*UPDATE*
Just wanted to let everyone know that I managed to throw $40.00 towards HFC, it wasn't much but I had forgotten PayPal fees and exchange rate (which is close to par but still affects $2k). Thanks again everyone!
I just wanted to let everyone know that I've reached my goal to cover my bandwidth costs. I want to thank the individuals who donated, it was definitely appreciated. I also want to thank SecurityCompass for making a donation. Additionally, I need to extend a big thank you to my employer. This is my personal blog and when I started with nCircle I pointed out that I blogged here and wouldn't stop. Even though we have our corporate blog, they were happy to allow me to bounce back and forth between the two rather than push me to blog only on blog.nCircle.com. So even though this blog is all mine, nCircle stepped up and offered me an advertising contract, featuring their logo and link on my website and in exchange they offered up cash to cover the remainder (total less donations) of my hosting fees, and in the end I believe I'm coming out slightly ahead, so I'm hoping to pass some money towards HFC (more on that once my 1and1 bill is actually paid). So once again thank you to everyone. You'll now see nCircle's logo on the page, and in the near future (once my transfer volume is straightened out) DVL will return with a nCircle sponsored download page.
Hey All,
I wanted to do a brief repost over here to direct everyone to the 5-part non-technical blog series that I did on cons (for the most part) and con experiences. This was my contribution to blogging following Blackhat / DEFCON.
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
- Why the Social Aspect of Cons is Important
- What Can Be Done to Improve the Cons.
Enjoy!
Hey Everyone,
So Blackhat/Defcon is behind us... Instead of blogging about the talks, I've taken a different approach and I've been doing some non-technical blogging. In the end it will be a 5-part series, but the first three are already up.
They are:
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
The last two will most likely appear early next week.
Also, now that Blackhat/ DEFCON are over... What's next? As far as I know the next Con I'll be attending is SecTor. Last year was the first SecTor and I had the opportunity to attend. SecTor will actually make it's way into my upcoming blog series (from above) on the VERT Blog. That being said, I wanted to remind people that it's coming up, after all... it's held in Toronto and I live in Toronto, so the more people that attend, the more people I get to meet.
For anyone who didn't get a chance to visit SecTor last year and is curious about the quality / style of the talks, I tried to write-up everything that I saw.
Of course, these are biased because they're all my opinion, but I do recommend the Con for anyone that can make it up this way. Let me know if you'll be coming up and we'll make arrangements to get together for a beer.
Well, I'm leaving shortly for Blackhat and Defcon. For half the time at Blackhat I'll be working the nCircle booth, feel free to say 'Hey'. Look me up while you're there, or message / email me and I'll pass along my cell so that we can text. I'll also be updating twitter as much as I can and blogging when I can.
This is my first time heading down to Vegas so I'm looking forward to having quite a bit of fun.
SecTor Day #2
Speakers: Ryan Poppa and Jay Graver
Presentation (pdf)
Download Audio (with Slide Deck) (wmv)
This was the final talk that I attended prior to the wrap up. I already knew what to expect for the most part, since Ryan and Jay are colleagues at nCircle.
The hour long presentation started with 30 minutes of background presented by Jay. The discussion itself focused around network fingerprinting (detecting versions of operating systems and listening services over a network) and, more specifically, HTTP server fingerprinting. The background included a comparison of currently available tools and included nmap, amap and httprint. Jay looked at the results of these tools against modern servers... first while displaying their standard banners and then using obfuscated banners. When faced with obfuscated banners the tools didn't fare so well.
The second half of the presentation, presented by Ryan, included what was really the "meat" of the presentation... the discussion of a new tool, httpfp [link coming as soon as the tool is released], which uses a new approach to fingerprinting. Ryan pointed out numerous aspects of a HTTP Server response that can be used to determine the type of software that the server is running, even if banner obfuscation is being used. Some of the included identification points were:
- Case of the Content-Length header (Content-Length/Content-length/content-length)
- The existence of Public or Allow headers
- The order of the options presented in the Public/Allow header
The concept is definitely cool and I'm really looking forward to see what advancements and improvements will be made in the future. It was also a great way to round-up the conference.
[Updated Links]
Categories: IT, Reviews, Security Tags: conference, fingerprint, fingerprinting, http, jay graver, modern, nCircle, review, ryan poppa, sector, Security, toronto, trends