Greetings! For my first blog on the new community site, I want to let everyone know what I'm going to be doing next week in Las Vegas.
First, I'm teaching a course at BlackHat on penetration testing with Perl. The purpose of the course it to teach security professionals and system administrators the techniques that can be used to automate several of the normal tasks of a penetration test. This helps to provide better value since more time can be allocated to the difficult tasks.
Secondly, I'm joining a few of my friends, Tom Eston (SecureState) and Kevin Johnson (SecureIdeas) to talk about the process of pentesting web services. We have been working for several months on ways to improves the current process of pen testing web services by building a new updated testing methodology, and we have created a few new tools to make this even easier.
What: "Don't Drop the SOAP: Real World Web Service Testing forWeb Hackers"
When and where:
BlackHat: 10am-11am, Thursday, August 4th (Ceaser's Palace, Roman - Web Hacking track)
DEFCON: 10am-11am, Saturday, August 6th (Rio, Track 2)
Now, my trip to Las Vegas would not be completed without ditching the powerpoint deck and taking people on a nice code walk, so I'm going to be giving a presentation at BSides Las Vegas on demonstrating how easy it can be to take over a system using a web application.
What: "Hacking webapps is more fun when the end result is a shell!"
When: 2:30pm-3:30pm, Thursday, August 4th
Where: Track 2, BSides Las Vegas, 1501 West Sahara Avenue, Las Vegas, NV 89102
Lastly, I will be giving a talk at SkyTalks co-located with Defcon at the Rio. The talk will cover a tool I released several years ago known as GISKismet, which it seems many people have missed. If you are doing any wireless recon, this will be a must see presentation! The time is still TBD, but I promise I will post this on twitter once it's finalized.
BTW, for those of you who don't already know, I code in Perl.
You can keep up with what I'm doing in Vegas on Twitter: @Jabra