So, I went to Shmoocon for the first time this year, and I had a blast. Met some good people and saw a lot of great talks. A few highlights:
- Stephen Breen of FoxGlove Security showed how to chain together a series of existing Windows vulnerabilities to build a new privilege escalation exploit based on the Windows network broadcast name service (NBNS)
- Jay Beale of InGuardians gave a great talk on using Docker containers to limit attacks on apps
- Mandiant’s Matt Dunwoody and Nick Carr provided a postmortem on a massive breach they’d recently had to contain and remediate. Key takeaways: as an incident responder, your operational tempo has to outpace the attacker, and if you’ve got PowerShell in your environment, upgrade to v4 to take advantage of the logging capabilities
The links above point to the Shmoocon schedule; I’ll add links to the slides as they become available.
Update: videos are available here.