Full Disclosure mailing list archives
CarolinaCon presentation drafts
From: Vic Vandal <vvandal () well com>
Date: Tue, 13 Mar 2007 14:35:07 -0700 (PDT)
H@x0rs, phr34kz, g33k5, InfoSec pros, and "not" you feds/cops (heh), CarolinaCon-2007 is April 20th-22nd. Check out the carolinacon.org site for more details. Here's a sample of what's on tap currently, as far as pure talks go (in no particular order whatsoever). Also these abstracts are really rough, as clearly evidenced in places. I'll be firing our secretary and technical writer as soon as we hire one or both (cough). I can only be directly blamed for how 1-2 of these look. I can be blamed if the formatting on this post is all screwed up, as I'm lazily cutting and pasting text from the site HTML (which I did not code up, and which seems to have been cut and pasted from phpBB forum posts). And without further delay or disclaimers... "Examining The On-line Black Market" Computer attackers no longer need to rely on their abilities, as malware and automated tools quickly and efficiently perform attacks for them. Individuals can buy access to sophisticated malware, including bots, Trojans, and worms via markets run in publicly accessible web forums centered primarily out of Eastern Europe and Russia. These forums also operate black markets where individuals can sell the data they illegally obtain for a profit. Since these markets are dynamic and often written in foreign languages, it is not fully understood how these markets operate. Using a sample of publicly accessible web forums that traffic in malware and personal information, this talk will explore the current state of the on-line black market. The data are used to understand the quantity and type of data being traded and sold, and identify the dynamics of sellers and buyers in these markets. This talk should benefit anyone with an interest in computer security or hacking by detailing the methods and tactics of malware writers and data thieves, as well as upcoming malware threats. "Intro to Electronic Circuits and Circuit Elements" This presentation is slated to encompass a wide variety of simple electronic circuit elements and how to assemble them into working circuits. The elements that would be examined in the presentation would include power sources, resistors, diodes, Timer ICs, Op-Amps, and testing equipment. I will cover how to use the equipment and also include an introduction to soldering the circuit elements onto mounting boards. I would go over how to assemble or purchase all of the components to build the circuits and test them. To conclude I would demonstrate a few simple circuits and how to build them at home along with where to purchase or obtain the components. "FreeBSD Jails 101" Talk starts out with an overview of chroot (Cool and chroot(2) and why they are ultimately not acceptable to isolate processes from each other. Move into jail(Cool and jail(2) and how they work and can properly isolate processes. Finish by explaining the relationship between virtualization and jails and some things to keep in mind when using jails. I will also have a machine with a few jails up and running to illustrate some of the points in my talk. "Building and Maintaining a Community Hacker Lab" This panel discussion will cover the major hurdles to be made in creating and maintaining a hacker lab for your local group or club. The esteemed panel of current CCG lab scientists will discuss lessons learned in the pursuit of obtaining and maintaining a hacker lab for the NC2600 community. The CCG lab is currently in operation, and is a non-profit research laboratory dedicated to creating innovations in the fields of computer security and software development. Its inspirations lie in places like the infamous l0pht and less-known but still l33t NOLAB. By striving for technical skills development and by using knowledge-sharing, the goal of the CCG lab is for computer security-minded persons to explore and learn in a heterogeneous networked environment. Major panel topics to be covered include; funding, finding an appropriate location, physical/network access control, network design, projects, membership/participation, and obtaining hardware/software. Questions from the audience are also encouraged, as the panel and sponsoring non-profit hopes to inspire other groups to build their own labs. "How to 0wn Capture the Flag" This presentation will cover the knowledge needed to setup, run, and win a capture the flag game. The setup portion of the presentation will cover how the scoring application works and the details of setting up the hardware. Advanced topics such as using a Honeywall to log attacks that happen during the game will be touched on as well. After an explanation of the inner workings of how the game works an open discussion of tips and tricks on how to bend the rules without breaking them will follow. A prize will be awarded to the person who has the best tip as voted on by the attendees, so bring your best hack. "Keeping Secret Secrets Secret and Sharing Secret Secrets Secretly" Secrecy is the practice of hiding information from others, yet often involves sharing that same information with a select individual or group. That which is kept hidden is known as the secret. Secrecy is often controversial. Excessive secrecy is often cited as a source of much human conflict. Some 2,500 years ago Sophocles wrote, "Do nothing secretly; for time sees and hears all things, and discloses all." Vic adds a single word of wisdom to that mantra, which is simply "ditto". Even though Vic secretly has many personal secrets he can't/won't share secretly, everyone knows the best thing about a secret is secretly telling someone your secret, thereby secretly adding another secret to their secret collection of secrets. Therefore he shall share the secrets of keeping and sharing secrecy, without the use of traditional cryptography. Freeware tools and live demos will not-secretly be included in the presentation, and any audience members (who care to) can try to crack the hidden contents/codes. Various "practical" uses for such techniques will be provided, although Vic officially doesn't endorse or condone the examples to be provided. "The Evolution of Telephone Switching" This mostly historical talk will go over the very basics of American telephone switching and it's evolution, covering the basics of the following: SXS, Panel, X-bar, and modern day switches. Sheduled to include sound clips. "Introduction to Human Natural Intelligence and a Cortical Primer" This presentation will address the reasons why understanding of cortical theory and human natural intelligence will be critical to navigating the future AI powered computer industry and personal privacy war. It will also serve as a very basic introduction to human natural intelligence, touching on the subtlety and robustness of human natural intelligence. Also included will be; demonstrations on concepts such as change blindness and memory limitation, consciousness.s role in intelligence, various parts of the brain and their theoretical role in natural human intelligence, and current and future technological application of current cortical understanding. Questions from the audience will also be taken. "Filesystem Forensics: Your hard drive has been siezed as evidence" Demonstration on what is stored on the typical hard drive, how criminals try to hide their precious data, and how it can be recovered by a skilled computer forensics expert. "Demystifying Data Using Visualization Techniques" The goal of this talk is to introduce participants to the theory of visualization and its use in realworld to visually analyze, explore, discover, and compare within data. This talk discusses a number of important issues in visualization with the help of a series of descriptions, examples, and practical applications. The talk is directed towards students and researchers who would like an overview of visualization, and its applicability to different domains. No prior knowledge in visualization is necessary. "Enforcing The GPL" This talk will cover past litigation for the GNU, General Public License including the two German court cases as well as the ongoing SCO case. The talk will also include some information on the legal underpinnings for open source licenses within business. I don't know what anyone else thinks, but that's a lot of content for a cheap $20 admission (in my humble opinion). I'm personally looking forward to many of these presentations (except that "secrets" thing, which is surely gonna suck, cough). Peace, Vic _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CarolinaCon presentation drafts Vic Vandal (Mar 13)