• Shreeraj Shah opened the day with a great talk on web apps security, from both attack and defense perspectives, demonstrating a lot of tools he wrote for pentesting. Note that cool trick to enemurate named vhosts on a particular IP: just ask MSN Search for "ip:<IP>". I especially appreciated his conclusion, stating that whatever firewall, reverse proxy, device, wonderbox you can put in front of your web app, its last and only reliable line of defense is its code quality. Thus, a badly coded app always be vulnerable.
  • Justin Clarke gave a very comprehensive description of automatic wab apps attacks, proposing tools for detecting and exploiting SQL injections (blind or not), XSS and a full bunch of other vulnerabilities. Very interesting.
  • Then Andy Davis had a presentation on Coldfusion security. Excellent talk that describes the alarming ColdFusion lack of security. It looked like talks that went on Oracle security 3 or 4 years ago...
  • Tim Hurman, obviously still blured by MS party, described ARM based devices security. He especially insisted on Windows Mobile and the ability for a malware to infect devices like PDA, PocketPC or SmartPhones. Had a sweet demo owning an iPaq using a BlueTooth vuln in vCal OBEX parsing. If Microsoft insists a lot on 2003 and Vista security theses days, Windows Mobile seems a bit forgotten...
  • Raffael Marty presented an original approach of events. He proposed few original ways of displaying a unique set of events, depending on what you may want to observe. I liked this presentation a lot. Good ideas behind and a tool to be tested, such his AfterGlow visualization tool.
  • Then came Michael Boman on Network Security Monitoring... I'm really puzzled. I've must have missed something really important in his talk as I really did not get his point. Presenting a tool, SGUIL, that looks like some enhanced frontend for Snort as revolutionnary and unique, I just can't even imagine how can a tool like this can really get a clue without any other information sources...
  • Jim DeLeskie and Danny McPherson gave a fast talking, super dense talk on Internet infrastructure protection, threat response and other things. It seemed really interesting, but too many things were described to me. I was quicly completly lost. I'll just wait for the hundred of slides to read them quietly.
  • Andrea Barisani made a wonderful talk out of Gentoo security incident triggered by a 0day. He described all the incident reponse process, from the compromisation detection to the final advisory. Enlighting.
  • We had then 3 Elevator Focus Groups, consisting in a company presenting its product in front of the assitance so it can be discussed. Pretty interesting.
  • Finally, the lightning talks closed the conference. Philippe presented a debugging shell in python, I had my captive portal bypassing demo perfectly working \o/ Van Hauser presented ne the new version of the THC Scan wardialer and its distributed architecture, based on masters and zombies, shared on a user credits system. Andrea showed us Ftester firewall testing suite. Someone showed us how to hide file in journalized filesystem, Ollie Whitehouse had a demo of Terminal Server sessions compromisation.

Thanks to Dragos and his team for this great conference. And by the way, my photos are online.