Security Weekly
Content

What I learned at Brucon 2010

Bottom line: Brucon was awesome! And now my “trademark” post on what I learned (with lots of pictures):

  • Belgian beer is the best in the world, especially when enjoyed in its country of origin with friends

    • IMG_1414.png

  • Samy really is my hero, he can meet your girlfriend, and gave an awesome presentation. He also gave me a really good idea to extend www.securityfail.com to look for that…

    • IMG_1413.png

  • Wicked Clown gave a great presentation an showed how you can get around execution restrictions using RDP and the Terminal Services Client. Neat stuff and shows you don’t need to think in binary and code in assembly to find vulnerabilities.

    • IMG_1412.png

  • Nessus training goes much smooth when the VMware images are distributed on USB sticks.

    • IMG_1411.png

  • The “winner” of powerpoint karoke is really chosen by which slide deck you get at random, I just happened to get “Honey, I’d like to have a threesome”. Fortunately it was not captured on video but I am thinking of asking Frank for the slides and submitting it to other conferences.

    • IMG_1397.png

  • Duvel not only tastes better in Belgium, but also has the same alcohol content (about 9%) and earns the nickname “Devil”

    • IMG_1405.png

  • I’m thinking about “pimping” my presentations, “Foshizzle” (I also think I want to dress like a pimp for Halloween)

    • chrisjohnriley.jpg

  • Nickerson gave a talk about f****ing s**t up. He covered such topics as hacking into manufacturer plants to build full scale robitoc donasaur references, hacking into medical equipment for population control, and other such horrible disasters, This sounds shocking, but the point I took away from this was you can tell your customers “this could” happen, and they will carry on with a risk decision that will most likely save them the most money, which means they will do nothing. We need to work with out customers to fully explain the reprocussions of vulnerabilities, becase just saying, “look, I got shell!” doesn’t mean anything to people other than us.

    • IMG_1387.png

  • Joe McCray really is the black SQL ninja samurai, like for real. Some very cool SQL injection stuff that he showed, different ways to encode. I also picked up a few tricks from Ryan Dewhurts on using “null” table names when injecting SQL.

    • IMG_1399.png

  • For an energy drink, Club Mate tastes okay, I think I just need to drink more of it.

    • IMG_1398.png

  • You can sum up the economics of software security in the words of WuTang Clan: “Cash Rules Everything Around Me”.

    • IMG_1395.png

  • Tom from the disaster protocol podcast means it when he says he’s going to punch you in the face.

    • IMG_1407.png
Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.