Summercon.org

CFP Instructions:
Please send bio, abstract and time request (15,30,45,60 min) to redpantz@summercon.org. No LED, NO XSS, NO SQLi

This talk introduces new methods for penetrating server-side environments utilizing Adobe Flex services. We'll briefly discuss the AMF protocol and how to break a Flex app with a single HTTP request. In addition, we'll show how to exploit services to perform remote port scans and gain access to internal hosts. Don't waste your Flash 0-day on some unsuspecting user when you can just as easily slip in through the front door. 15 minutes and you'll know everything you need to finish the job.

This talk offers helpful advice for newcomers and early entrants to the information security field. If you have the passion to enter this field, this talk will help guide you through acquiring skills, getting the most out of college, finding a job, and managing your career. This talk seeks to answer the questions most frequently asked by students in Dan's Penetration Testing and Vulnerability Analysis class at the Polytechnic Institute of NYU and draws significant material from his own experiences.

Windows Data Execution Prevention is intended to hinder exploitation of memory corruption bugs by enforcing page permissions, thus preventing execution of shellcode from memory regions such as the stack or the heap. It turns out drraid doesn't like this, and has put together a talk on modern attacks on DEP so that we can keep sh*t moving. This talk covers old/lame techniques, as well as the modern and still effective techniques for beating DEP, and briefly discusses ASLR as well.

From Titan Rain to GhostNet to Aurora the internet threat landscape has been changing. The teenage hackers of 10 years ago are the intelligence service agents and operators of today, and may be the policy makers and strategic planners of the future. In this age of coordinated, sophisticated attacks we must change with the times and respond with equal sophistication. Many see this as a move towards a threat centric model of network security, but I'll argue one better. This should be the impetus for organizations to move to an intelligence centric model of network security. The intelligence process is one of the oldest diciplines there is and the start of answers to many of our problems aren't necessarily rooted in the security appliance du jour but in wisdom that goes back to Sun Tzu and the Great Game. To jumpstart your move into becoming the James Bond of your own network I'll be going over some of the fundamental facets of intelligence; the taxonomy, lifecycle, items to look for, and how to make use of them. PP7 and Aston Martin not included.

Think you have what it takes? Didn't submit anything? Well, we have two choices. 1) We can pick a person from the crowd to give a 10-minute talk on anything the general population finds interesting. 2) We can play some flip-cup.