Many many things are happening coming up at the end of January / begining in Washington DC.

First HD Moore and I will be giving our Tactical Exploitation class at Blackhat DC Jan 31st - Feb 1st. If you are interested in learning how to hack without exploits, some old and esoteric techniques, and whatever crazy new thing HD is working on, then sign up and hang out with us!

Next I have been working hard with the Blackhat folks to setup the second ever Metasploit Track. We have a great line up of speakers on a wide variety of Metasploit topics.

Metasploit and Money
HD Moore - Metasploit
HD will talk about the joining of Metasploit and Rapid7 as well as all the tons of new features that have been going into MSF.

---

Neurosurgery With Meterpreter

In early 2009 a client contacted me for a penetration test to fulfill their PCI obligation. In the past, pentests with this organization were limited in scope to the web application. Thanks to a previous round of pentests, plus a clued-in developer/admin/security staffer, all of the typical low-hanging fruit for a web app assessment was not found. Minor issues were found in the past, but they were pretty much useless to lead to an actual penetration, even in conjunction with other issues. Such issues were only useful in padding the report. (the world will certainly end due to the high-severity "traceroute to host" for instance)

There are so many things going on in vegas this year its hard to keep track of them all.

1.) HD Moore and I are teaching a class on Tactical Exploitation at Blackhat July 27-28th

2.) The first day of Blackhat Briefings, July 29th we have organized an entire Metasploit Track.

Many Metasploit, Attack Research, carnal0wnage and others people will be speaking in this special track, including:

Dino Dai Zovi, Mike Kershaw, Chris Gates, Peter Silberman, Egypt, I)ruid, Valsmith, Colin Ames, and Dave Kerb,

3.) On Thursday July 30th, HD Moore, Valsmith and others will be speaking at an undisclosed location for BsidesLasVegas

4.) Friday night Attack Research has rented the top of the Riviera for a small party. Find someone from AR to get a specially minted party invite challenge coin

5.) Saturday at Defcon we have another special metasploit track that runs all day, same speakers as Blackhat but including HD Moore and others.

6.) Saturday at noon Valsmith will also be giving a skytalk

There us much much more great stuff going on so hope to see you there!

V.

I managed to pull off (with huge work from Ping) organizing a whole track at Blackhat dedicated to Metasploit:

http://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html

Here are the speakers:
dino dai zovi - Macsploitation with Metasploit
mike kershaw - Kismet & MSF
Chris Gates - Breaking the Unbreakable Oracle with Metasploit
peter silberman & Steve Davis - Metasploit Autopsy, Reconstruction the crime scene
Egypt - Using Guided Missles in Drive Bys
Dustin Trammell - MSF Telephony
Valsmith, Colin Ames & David Kerb - Metaphish

As usual I am up against Kaminsky's talk.

See you there!

V.

My first post on the new blog is going to be more of a philosophical rant than a technical entry, but hopefully still enjoyable. I've been having interesting conversations with Ed Skoudis, Peter Silberman and tons of other people informally about these topics for some time, and decided to share some of my thoughts for whatever its worth.

First; security conferences. Originally they were places to meet up with friends you don't see often, exchange ideas, and learn about new things. Increasingly they have become advertising venues for your product, company, or researcher brand name. Now that's not all bad, it helps people move forward, get opportunities and advance the industry but we should try to remember our roots and not lose that sense of discovery and pursuit.