tssci security

ToorCon 9 - Day 0 and 1

This weekend I was in San Diego, California for ToorCon 9 and had an absolute blast. On Friday, I had checked out the USS Midway Aircraft Carrier Museum and enjoyed listening to veterans recount fascinating experiences on the ship during the war. I took the morning to "experience" the city, something I have tried doing while attending conferences. It sucks to travel to various cities around the country and not getting the chance to visit local landmarks and famous sites.

While I was out and about around the city, Dre was doing his seminar talk on Continuous Prevention Testing. Stay tuned for an upcoming blog post from Dre soon that goes over the main points of his talk. I was lucky enough to catch Charlie Miller's seminar talk on Real World Fuzzing. It was a great presentation, and since fuzzing is still new to me, I was able to see the why, what and how aspects of it. There was a lot of talk about code coverage with fuzzing and is interesting given the recent web application scanner code coverage review done by Larry Suto which reported NTOSpider as being best because it can crawl more links in default mode. Dre will have also have some more commentary about Charlie's talk and Larry Suto's review as well.

On Saturday, I went to Jason Medeiros' talk, "The Last Stand: 100% Automatic 0day, Achieved, Explained, and Demonstrated." Jason wrote a tool that is a debugger, heap analyzer, fuzzer all in one that automagically generates a C exploit. It was pretty awesome; I think he wrote over 80,000 lines of code and spent an entire year doing it. A couple people are skeptical about his demo though, stating it could have been taylored with his demo application.

Afterwards, several of us went out to eat for seafood and sushi. I tried sushi for the first time and well.. now I know I definitely do not like it. LOL. Thanks Erich for letting me try some. Following dinner, we went to the Microsoft sponsored party at Olé Madrid down on Gaslamp, which was pretty good. Pretty much everyone in security was there, and then again at the ninja party.

That's it for Friday and Saturday... next blog post from me will cover Sunday's talks.

Update 10/26: Toorcon 9 - Day 2 has been posted

Posted by Marcin on Monday, October 22, 2007 in Conferences, Hacking, People and Security.

blog comments powered by Disqus
blog comments powered by Disqus