Ma petite parcelle d'Internet...

econ 2006 final speakers list is now official. Recon is a 3 days reverse engineering (RCE) focused conference that's held in Montreal, QC, Canada, 16th to 18th of June 2006, at Plaza Hotel Centre-Ville on Sherbrooke. For thoses who may want a real deep insight, trainings are also proposed, before and after the event.

I'm glad Fabrice and Kostya's Vanilla Skype talk on Skype internals was selected. Along with Philippe, they achieved an amazing job and will show much more than their already juicy Silver Needle in the Skype talk at Black Hat Europe last February.

Lire la suite...

ansecwest/core06 is now over. As usual, it's been dense, with no less than 22 talks, one discussion panel and one lightning talks session. The conference has also been a excellent pretext for people to meet and discuss, and finally grow their network, during breaks, lunches and various nightly social events, not to mention after-con meeting in Whistler. Ah, and special mention to Marty's lousy tee-shirt.

Cansec being more of a rendez-vous than a real security event ? Hummm, no. It's really both of them...

Lire la suite...

few of you have asked, so here I am, still alive. I'm just a bit far away, in Vancouver, Canada, for Cansecwest/core06, where, as advertised before, I was giving a wireless security training, aka dojo, in complete Aikido outfit, monday morning.

And the least I could say is I've been (and my students as well as a matter of fact) a pretty decent victim of Murphy's effect that day... To begin with, our wireless adapter supplier was low, so we couldn't get them. I had to find some spare ones around. Then I was told my dojo would take place on tuesday and finally learn, at 9:55 monday morning, that students were waiting for me. Jeeze ! I was planing to finalize everything on monday, especially practice exercices testing and validation. Well, let's go anyway with 90% ready slides, I can cope with that. I could start the show around 10:30. And everything went perfectly until we moved to practice...

Lire la suite...

y 802.11 security training, aka Practical WiFi (in)Security Masters Dojo, will be given at Cansecwest/core06 in Vancouver, CA. There will be two sessions, on April 3rd and 4th, for this practicial, hands-on, pentesting oriented training course. You will learn WEP cracking deep fundations and improvements, network abuse with traffic injection, captive portal bypass, and then go back home with a nifty high power Atheros based cardbus adapter with external antenna connector.

If you're willing to attend, there's few seats left so you still can register. See http://cansecwest.com/dojowifi.html for more information.

usecwest/core06 is now closed. It's been a very good conference, top of the list. Rendez-vous is taken for next year, targetting an even better event. Here's my thoughts for today's talks...

Lire la suite...

usecwest/core06 being the first european opus for Cansecwest/Pacsec organizers, everything went surprisingly smoothly. Good reception, good food (what can almost be considered as an achievement in UK) and, most importantly, nice presentations. Here's the first day talks.

Lire la suite...

e're on the middle of Eusecwest/core06. After dojos, we'll have two days of conference starting on monday with very appealling talks.

I'm currently preparing a lightning talk for tuesday. I'm planing to have a fully working demonstration of NoCatSplash bypass, usurpating an authorized client. I've shown this before, but there was always something wrong and it was not really complete. If everything goes as planed, I will try to spot and fix that small bug that is preventing me from demonstrate this will station isolation activated. I'll then have 10 mn to perform that properly and smoothly. Hope Murphy will feel like not bothering me on this one.

ended my last post on SecureCon at Chris talk on heap overflows, thursday morning. The presentation was very technical, maybe too much for me, but the results are definitly very interesting, especially the part on working around XP SP2 and 2003 SP1 protections.

After lunch, we had a very good talk detailing lawful interceptions from both legal and technical point of vues. Then came MacOSX security, in which I'm not very interested at the time. Sorry :) Finally, I closed thursday session with a talk on WiFi traffic injection. Being the last one, I had the opportunity to go beyond the expected deadline, speaking for nearly one hour and a half, and the audience stayed for the whole talk and demos. \o/

Friday started with two short sponsors presentations, and a longer talk on identity driven networks by a guy from another sponsor. I must have missed something important because I couldn't grab his point, probably lost by a whole bunch of buzz words. The Wietse had a wonderful talk about Postfix MTA. This guy is very nice and all the more impressive, it was a real pleasure and honor for me to meet him. The last morning presentation was about hardening Apache configuration.

The afternoon was targeted upon copyright, with two excellent talks on DRM and Kazaa trial in Australia. Then came a panel discussion on DRM. One very good point was that question on the fact that DRM does not allow (yet ?) copyrighted stuff to fall in public domain for their protection don't expire in time, thus breaking most laws on copyright.

In the end, SecureCon 2006 was an excellent conference, and a success as more than 300 attendees registred. Photos are now online.