Better late than never right?

Since we basically missed all of Blackhat except Schmoilito’s talk this year (hey, pool security is important too), I’ve made a list of the best Defcon talks I heard this year. To sum it up: Cable Modems, Wifi, NMAP, and Mati Aharoni.

Both Guy Martin’s and Blake Self’s talks on cable modems were eye openers. You could have probably guessed people were writing their own firmware for cable modems to unlock their full potential, but it was interesting to get the background on it and an overview of DOCSIS. Mr Martain’s presentation then showed what mass pwnage really looks like by sniffing a network at cable modem speeds using an inexpensive DVB-C card. It also wasn’t over looked that his “packet-o-matic” tool had one of the best user interfaces for any home grown tool we’ve seen in a long time. A web interface with smooth AJAX requests. Sure, GUI’s are for script kiddies, but good GUI’s are like the same reason the chicken wings at Hooters taste so much better.

In the WiFi world, Rick Farina and Thomas d’Otreppe talk was interesting especially in regards to unlocking the 4920-6100 MHz range. I’m wondering if we’ll ever see this in an assessment, but the idea of running your own home wireless network outside the range of normal prying eyes is very intriguing. The ath5k frequency patch appears to now be online. Still looking for a Wii patch to support this…

While I was in the cable modem talks, the network guys hit Fyodor NMAP talk. From the twitter comments, he rocked it with some cool new updates to NMAP and a Netcat replacement tool. I thought I had too many beers when they mentioned the Netcat replacement, but it sounds like Fyodor and team’s Ncat has a lot going for it. SSL support, port redirection, built in proxy and access control support. Definitely worth checking out.

The last thing on my highlight reel was Mati Aharoni’s “From bug to 0day” talk. Mati showed he must make one hell of a teacher in the Backtrack classes. He basically told the story of what he needed to go through to find an 0day in a client’s project. It was a great walk through of both the technical and thought process and not just a walk through of slides (don’t bother with the slides on this one, you needed to see his screen and hear him). I think Mati got everyone in the room sharing his tension and completely wrapped up in the adventure. I wanted a box of popcorn and a squeal when he was done.

DefCon badges were once again, awesome.

… I completely missed Sunday’s talks. I heard good things about Carric’s Pen-Testing presentation. I plan to catch that on the DVD.

-b3nn