Skip navigation

Category Archives: defcon

John Heasman just posted a rocking method of obtaining NTLM hashes out of an enterprise by turning a Java applet into a web server! Check it out!

This year I’ll be presenting at DefCon on the history of NTLM attacks, how they work and why we need to get rid of it. I’ll release a tool that will combine as many hacks as I can get working to use captured users and their authentication tokens. There’s been a lot of talk in the past few years about browser security and it’s mostly hinged around using Javascript as a port scanner, sending attacks through the browser, attacking the platforms, etc. Few have been talking about an Enterprise-class risk and since that’s what I get paid to think about I’m gonna blow it open. 🙂 Come to DefCon and have a great time!

SyScan was great, a little small but helpful to bring the confidence up speaking to people who have no clue who I am! I learned quite a bit about my speaking style which helped firm up ideas about the DefCon presentation. I presented a combination of Web Security Mistakes including how to get a free MacWorld pass and spoke more about the future of PokeHashBall.

We stayed a few extra days to soak up the culture and soak the sweat into our clothes some more since this was our first trip to Hong Kong. The MongKok Computer Center was interesting but didn’t seem to really have the deals I was expecting. I didn’t get to any of the other computer centers however. Maybe next trip!

We went through Narita airport on the way back so I stopped at Duty Free and bought a bottle of Suntory Whiskey, the kind Bill Murray is hawking in the movie “Lost In Translation”. For relaxing times, make it Santory time. . .


This weekend is DefCon 16. All signs say this year is going to be just as big, if not bigger, than it’s been in the past. Part of me misses the Alexis Park experience. It felt more homely, more tightly knit together than at a casino. Maybe it’s just me. 🙂

I’ll also be a part of the Hackers on a Plane! We’re flying right after DC to the Chaos Computer Camp. I’ve lamented often to friends on how disjointed we are, specifically within the Bay Area, as a community of hackers. I’m not one to talk because I’m just as bad about staying home and keeping things to myself as the rest of us. Hopefully will help invigorate me to make some changes. This little spot on the Internet has helped a little. I no longer feel like an evil anti-social hacker — ok, maybe a little.

Hope to see everyone there!