Thursday, January 27, 2011

Shmoocon or Bust

What would you do to get to Shmoo?

Woke up at 4:00 AM                  
2.5 hours shovelling snow
1 hour to get to train station
1 hour on local commuter rail to BOS
2 minutes to find my train to PVD cancelled
1 hour on on first commuter rail to PVD
Finding my 12:50 train to DC only five minutes late = priceless

In about four hours I will be at Shmoocon and it will to be Epic. This years schedule contains a lot of fresh blood and new faces (which is not a bad thing IMHO). The schedule is so packed with goodness, that I am going to have to make some tough decisions on which sessions to attend. In addition, the after hours action is packed full of awesomesauce. There is the return of Firetalks on both Friday and Saturday evening, Podcasters meetup (including free booze), Jason Scott is previewing his new documentary called Get Lamp on Saturday evening (first computer program I wrote was a text based Adventure game on my TI99-4A), and of course there are the parties and meet-ups that will certainly include scotch and cigars.

On Friday we begin with, Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP with Andrew Gavin. Leveraging enterprise defense products = sexy in my book. Following that there are several cool sessions including a long awaited update from Johnny Long (who is back in the states for the con), and keynote by Peiter "Mudge" Zatko of DARPA.

On Saturday, I am hoping that Jon Oberheide and Zach Lanier has the cure for my much anticipated hangover with their talk; TEAM JOCH vs. Android: The Ultimate Showdown which will highlight their work on subverting the Android OS. I plan to follow-up with Hard Drive Paperweight: Recovery from a Seized Motor! being delivered by Scott Moulton. Scott is a super smart dude who never disappoints. I am guaranteed to learn something there.

Printers Gone Wild! with Ben Smith is in the next slot. Next I need to make some of those tough decisions I mentioned earlier. There is Attacking 3G and 4G mobile telecommunications networks with Enno Rey & Daniel Mende and An Evite from Surbo? Probably an invitation for trouble with Trent Lo aka "Surbo" from i-hacked.comhttp://www.i-hacked.com/. There is no doubt that mobile tech has definetly come of age and consequently will become a target but Trent is also a smart, entertaining dude. Then in at 16:00 there is Defeating mTANs for profit with Axelle Apvrille and Kyle Yang (mTAN = one-time bank password by SMS) and G W Ray Davidson's talk on designing a network for a conferance entitled ShmooCon Labs Goes To College. Both decisions will most likely be down to the wire. On Sunday, the talk that seems to be on averyone's agenda is Georgia Weidman's Transparent Botnet Control for Smartphones Over SMS in which she will release POC for a sms controlled botnet.

Total estimated time to get to the con = 15 hours (and worth it). See you in a few hours Shmoocon

Friday, January 14, 2011

NAISG: Leveraging NTFS Master File Table Timeline Forensics in the Analysis of Malware

What is in your incident response kit?

Next week I am delivering a talk at the Boston Chapter of National Information Security Group (NAISG) on Thursday January 20, 2011. I will be speaking on the use of NTFS Master File Table Timeline Forensics in the Analysis of Malware. The meeting and talk is open to everyone and more information can be found here. If you are in the Boston area come down and check it out. NAISG will post the talk and slides at a later date and I will make sure I link back to it here.

Updated: February 1, 2011

NAISG has posted the video for my presentation here. The slide deck can be found on Slideshare here. I also wanted to say thank you to NAISG Boston chapter for having me. It was a blast!