Well, sadly the time seemed to fly by and last week's conference ended more quickly than I would have liked. I didn't have the time to stay in Vegas and attend the DEFCON conference either. Even though I really wanted to see Christopher Tarnovsky demonstrate smartcard/microcontroller fault induction in person, I decided to attend briefings that greatly complemented the briefings that I attended previously. Particularly, I enjoyed Felix Lindners ("FX") briefing entitled “Developments in Cisco IOS Forensics”, which actually did a lot to ease my previous fears that the defensive side of the arms race for Cisco IOS was being left behind.
Felix began his talk by explaining the impact of successful exploitation of Cisco IOS vulnerabilities, providing some details about Cisco IOS internals, and then...
The first day of the Black Hat conference briefings came to an end and in retrospect, it was far from bland. From Professor Angell’s esoteric keynote speech touching on how the combination of computers and human activity systems can spawn systemic risk, to a Palace 1 conference room packed wall-to-wall with eager ears ready to listen to Dan Kaminsky deliver his briefing for DNS titled “DNS Goodness.”
In fact, the room was packed so much that an organizer dryly announced over the PA system: “Speakers in parallel talks, you can’t skip your talks even though nobody is going to be there.” It was a good briefing, but it was two other entirely separate briefings that stole the show for me, by a huge margin actually. Neither of these briefings received an abnormal amount of limelight, but both of them involved appliances that are very commonly used in inter- and intra-network infrastructure. The briefings “Cisco IOS Shellcodes and Backdoors” by Gyan Chawdhary and Varun Uppal...
