Hey All,
I wanted to do a brief repost over here to direct everyone to the 5-part non-technical blog series that I did on cons (for the most part) and con experiences. This was my contribution to blogging following Blackhat / DEFCON.
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
- Why the Social Aspect of Cons is Important
- What Can Be Done to Improve the Cons.
Enjoy!
Hey Everyone,
So Blackhat/Defcon is behind us... Instead of blogging about the talks, I've taken a different approach and I've been doing some non-technical blogging. In the end it will be a 5-part series, but the first three are already up.
They are:
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
The last two will most likely appear early next week.
Also, now that Blackhat/ DEFCON are over... What's next? As far as I know the next Con I'll be attending is SecTor. Last year was the first SecTor and I had the opportunity to attend. SecTor will actually make it's way into my upcoming blog series (from above) on the VERT Blog. That being said, I wanted to remind people that it's coming up, after all... it's held in Toronto and I live in Toronto, so the more people that attend, the more people I get to meet.
For anyone who didn't get a chance to visit SecTor last year and is curious about the quality / style of the talks, I tried to write-up everything that I saw.
Of course, these are biased because they're all my opinion, but I do recommend the Con for anyone that can make it up this way. Let me know if you'll be coming up and we'll make arrangements to get together for a beer.
Well, I'm leaving shortly for Blackhat and Defcon. For half the time at Blackhat I'll be working the nCircle booth, feel free to say 'Hey'. Look me up while you're there, or message / email me and I'll pass along my cell so that we can text. I'll also be updating twitter as much as I can and blogging when I can.
This is my first time heading down to Vegas so I'm looking forward to having quite a bit of fun.
SecTor Day #2
Speakers: Ryan Poppa and Jay Graver
Presentation (pdf)
Download Audio (with Slide Deck) (wmv)
This was the final talk that I attended prior to the wrap up. I already knew what to expect for the most part, since Ryan and Jay are colleagues at nCircle.
The hour long presentation started with 30 minutes of background presented by Jay. The discussion itself focused around network fingerprinting (detecting versions of operating systems and listening services over a network) and, more specifically, HTTP server fingerprinting. The background included a comparison of currently available tools and included nmap, amap and httprint. Jay looked at the results of these tools against modern servers... first while displaying their standard banners and then using obfuscated banners. When faced with obfuscated banners the tools didn't fare so well.
The second half of the presentation, presented by Ryan, included what was really the "meat" of the presentation... the discussion of a new tool, httpfp [link coming as soon as the tool is released], which uses a new approach to fingerprinting. Ryan pointed out numerous aspects of a HTTP Server response that can be used to determine the type of software that the server is running, even if banner obfuscation is being used. Some of the included identification points were:
- Case of the Content-Length header (Content-Length/Content-length/content-length)
- The existence of Public or Allow headers
- The order of the options presented in the Public/Allow header
The concept is definitely cool and I'm really looking forward to see what advancements and improvements will be made in the future. It was also a great way to round-up the conference.
[Updated Links]
Categories: IT, Reviews, Security Tags: conference, fingerprint, fingerprinting, http, jay graver, modern, nCircle, review, ryan poppa, sector, Security, toronto, trends