Random ...
 
October 2017
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Tags ...
Links



Linux++:::: Hackinthebox: Day 3 + 4
Posted at 29.Sep,2005 21:50  Comments 2 / Trackbacks 0 / Like this post!
Technorati tag(s):

The final two days, where we were given options to choose between the Business Track and the Technical Track. I went to the Tecnical track only.

The ie guys, tony and Rob (?), were cool. They presented ie7, and how they think it'll help normal everyday users. We were also presented with the unofficial unveiling of Windows Vista (previously Longhorn). Some of the things that the ie team are doing; defaults are off. No matter what features, the defaults are off. That is good. So now if the windows box got broken, it's the users faults :P

Their anti phishing is also cool. They are taking community feedback and have the database for free (?). But only for ie. Somebody questioned whether they'll share it, but they gave a politically correct answer (they need to beef up infrastructure, yadda, yadda)

Roelof from Senseport presented tools he used to check out web sites. The tools are wikto, an app that uses nikto's database, but is much more clever; since it knows the difference between real 404s, 302s and fake/friendly ones. He also showed e-or and crowbar. e-or is an app that can be used to capture the state of the web requests, with snapshots, that can be replayed later. Way cool. He also showed his nessus nasl (that tackles friendly 404s) and said he'd tell a story about it, but I think he forgot. So, any body who knows, do tell!

The Grugq presentation was way cool and funny. He's a guy who talk straight, no bullshit or anything. He showed how we can hijack VoIP sessions, and much much more. The cool thing is he did the demo using python (ipython). Wayy cool. A hacker who's also a pythonista.

The f-secure key note on the fourth day is about mobile virus. He showed f-secure Fin office, and it's pretty much like a lab handling dangerous virus, very much like the CDC! No kidding.

And they use python too. They use it to generate the signature, very much like dna, in 3D. I think he mentioned blender. Think of the movies, where we can see the signature on the screen.

Then, it was Dr Jose's turn. He talks about differentiating data, or having a fuzzy logic to determine that an object is similar; for example, viagra and v1@gra. And guess what, he uses python too. I'll be searching for libdistance 0.2.1 that have python binding. He did the python binding yesterday, and demoed it.

CTF, was .. I dunno, interesting? Not much that can be done but stand there, craning your neck trying to see what the guys were doing :P. This CTF has two gals in two teams. Unexpected?

I got Phrack 63 autographed by Jim and the Grugq. And tried Zone-h's hacking challenge, but only managed to get to level 2. Got a CD for that!

All in all, a great outing, and I'd try to attend next year. Didn't get to catch Amy Goh, but say hey to her if you guys know/meet her.

Didn't get to see all from myoss and mypenguin99, but hey, there's always the mailing list and irc :))


Bookmark and Share

Is this entry helpful? Comments/Donate/Click some google ads.  
Trackback is http://myzope.kedai.com.my/blogs/kedai/48/tbping 

Comments
Re: Hackinthebox: Day 3 + 4

new libdistance and flowgrep are up. libdistance 0.2.1 is the one that has the python bindings i wrote in KL for HITB. some bugs remain but i'm pretty happy with them. flowgrep 0.9 is up, too, which marries in preliminary libdistance support. on my website under software ...

jose  at 11.Oct,2005 09:35
Re: Hackinthebox: Day 3 + 4

cool. was searching for it yesterday and only saw 0.2.0 up.

thanks!

kedai  at 11.Oct,2005 15:43
Post a comment