by Ed Skoudis
This morning, I had the honor of presenting at DerbyCon. My talk focused on the ability to cause physical impact through hacking computers and networks. I call it "Kinetic Pwnage". The slides are available below, and the talk touches on several themes of the recent work my team and I have focused on, including CyberCity, a miniature city with a real power grid and other computer controlled components used to build capabilities of cyber warriors.
By the way, right after the talk, lotsa people asked me how they could do CyberCity missions. If you are interested in participating in CyberCity missions hands-on, we'll be running our first ever CyberCity missions at a public conference event during the SANS Pen Test Hackfest Summit & Training event, in Washington DC on November 7-14. If you take a full six-day class there, you can join us for one whole evening of CyberCity missions hands-on, plus four evenings devoted to NetWars. Oh,
By Ed Skoudis
Below are the slides for my talk called "The Bad Guys Are Winning, So Now What?" It's my most requested talk ever.
In my job, I write two or three new presentations per year, and deliver each of them two or three times at various conferences before retiring the talk and moving onto another topic. My butterfly attention span doesn't let me stay on a particular topic for longer than that. In the past year, I've written talks titled "Please Keep Your Brain Juice Off My Enigma" (Debuted at SANS in Sept 2012 and posted here), "Unleashing the Dogs of Cyber War" (Debuted at BruCON in Sept 2012), and "Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World" (Debuted at SOURCE Boston in April 2013 a week and a half ago).
But, of all the talks I've ever written, there is one that I get more requests for than ever: my talk titled "The Bad Guys Are Winning, So Now What". I originally wrote the talk a couple of years ago, and have
[Editor's Note: Last Friday, Josh Wright did an awesome webcast on how penetration testers can extract sensitive information from mobile devices during an ethical hacking project, simulating what could happen if a bad guy snags a device and uses it to gather info to attack an organization. Josh provides some commentary as well as his slides below. These slides are a sampling of Josh's brand-new 575 course on Mobile Device Security and Ethical Hacking. I have to say -- the new course is completely amazing! It gives folks the knowledge they need to help protect their organizations against the onslaught of new mobile devices popping up everywhere -- iPhones, iPads, Android devices, RIM Blackberries, and Windows Phone are all covered. The course is selling out wherever SANS offers it, usually a month or two in advance. Course details are available
[Editor's Note: Tim "My Shell Makes Your Shell Cry Like a Little Baby" Medin did a presentation at SANS Orlando called "PowerShell for Pen Testers". It's really good. It starts out with an overview of PowerShell for the uninitiated, and then quickly jumps to some really effective use cases of PowerShell for penetration testers and ethical hackers. Wanna know how to do a port scan, ping sweep, and file transfer, using only PowerShell with no extra installs? Tim covers it. He also provides tips for post-exploitation on Windows boxes, and goes further by addressing PowerCLI for VMware as well as some tricks for Exchange servers. He's even sprinkled in some tips and techniques that are useful in incident handling and digital forensics. Well played, Jake! --Ed.]
By Tim Medin
By Ed Skoudis
Last night, I presented a new talk at a keynote session for the SANS Cyber Defense Initiative conference. My goodness, was I excited, as the topic is something that has been very near and dear to my heart for the past 15 years. The talk was all about how info sec professionals can use challenges to develop their skills and careers, including Capture the Flag games, as well as a whole bunch of other challenge types. We touched on topics such as gamification, challenge designs, and a sampling of some really great free challenges available to everyone on the Internet. Here is a slide from the talk discussing some of the stuff we're thinking about and working on at Counter Hack Challenges: