Sep 27 2008
ToorCon Day 1 roundup
Today was a good day for ToorCon, registration was easy, the talks where good overall.
The KeyNote
One thing about the keynote; if I have to hear about that dam DNS vulnerability again I think I am going to be sick. For those of you who have not heard it, the talk is not that bad. He does cover allot of impacts from this vulnerability which for those of you who have not patched your systems should scare you into patching it.
Loaded Dice: SSH Key Exchange & the OpenSSL PRNG Vuln – Ben Feinstein
This talk gave a good overview on the Debian SSH OpenSSL vulnerability and tools used in exploiting it.
Advanced SQL Injection – Joseph McCray
This by far was my favorite talk. The speaker was excellent and had a great way of interacting with the audience. The topic covered the basic forms of SQL Injection and ways to exploit them. There was discussion on ways to evade IP(d)S and different ways to get past errors in your SQL code placed in the URL.
One XSS To Rule The Enterprise – Grutz
This speak was very interesting and I thought that this use of XSS was very out of the box. Being able to grab credentials for internal domains, etc..
