The Social-Engineer Toolkit v0.4 (SET) Codename “Pink Pirate” will be released at the firetalk exclusively on BackTrack 4. SET is a security professionals most valuable tool when it comes to social engineering attacks and incorporates some heavily advanced and complicated attacks. The new version is one of the biggest releases yet and incorporate new methods for attacking the clients and some super top secret stuff being released during the talk.
SHODAN is a computer search engine. But is is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.
This talk compares information security and health epidemics such as HIV/AIDS. I’ll discuss critical behavior changes which have reduced HIV/AIDS in some countries and what information security can learn from the same approach.
Ever wanted to screw with those that screw with you? Honeypots might be ok for research, but they don't allow you to have fun at an attacker's expense the same way funnypot and skiddy baiting does. In this talk I'll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Some of the topics to be covered are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive, Robots.txt trolling, And more…
There are number of methods for fingerprinting a user’s browser. Most of the commonly employed methods are poor at best and can be spoofed. I believe that a another approach is needed. Using mod_security and standard deviation to detect rendering engine nuances for accurate browser and patch level detection server-side. When using JavaScript, header analysis and CSS implementations are not enough.
Ever wish you could carry around your favorite pen-testing distribution on a cd, or a usb stick? Tried popular offerings but feeling like they pander to a different segment? Come hear about Pentoo. At Pentoo we pander to experienced linux users who are more likely to use their gpu for cracking passwords than “teh cubez” and fancy window makers. Come see what all the fuss it about.
Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie
Everyone of us has busy periods or just too many things todo. You start sleeping less and drinking loads of coffee. Both of which are not good for your health. This talk will talk about why our body and mind actually need sleep and how you can hack it. We will discuss some methods on how to enable yourself to stay awake for 20 hours a day without turning into a zombie (and without the use of drugs).
Considering a majority of PCI related presentations focus on the “benefit” and “increase” to “security” are delivered by consultants and vendors whose sole agenda is their financial benefit in implementing PCI-DSS, the failures and their root causes within the lesser known Payment Application Data Security Standard (PA-DSS) will be explored.
Printable version of this article