Posts Tagged ‘confidence’

CONFidence and OWASP – Poland

May 25th, 2009

CONFidence and OWASP Europe were great. The venue was amazing (it was my first time in Poland) and both conferences were perfectly organized. I would like to thank Andrzej Targosz, the CONFidence organizer, for all his help and support during both conferences, without his help, nothing of this would have happen.

This trip was completely different from my previous ones, because (among other things) I slept in a hostel in the same room with six guys from Slovakia, one from Singapore and one from Austria; and run the Capture the Flag for both conferences together with Jaroslaw Sajko.

In my previous posts I listed the talks that I was interested in, so now I’m going to use that as a base to talk about the conferences. Here are my thoughts about CONFidence:

  • Social engineering for penetration testers, by Sharon Conheady. It was one of the most interesting talks I’ve attended  in both conferences. She works as a social engineer, and her talk was interesting from the beginning to the end (hmm, maybe she social engineered me to blog this?).
  • Public transport SMS ticket hacking, by Pavol Luptak. At first I was expecting something related to hardware hacking, but Pavol (one of the six Slovaks from the hostel) showed us a way to cheat the SMS ticketing system using some easy software based tricks. Good job!
  • VAASeline: VNC Attack Automation Suite, by Rich Smith. Some friends attended this talk, and told me it was really good, but I had to be at the CTF booth because some bugs were found in one of the levels.

About OWASP Europe:

  • The Truth about Web Application Firewalls: What the vendors do not want you to know by Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity. This was by far the best talk in OWASP, I was really interested in this subject, and the speakers gave a great presentation. Sandro and Wendel showed the audience different ways to bypass WAF’s, and performed a demo of some tools that the have been working on.
  • Advanced SQL injection exploitation to operating system full control by Bernardo Damele the creator of sqlmap.    Bernardo’s presentation was both detailed and technical, he showed the audience how to gain OS access from SQL injections in different DBMS. Note to self: update the sqlmap version that runs in w3af.
  • When Security Isn’t Free: The Myth of Open Source Security by Rob Rachwald, Fortify. Failed to attend, this time, I think that I was talking with Sandro and Wendel about wafw00f ;)
  • Exploiting Web 2.0 – Next Generation Vulnerabilities by Shreeraj Shah, Blueinfy. Failed to attend (one more time).
  • I thought you were my friend Evil Markup, browser issues and other obscurities by Mario Heiderich, Business-IN. His presentation was awesome, he showed the audience a lot of little tricks that can be used to bypass different types of filters and execute javascript in the victim browser.

The talks were amazing, but as I always say… the real value of the these conferences is not in the talks, is in the people you meet there.

andres.riancho conferences, security, w3af , , , , , , ,

TOP 3 talks @ Confidence – Poland

April 28th, 2009

Following the spirit of the previous post regarding the interesting talks at OWASP Poland, here is the list of talks I find interesting at CONFidence:

  • Social engineering for penetration testers, by Sharon Conheady. I always enjoy the social engineering talks. It’s like learning Jedi mind control tricks!
  • Public transport SMS ticket hacking, by Pavol Luptak. Hardware hacking is something I won’t be able to in my life, and that is why I find it so interesting.
  • VAASeline: VNC Attack Automation Suite, by Rich Smith. Are they really so many VNC servers out there? Was it really necessary to build VAASeline? I want my answers, so I’ll be there :)

The whole conference line-up sounds interesting, and I’m sure I’ll enjoy it a lot. See you there!

andres.riancho conferences , , ,