Defcon Roll Call!

[Fyodor <fyodor () insecure org>]

Hi folks!  The world's largest hacker conference starts next week and
I hope many Nmap developers and community members can make it to Las
Vegas!  This is the largest in-person Nmap meetup of the year, and
Dark Tangent is pulling out all the stops to make this 20th Defcon the
best ever.

So who is going?  Please let me know so I can invite you to the Friday
night developer dinner.  You don't need to be a committer--anyone
listed in the CHANGELOG (http://nmap.org/changelog.html) is eligible.

Also, it looks like we'll have the 1600-square-foot Nmap Party Suite
again this year!  But instead of having a late night party with
hundreds of people like last year, I'm leaning toward using it as a
daytime refuge on Friday and Saturday.  We'll stock it with beers and
sodas and snacks and folks can hang out while watching talks live on
the hotel CATV system.  That beats waiting in line downstairs at the
con only to get rejected at the door because the room is full.  Also,
it allows us to call BS on speakers without getting kicked out.

Of course Defcon isn't the only con in town.  Black Hat and BSidesLV
are right before it and are shaping up to be great too.

One slight disappointment is that there aren't many talks this year
which are directly Nmap related or are given by Nmap devs.  But there
are some:

- Thursday 11:00AM - 11:50 Track 1 - "Intro to Digital Forensics:
  Tools & Tactics" by Ripshy & Hackajar.  This is a basic skills class
  covering Nmap, Metasploit, etc.

- Friday 3:00 - 3:20 Turbo Talk Track - "Network Anti-Reconnaissance:
  Messing with Nmap Through Smoke and Mirrors" by Dan 'AltF4' Petro.
  I guess this is a response to my "Advanced Network Reconnaissance"
  talks (e.g. http://nmap.org/presentations/Shmoo06/).  Unfortunately
  this talk is short and is about deceiving Nmap than using it.

- Sunday 11:00 - 11:50 Track 3 - "Improving Web Vulnerability
  Scanning" by Dan Zulla.  I don't know if he covers Nmap, but it
  could be interesting considering all the work we've put into making
  Nmap better at web scanning lately.

- Sunday 12:00 - 12:50 Track 3 - "Post Metasploitation: Improving
  Accuracy and Efficiency in Post Exploitation Using the Metasploit
  Framework" by Egypt.  This is right after the web scanning talk.
  The Nmap relevance is that I think Egypt will show off the new
  Metasploit privilege escalation attack against SetUID Nmap.  Of
  course Nmap never installs SetUID and the manual has long warned
  people never to do that, and now it even prints a warning every time
  it runs if SetUID.  But some people still do it, and Metasploit is
  there to exploit them :).

Hopefully I'll get my act together next year in time to do another
advanced Nmap usage and research talk.

While the Nmap-related talks are rather sparse, there are many other
great talks on the schedule:
   http://defcon.org/html/defcon-20/dc-20-schedule.html

So again, if you're going to Defcon and want to be invited to stuff,
do let me know!  Please also send me your cell phone number for
coordination.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/