyway, it was great to see so many smart people presenting information.  They had two conference rooms and a main auditorium.  Some of the presenters were Jason Ross, Marcus Carey, Dave Marcus, Scott Hazel, Michael “theprez98” Schearer and “Grecs”.  For those who could not attend, they have been posting video of the conference online.  I saw a couple of people tweet (hxxp://www.ustream.tv/channel/security- ... re-track-1), (hxxp://www.ustream.tv/channel/security- ... are-track2) and (hxxp://www.vimeo.com/16585113). 


The four talks I got to see were Lockpicking, Pwn an ISP in 10 Minutes, Intro to ShoNuff and Social Engineering for Non-Penetration Testers.  I have always thought about how important it is to have physical security and the lockpicking class proved it.  Dr. Robert Tran spoke on the basic locks such as tumblers and wafers and how to unlock them.  It should not be that simple to unlock these.  If you guys are curious, his group’s site is (hxxp://toool.us).  You can actually buy tool sets on their site.  Very cool.  He used rakers, half diamond, and hook tools.  You see it on TV all the time, but it was incredible to see it in person.  He explained it is all about light pressure.  Oh, and before I forget two rules: don’t try to pick a lock that you don’t own and don’t pick a lock that you rely on!  I am glad he said that, I was ready to try to lockpick my front door the minute I could.  It would really suck to have to replace my door lock because I got overzealous.  =-)


Next, SHODAN!! The speaker was “theprez98” and he talked about the Shodan Search Engine (hxxp://www.shodanhq.com).  It is not your Google search engine.  It gives info such as the IP address, hostname, port numbers, and OS versions of devices on the Internet.  It is very powerful.  He did a demonstration of how easily you can search for a Cisco device that has no protection and allows “level 15” permission over the device.  It was scary stuff and definitely worth a look of his video. 

 
Next up, ShoNuff!  We didn’t get to see a demonstration of ShoNuff due to some technical difficulties but Jason Ross still gave us the overview of it.  The site is (hxxp://whoisthemaster.org:8080/).  It basically does a super WHOIS of an organization.  It provides the network IP address range of the company and even ties to Shodan using the new API of Shodan.  It seems to me it is invaluable when you are doing passive recon work for a penetration test.  It is amazing that this started from curiosity and the scarcity of the IPv4 addresses available.


Lastly, I sat in on the social engineering demonstration by Scott Hazel.  He basically answered the question, “How do I practice social engineering when I am not doing a penetration test and I don’t want to get shot?”  It is a very good question.  I mean how do you get skills on social engineering so that you can be asked to do a penetration test?  He gave some answers I would not have thought of such as watching TV shows on mute just so you can read nonverbal communication.  It makes sense right and it is simple.  Also, try listening! Again, sounds simple but how many of us actually do it.  You can start by just listening to your wife, girlfriend, kids, friends and co-workers.  You will score points with the wife/gf at least. =-).  Finally, to get to that “layer 8” connection is to talk to people.  Just converse with strangers and see how much you can learn about people.  He gave some anecdotal examples when he described that you should be “the fail”.  It was hilarious.  Basically, you can get loads of information from people simple by stating things that are incorrect.  Someone will always be there to try to correct you with information that they should be give. 


I think the conference was a success.  It was informative, exciting and inspiring.  I would definitely recommend looking at their videos if you could not attend.  I am hoping this is the start of more great conferences to come. 
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Nov 09, 2010 11:57 am

Re: BSidesDelaware 2010

That's awesome. Thanks.

If you haven't gotten it yet, pick up Deviant's book. Really worth reading.

You should hit up their site / forum (forum.toool.us) to see if there is one in your area if you want to learn more about locks.
OSWP, Sec+
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Nov 12, 2010 10:08 pm

Re: BSidesDelaware 2010

Good recap killjoy!  It was a great time, I can't wait for the next one and hope it is up my way, that 4 hour drive was rough! :D  But sooo worth it!!

It was tough trying to pick the talks.
Certs: GCWN
(@)Dewser

Return to Calendar Of Events

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software