Greetings from sunny San Diego! The past couple of days have been an absolute blast. The folks at ToorCon have put together an awesome conference this year, including speakers from around the world presenting some cutting edge research.
Ben Feinstein and I attended a two-day 'crash course' in penetration testing offered by Learn Security Online. Chris Gates and Joe McCray presented some excellent introductory material. They also included a few advanced evasion techniques that I hadn't seen before. It's always good to sharpen your skills.
During the Friday seminars, Jay Beale from InGuardians gave an overview of his man-in-the-middle tool, The Middler. He mentioned the code would be released Real Soon Now, so I look forward to a chance to play around with it. Jared DeMott, now at Crucial Security, also gave a rundown of reverse engineering using IDA Pro and the Immunity Debugger. I'm a big fan of Jared's previous work with fuzzing.
The first day of the convention was pretty packed. Since I didn't have the chance to attend Black Hat/Defcon this year, Dan Kaminsky's DNS keynote and Alex Sotirov's evasion of Vista's memory protections were fresh and eye-opening to me. Ben also gave his talk about brute-forcing SSH sessions that use the broken Debian SSL libraries, the code for which is available as part of our open-sourced Snort plugins. Joe McCray also gave a good survey of various advanced SQL injection techniques; I really like his classification scheme for the types of SQL injection. Finally, Kurt Grutzmacher's squirtle tool for obtaining and reusing NTLM hashes from inside corporate networks via XSS definitely proves that you must secure even internal Web applications.
Day two's shorter format squeezed a lot more presentations in, but some of them kind of felt pressed for time. Marc Bevard showed how to crack DES passwords with the PS3, using some awesomely optimized code. Chema Alonso released a tool for downloading remote files via blind SQL injection. Dennis Brown presented some interesting new details on the Asprox/Damnec botnet. The presentation on hacking telephone entry systems elicited a few chuckles, especially the 'dial 333 for rickroll segment. Stephan Chenette's presentation on browser hooking is an excellent new technique for deobfuscating Javascript, like our Caffeine Monkey tool. I've been really impressed with the convention this year. ToorCon is big enough to attract some high quality presenters, but still small enough where you don?t get lost in the crowd. Hope to see everyone again next year!