[*] TOORCON X LINEUP & TRAINING SEMINARS POSTED & PRE-REGISTRATION ENDING We're very proud to announce our lineup for this year and wanted to remind everyone that ToorCon is happening in less than a month! We also have a couple different training workshops and a day of seminars in addition to the conference for anyone looking for training. As such, we will be closing pre-registration soon (September 12th, 2008) and are trying to let everyone know it's their last chance to get the best deals on one of the best hacker conferences in the US. As always, more information is available at http://www.toorcon.org. If you have any questions, please don't hesitate to email me. [*] CONFERENCE Pre-Registration: $100 Door Price: $140 September 26th-28th, 2008 San Diego Convention Center Rooms 24-26, Upper Level 111 W. Harbor Drive San Diego, CA 92101 http://www.sdccc.org SATURDAY - 50 minute talks Dan Kaminsky - TBA Alexander Sotirov - How To Impress Girls With Browser Memory Protection Bypass Ben Feinstein - Loaded Dice: SSH Key Exchange & the OpenSSL PRNG Vuln grutz - One XSS To Rule The Enterprise Jason Ostrom - Targeted VoIP Eavesdropping: An Attack From Within Jay Beale - Owning the Users with The Middler Joseph McCray - Advanced SQL Injection Nick Farr & Eric Michaud - Freifunk in the USA: Leveraging Community Organizations to build Neighborhood Wireless Networks Ariel Waissbein - Your risk is not what it used to be Asteria - hackerspace:FAIL SUNDAY - 20 minute talks Andre Gironda - A little TLC for your SDL Bruno G Oliveira - Knowing and Enjoying the Cold Boot Attack Chema Alonso & Jose Parada - RFD (Remote File Downloading) using Blind Techniques Chris Gates - New School Information Gathering Christian Heinrich - Google Denied David Byrne - Advanced Techniques in Automated Web Application Testing Dennis Brown - Anatomy of the Asprox/Danmec Botnet Joshua Brashars - Owning telephone entry systems (aka why you shouldn't sleep so well) Sergey Bratus, Cory Cornelius, Daniel Peebles, & Axel Hansen - Active Fingerprinting of 802.11 APs Strom Carlson - Why your mother will never care about Linux (a rant) Stephan Chenette - Ultimate Script Deobfuscation: Browser Hooking versus simulation Luiz "effffn" Eduardo - a 30,000 feet look at wi-fi, the freezing spot Adam Cecchetti - Nunchaku: Attack, Defense, and a lot of arm flailing Dan Griffin - Hacking SharePoint Zane Lackey & Luis Miras - Mobile Phone Messaging Anti-Forensics Dan Hubbard - P0wn the Cloud. The good, the bad, and the pugly of Cloud Computing Tom Stracener - Advanced Cross-Site Scripting Scenarios, Filter Evasion and Browser Exploits Thomas Ristenpart - Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs Dean Pierce - Seeds of Contempt Zax - How did that Nigerian do that?! Artificial Intelligence and You [*] WORKSHOPS Pre-Registration: $1300 Door Price: $1600 Lunch & Dinner Provided Conference Admission Included September 24th-25th, 2008 The Hotel Solamar 435 6th Avenue San Diego, CA 92101 http://www.hotelsolamar.com CRASH COURSE IN PENETRATION TESTING Instructors: Joseph McCray & Chris Gates Includes: 250GB 2.5" USB Harddrive preloaded with lab VMWare images This course will cover some of the newer aspects of pen-testing covering; Open Source Intelligence Gathering with Maltego and other Open Source tools, Scanning, Enumeration, Exploitation (Both remote and client-side) and Post-Exploitation relying heavily on the features included in the Metasploit Framework. We'll discuss our activities from both the Whitebox and Blackbox approach keeping stealth in mind for our Blackbox activities. Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection. The course will come with a complementary USB Harddrive loaded with the lab Virtual Machine images for you to play with so you can continue to hone your skills and learn new techniques even after the course is finished. Attendees will walk away with a current knowledge of how to pen-test both a network and a web application, all of the basic tools needed, and a set of practice exercises that they can use to improve their skills. CORPORATE SECURITY AND INCIDENT RESPONSE CRASH COURSE Instructors: Gabriel Lawrence, James O'Gorman, Matthew Churchill, & datagram Includes: USB Flash Drive, Lockpicks, Materials This course will cover all of the behind the scenes things that you need to know to be an effective security administrator and/or CSO. Thie first day of this course will focus on the different threats and attack vectors of your company covering both network and physical based attacks and ways to identify how attackers could get into your network and the countermeasures that you can take to prevent it from happening. On the second day, we will address the scenario of if someone does get into your network and go in-depth on how to perform proper incident response, what happens behind the scenes with the whole forensics process, including real-world training from ex-law enforcement, and the do's and don'ts of handling data on compromised machines. [*] SEMINARS Pre-Registration: $750 Door Price: $950 Lunch Provided Conference Admission Included September 26th, 2008 The Hotel Solamar 435 6th Avenue San Diego, CA 92101 http://www.hotelsolamar.com FRIDAY - 75 minute talks James O'Gorman & Matthew Churchill - Digital Forensics - Footsteps in the Snow Travis Goodspeed - Repurposing the TI EZ430 Development Tool Ryan Sherstobitoff - The Evolution of Cyber Crime Jared DeMott - AppSec A-Z: Reverse Engineering, Source Code Auditing, Fuzzing, and Exploitation [*] WORKSHOP & SEMINAR Pre-Registration: $1700 Door Price: $2100 Lunch & Dinner Provided Conference Admission Included September 24th-26th, 2008 The Hotel Solamar 435 6th Avenue San Diego, CA 92101 http://www.hotelsolamar.com
