A fresh new look into Information Gathering v2

Here is the new version of my presentation "A fresh new look into Information Gathering v2" that i presented at FIST Conference Barcelona one week ago. It's a overview of some new sources and mostly based on Metadata and Metagoofil V2 (coming soon)

If you have some new source or technique that want to share, you are welcome :)

Download here

Enjoy

-CMM

SOURCE BOSTON experience

I recently came back from Boston were i attended to the SOURCE Conference Boston.

It was really a good conference, an excellent speaker line up, and a great environment to do networking and meet new people from the industry.

The conference had a great balance between technical talks and business talks, addressing all the needs of a security professional.

The conference started with an excellent speech by Peter Kuper, who gave his vision about the security market in these turbulent times. (speech transcript here).

Then during the conference, i attended the followings talks:

How Microsoft fixes security Vulnerabilities, interesting insight about what happens behind the courtain of a security update.

Politically Motivated Denial of Service Attacks, Jose Nazario.

Mac OS Xploitation, Dino Dai Zovi (Dino promised to transform OSX in a first class citizen in Metasploit)

Attacking Layer 8: Client Side penetration testing, Chris Gates and Vince Marvelli. They show how easy is to own the end user.

DNS: Towards the Secure Infrastructure, Dan Kaminsky. This was the same presentation as DC.

Day 2:

L0phtCrack 6 Release

400 apps in 40 days, Sahba Kazerooni. He explained how he faced a weird project of 400 applications in 40 days.

Get rich or Die Trying, Jeremiah Grossman. A cool talk on how to earn money exploiting different application vulnerabilities.

Vulnerabilities in Application Interpreters and Runtimes. Erik showed some vulnerabilities on different widely deployed interpreters and runtimes.

Day 3:

Dissecting Foreign Web Attacks, Val Smith. Val analyzed a web attack from start to end, great info in his talk.

That's all for 3 days.

Greets to Chris Gates, Vince Marvelli, Val Smith, Jose Nazario, Stacy Thayer, Christien Rioux, and everyone that i met at Boston.

Now SOURCE Barcelona is next, in the coming days we will launch the Call for papers, don't miss this great conference in this great city :)

-CMM

Fist Conference - Source Boston

The FIST Conference is over, i just came home and now i'm preparing my backpack for tomorrows trip to NY and Boston, were i will attend SOURCE Conference Boston :)

The talk of Jay Libove was very interesting, he made us think over the ethics in our career, and

Vicente Diaz talk about eCrime economy showin

g some unbelievable facts and numbers, we are really outnumbered... My talk was about Information Gathering, Metadata and Social Networks, showing how easy is to obtain information about individuals and companies.

The slides will be available soon at www.fistconference.org

Here is a screenshot of the next Metagoofil version that i showed today:

Yes it has the "Analyze local files" that many of you asked for :)

-CMM

L0phtCrack is back with L0pht

I read via Christien Rioux twitter, that L0phtCrack is being reacquired by the original authors.

They are preparing a special information session at SOURCE Boston (Thursday 10:15 am), and they will be releasing version 6. Also they will explain the story of the product from the days of L0pht, @stake, Symantec and L0pht again.

Check this site for more info soon.

I will be there for this session!

-CMM

FIST Conference Barcelona March 2009

Next March 6th we are throwing a new edition of the FIST Conference here in Barcelona, so if you want to check the program, you can go here

I will give a talk about "A fresh new look into information gathering", where i intend to present the new beta version of the Metagoofil, and some new sources for Information Gathering.

Vicente Díaz will continue the talk he gave at the last FIST Conference with new information and facts about cyber crime and the business behind it (or in front of it), very interesting and entertaining talk.

The location has changed, and this edition will be inside the FiberParty 2009 event.

After the conference we flight to USA, first NY and then we head to BOSTON, to attend SOURCE Conference.

Please join us at FIST Conference :)

-CMM

Black Hat DC 2009 - Slides

The presentations of the last Black Hat DC conference are available online, here are some interesting talks:

• DNS 2008 and the New (old) Nature of Critical Infrastructure, Dan Kaminsky
  
• Windows Vista Security Internals, Michael Mukin
  
• Dissecting web attacks, Val Smith & Colin Ames
  

You can download the presentations here

Enjoy

-CMM

HITB 2008 videos

The videos of the Hack In The Box Conference 2008 are available through Bittorrent, you can download the torrent here:

Torrent day 1

Torrent day 2

Also remind that you can download the slides from here

-CMM

Tight Budget, conferences and training

Here is an interesting old article from August Blegen, about "Why attend conferences when facing tight budgets" aka recession times, crisis or whatever you like to call the times we are facing. The article perform an analysis on why is important to attend conferences (and professional education) during hard times. I liked this part of the article:

Recession is not a time to pull the cover over and crawl in. It's a time to work harder, work smarter and improve your own development just to maintain your competitiveness.

So if you are very tight on budget here in Barcelona  or Madrid we organize the FIST Conference a free security conference, where you can learn new things and meet new people.

And i recommend to start saving to assist to the SOURCE conference that will take place on Barcelona on September! This will be an awesome event

 

You can read the whole article here

How are you gonna face the training/education this year?

-CMM

25C3 Presentations

As usual the last 25C3 was held in Berlin, and the presentations are online (not all of them)

You can download check it here: CCC presentations

Enjoy!

-CMM

25C3 Chaos Communication Congress videos

The 25C3 is finishing and the videos of the presentations are available here:

http://81.163.130.141/streamdump/

Enjoy

-CMM

RedIris Conference

Hi all, the thursday 27 i will be talking on the "VI Foro de Seguridad RedIris", the topic of this Forum will be Web Application security. My talk is about "Common application security vulnerabilities" aka "The Usual Suspects". I will make an overview of the most common vulnerabilities, based on the OWASP Top 10.

If you want to have a good time and learn more about Web Application Security this could be a good oportunity.

The conference program can be checked here

See you there!

Fist Conference - Barcelona

The next week (26/10/2007) i will be speaking at the FIST Conference about "Information Gathering" the speak will be based on Metagoofil. I will release a new version, with some fixes and improvements.

If you are in Barcelona, come and join us!

http://www.fistconference.org/barna.php