Shmoocon videos

Yesterday I learnt that the Shmoocon videos have been made available online, so my immediate reflex action was:

Gotta love wget. I watched some of the talks and quite a high percentage of them are high quality – I watched (parts of) the following:

• A hacker looks at 50. G. Mark Hardy goes on and talks and talks about how systems were previously much more obscure, security through obscurity and all that. I started watching this one but quickly got distracted – probably because the Johnny Long talk got downloaded by then.
• No-Tech Hacking. In this talk, Johnny Long gives examples of how a "hacker" will look at different scenarios and identify security flaws. How easy it is to mark a DoD person who’s supposedly not easy to spot .. and stuff like that. A very enjoyable talk and Johnny Long certainly didn’t disappoint here.
• Auditing Cached Credentials with Cachedump. This is a talk by two guys who focus on the problem of cached credentials. Basically this talk did a very good job at highlighting how bad the thing is in the enterprise environment. An ok talk.
• Hacking Digital Cameras. I started watching this one – looks pretty amazing what you can do with dirt cheap cameras and some electronics knowledge. Of course, I quickly lost interest as soon as I noticed that h1kari’s talk was downloaded.
• Hacking the Airwaves with FPGAs. This is one damn interesting talk. h1kari demonstrates the impressive speed of cracking WEP, WPA, bluetooth and Mac OS X’s FileVault by making use of FPGAs, against cracking them on a good pc. Very sexy stuff! .. and the speaker is pretty relaxed about it all.
• Backbone fuzzing. This talk is pretty interesting – Raven goes on to tell the crowd her experiences with fuzzing lower level stuff which is usually critical network infrastructure devices. She’s quite cool but I got the impression that she makes use of her boy friends to get her fuzzer coding done.
• Attack Detection and Response with Linux Firewalls. I started watching this talk, but it was getting quite late for me .. and didn’t find the talk particularly interesting anyway. Maybe I’ll give this talk a chance some other day.. but yesterday I decided it was time to sleep.

I still need to watch Major Malfunction’s "RFIdiots" talk – which will probably talk about his python library and experience with RFID stuff being done in the UK / passports and such things. He’s a very good speaker and never ceases to impress. So I’m looking forward to that. If you’re interested there’s 2.7gb of videos here. If you’re in .mt area and want a copy feel free to ping me.