After last week’s blog covering the upcoming presentations at Black Hat USA, I had a number of requests for our take on the DEF CON 24 schedule (immediately following Black Hat, August 4-7). While I encourage you to attend my talk, Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools on August 6 at 11 a.m., here are some of the other presentations our team is excited about attending:
- Jonathan Brossard’s talk, Introduction to the Witchcraft Compiler Collection: Towards Universal Code Theft, looks very interesting to us. The extraction of functionally independent code is something we frequently do manually in order to reverse engineer and find vulnerabilities in areas of code we’re examining. Automating the process on a large scale is an attractive idea.
- Sentient Storage – Do SSDs Have a Mind of Their Own?, presented by Tom Kopchak, looks to cover some of the issues we have observed with performing forensic analysis on solid state drives. It will be nice to see his study that analyzes the behavior of a number of these drives.
- Chris Eagle is a recognized expert in reverse engineering, and one of the driving forces behind the DARPA Grand Challenge in automating vulnerability analysis. In this talk, Sk3wldbg: Emulating All [Well Many] of the Things With IDA, he discusses a lightweight emulation framework that should make testing snippets of code in static analysis a lot easier.
- I’m personally disappointed that I won’t be able to attend Erin Jacobs and Zack Fasel’s talk, I Fight for the Users, Episode 1 – Attacks Against Top Consumer Products, as I’ll be in the speaker ready room for my own talk in the following speaking slot. I’m going to makes sure some of the other HORNE Cyber team attends, though. We like to stay on the cutting edge of new attack techniques for network connected devices.
- We’re intrigued by the topic of Discovering and Triangulating Rogue Cell Towers, by Eric Escobar. With our interest in the security of telecom networks, combined with our interest in helping remote workers communicate securely in hostile environments, this looks like an interesting talk, with information we can take home and work on.
- Many of the networks we test rely heavily on virtualization. We are looking forward to comparing our notes to the findings of Ronny Bull, Dr. Jeanna N. Matthews, and Ms. Kaitlin A. Trumbull that they describe in their talk, VLAN Hopping, ARP Poisoning, and Man-in-the-Middle Attacks in Virtualized Environments.
We always look forward to the speaking-track events going on in and around DEF CON. Whether it’s the more informal talks going on in Skytalks or the IOT Village, or browsing the latest hacker gadgets in the vendor area, we’re going to be doing a lot of walking!
The best thing about DEF CON, however, is getting to hang out with interesting people in this field. I look forward to talking to you about the research I’ve done for my talk on secure penetration testing operations, and about how we’ve been doing things at HORNE Cyber since our founding in January. The whole team is eager to network and have fun with some like-minded people, so get in touch!
For weekly insights into cybersecurity, please sign up here: