I recently attended TakeDownCon Dallas. This is a new security conference run by the same crew that created HackerHalted. Their stated goal is to keep the level rather technical with top notch speakers, but at the same kind keep a smaller, more intimate setting. I have to say they did a great job reaching that goal.
My colleague Josh Shaul and I had the privilege of opening with the first presentation of the event with The Anatomy of a Database Attack that featured some Oracle and DB2 hacking demos.
Right after, I got to learn a lot from Kevin Cardwell about going old school on exploits, beyond just using metasploit, etc. He also had another talk on day 2 about memory forensics, giving quite a bit of insight on finding malware in memory and how to collect that evidence. I was really impressed by Kevin’s detailed knowledge and great skills in presenting, making it easy to follow and understand his steps.
Just before lunch, TakeDownCon had its big news event, a SCADA talk was canceled with plenty of DHS rumors flying around, but as always it’s best to go straight to the source http://www.nsslabs.com/blog/2011/05/. Following the argument between Siemens and the security researchers as usual is quite disappointing – some big companies apparently still think marketing can fix vulnerabilities.
Francis Brown went deep into search engine hacking, one of my favorite topics and with SearchDiggity, he and his colleagues have created some great tools to help facilitate Google and Bing hacking.
There is some great collaboration in the anti-malware industry, Rodrigo Branco is running the ‘Dissect || PE project’ collecting information from various contributors and automatically analyzing it. This makes me wonder what we could do in the database security industry in order to collect information about database attacks and how to analyze and share it better protect data where it lives.
Of course, just collecting and analyzing malware isn’t enough, Zack Wolff showed some really great examples of how to identify malware in the wild using the log trails they are leaving behind.
I had a ton of fun at Joe McCray’s talk about Web Shells, getting shell access by breaking through the web app. I’m sure to try out some of his stuff soon. In the spirit of TeamSHATTER’s higher ed research he did some live SQL Injection and XSS attacks on some unnamed Ivy League websites. Did I mention he is funny as hell, and not just because he was drinking on stage?
The second day was split in two tracks, Attack Zone and Defense Sector. Sitting in the first track makes you want to just unplug your computer from the intertubes for good. But we can’t unplug the Smart Grid, can we? I see huge challenges and opportunities for the security industry in that sector.
One of the last presentations just before I had to head to the airport was a detailed analysis of how data flows through the hypervisor in VMware and similar environments. No known attacks exist that really take advantage of this yet, but it really makes me wonder about the security of the cloud. There is a lot of data flowing around without any tools yet to monitor that data yet. Hmmmm.
In the end I had a lot of fun, met lots of great people and will try to make it back next year.