My favorites talks were:

  • Steve Lord and his Hour of Rap and Comedy about SAP have been very entertaining. An hilarious show on why SAP projects are doomed to death. Just sad he's been too long: many left before he even started technical stuff on SAP pentesting.
  • HD Moore on promising Metasploitation version 3. I can hardly wait for this release ;)
  • Loïc Duflot, from french DCSSI, exposed Security Issues related to Pentium System Management Mode. Basicly, abusing a nice processor feature through video RAM, one is able to enter priviledge mode despites any kernel level protection. OpenBSD was targeted as an example, demonstrating security levels bypass, but other Unix systems are vulnerable through X. Theo de Raadt asked a few question at the end, showing his deep concern on this issue and underlining the close work OpenBSD guys had with Loïc to mitigate the flaw.
  • Major Malfunction (aka Adam Laurie from Trifinite) and his Magstripe Madness. A pretty nice howto on magnetic stripes reading/duplicating/writing with plenty of nifty applications, such as hotel locks, debit cards or airport boarding passes.
  • Eric Byres and his crew on Security Testing SCADA and Control Systems. A good overview of SCADA systems and architectures, raising security issues. I liked their practical and pragmatic approach of the problem, balancing quality of service and security.

Some other talks raised some interest:

  • Christopher Abad on Advancements in Anonymous eAnnoyance, entertaining.
  • Julien Tinnes on Slipfest, very convincing on his first security talk ever.
  • Halvar Flake on Uninitialized Variables, out of my scope, but very clear and interesting, as usual.
  • Lisa Thalheim on Visualizing source code for auditing.
  • Fred Arbogast and Sascha Rommelfangen on Zen and the art of collecting and analyzing Malware.
  • Edward Balas and Michael Davis on Next Generation Sebek
  • Renaud Bidou on How to test an IPS

Some talks were replays from previous events, such as van Hauser on IPv6, Jim DeLeskie and Danny McPherson on infrastructure protection or Alex Stamos on web services security. The most curious of you still can find a pretty detailed talks description on nCircle Blog.

Finally, I had some time off after the conference, that let me take some time to go to Grouse Mountain for a night skiing session with Nico and Renaud and take a full week-end with CSW crowd at Whistler. Nico and I had a full day snowmobile run, reaching breathtaking places you cannot reach otherwise, and snowboarding with Martin, Fyodor and Victor. Big house, people around, food and booze, jacuzzi, great time.

Pictures on line :)