lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 13 Mar 2007 14:35:07 -0700 (PDT)
From: Vic Vandal <vvandal@...l.com>
To: full-disclosure@...ts.grok.org.uk
Subject: CarolinaCon presentation drafts

H@...s, phr34kz, g33k5, InfoSec pros, and "not" you feds/cops (heh),

CarolinaCon-2007 is April 20th-22nd.  Check out the carolinacon.org
site for more details.  Here's a sample of what's on tap currently,
as far as pure talks go (in no particular order whatsoever).  Also
these abstracts are really rough, as clearly evidenced in places.
I'll be firing our secretary and technical writer as soon as we hire
one or both (cough).  I can only be directly blamed for how 1-2 of
these look.  I can be blamed if the formatting on this post is all
screwed up, as I'm lazily cutting and pasting text from the site HTML
(which I did not code up, and which seems to have been cut and pasted
from phpBB forum posts).  And without further delay or disclaimers...


"Examining The On-line Black Market"
Computer attackers no longer need to rely on their abilities, as
malware and automated tools quickly and efficiently perform attacks for
them. Individuals can buy access to sophisticated malware, including bots,
Trojans, and worms via markets run in publicly accessible web forums
centered primarily out of Eastern Europe and Russia. These forums also
operate black markets where individuals can sell the data they illegally
obtain for a profit. Since these markets are dynamic and often written in
foreign languages, it is not fully understood how these markets operate.
Using a sample of publicly accessible web forums that traffic in malware
and personal information, this talk will explore the current state of the
on-line black market. The data are used to understand the quantity and
type of data being traded and sold, and identify the dynamics of sellers
and buyers in these markets. This talk should benefit anyone with an
interest in computer security or hacking by detailing the methods and
tactics of malware writers and data thieves, as well as upcoming malware
threats.


"Intro to Electronic Circuits and Circuit Elements"
This presentation is slated to encompass a wide variety of simple
electronic circuit elements and how to assemble them into working
circuits. The elements that would be examined in the presentation would
include power sources, resistors, diodes, Timer ICs, Op-Amps, and testing
equipment. I will cover how to use the equipment and also include an
introduction to soldering the circuit elements onto mounting boards. I
would go over how to assemble or purchase all of the components to build
the circuits and test them. To conclude I would demonstrate a few simple
circuits and how to build them at home along with where to purchase or
obtain the components.


"FreeBSD Jails 101"
Talk starts out with an overview of chroot (Cool and chroot(2) and why
they are ultimately not acceptable to isolate processes from each other.
Move into jail(Cool and jail(2) and how they work and can properly isolate
processes. Finish by explaining the relationship between virtualization
and jails and some things to keep in mind when using jails. I will also
have a machine with a few jails up and running to illustrate some of the
points in my talk.


"Building and Maintaining a Community Hacker Lab"
This panel discussion will cover the major hurdles to be made in
creating and maintaining a hacker lab for your local group or club. The
esteemed panel of current CCG lab scientists will discuss lessons learned
in the pursuit of obtaining and maintaining a hacker lab for the NC2600
community.
The CCG lab is currently in operation, and is a non-profit research
laboratory dedicated to creating innovations in the fields of computer
security and software development. Its inspirations lie in places like the
infamous l0pht and less-known but still l33t NOLAB. By striving for
technical skills development and by using knowledge-sharing, the goal of
the CCG lab is for computer security-minded persons to explore and learn
in a heterogeneous networked environment.
Major panel topics to be covered include; funding, finding an
appropriate location, physical/network access control, network design,
projects, membership/participation, and obtaining hardware/software.
Questions from the audience are also encouraged, as the panel and
sponsoring non-profit hopes to inspire other groups to build their own
labs.


"How to 0wn Capture the Flag"
This presentation will cover the knowledge needed to setup, run, and
win a capture the flag game. The setup portion of the presentation will
cover how the scoring application works and the details of setting up the
hardware. Advanced topics such as using a Honeywall to log attacks that
happen during the game will be touched on as well. After an explanation of
the inner workings of how the game works an open discussion of tips and
tricks on how to bend the rules without breaking them will follow. A prize
will be awarded to the person who has the best tip as voted on by the
attendees, so bring your best hack.


"Keeping Secret Secrets Secret and Sharing Secret Secrets Secretly"
Secrecy is the practice of hiding information from others, yet often
involves sharing that same information with a select individual or group.
That which is kept hidden is known as the secret. Secrecy is often
controversial. Excessive secrecy is often cited as a source of much human
conflict. Some 2,500 years ago Sophocles wrote, "Do nothing secretly; for
time sees and hears all things, and discloses all." Vic adds a single word
of wisdom to that mantra, which is simply "ditto".
Even though Vic secretly has many personal secrets he can't/won't
share secretly, everyone knows the best thing about a secret is secretly
telling someone your secret, thereby secretly adding another secret to
their secret collection of secrets. Therefore he shall share the secrets
of keeping and sharing secrecy, without the use of traditional
cryptography. Freeware tools and live demos will not-secretly be included
in the presentation, and any audience members (who care to) can try to
crack the hidden contents/codes. Various "practical" uses for such
techniques will be provided, although Vic officially doesn't endorse or
condone the examples to be provided.


"The Evolution of Telephone Switching"
This mostly historical talk will go over the very basics of American
telephone switching and it's evolution, covering the basics of the
following: SXS, Panel, X-bar, and modern day switches. Sheduled to
include sound clips.


"Introduction to Human Natural Intelligence and a Cortical Primer"
This presentation will address the reasons why understanding of
cortical theory and human natural intelligence will be critical to
navigating the future AI powered computer industry and personal privacy
war. It will also serve as a very basic introduction to human natural
intelligence, touching on the subtlety and robustness of human natural
intelligence. Also included will be; demonstrations on concepts such as
change blindness and memory limitation, consciousness.s role in
intelligence, various parts of the brain and their theoretical role in
natural human intelligence, and current and future technological
application of current cortical understanding. Questions from the
audience will also be taken.


"Filesystem Forensics: Your hard drive has been siezed as evidence"
Demonstration on what is stored on the typical hard drive, how criminals
try to hide their precious data, and how it can be recovered by a skilled
computer forensics expert.


"Demystifying Data Using Visualization Techniques"
The goal of this talk is to introduce participants to the theory of
visualization and its use in realworld to visually analyze, explore,
discover, and compare within data. This talk discusses a number of
important issues in visualization with the help of a series of
descriptions, examples, and practical applications. The talk is directed
towards students and researchers who would like an overview of
visualization, and its applicability to different domains. No prior
knowledge in visualization is necessary.


"Enforcing The GPL"
This talk will cover past litigation for the GNU, General Public
License including the two German court cases as well as the ongoing SCO
case. The talk will also include some information on the legal
underpinnings for open source licenses within business.


I don't know what anyone else thinks, but that's a lot of content
for a cheap $20 admission (in my humble opinion).  I'm personally
looking forward to many of these presentations (except that "secrets"
thing, which is surely gonna suck, cough).

Peace,
Vic

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ