On Friday, July 30th at 1300 I'll be speaking as part of the DEFCON Skytalks. I'll be talking about using SHODAN to find and exploit an ISP's infrastructure (without really trying), as well as the fun associated with the disclosure of such information. If you haven't been to Skytalks before, check it out here. Stop by for a talk or two, it will be worth your while.
On Sunday, August 1 at 1700 I'll be given my DEFCON talk entitled SHODAN for Penetration Testers. Here is my abstract:
SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.I first talked about SHODAN at the ShmooCon Firetalks (abstract and video) and then again at QuahogCon in Rhode Island. Since then I have added a whole bunch of new material (including the ISP pwnage above). If you're staying late Sunday afternoon, it should be a good time.
Events that I hope to attend include the ToxicBBQ, DC-Forums Meet, and theSummit. Otherwise I tend to just wander from talk to talk and event to event. If you're interested in meeting up anytime that week, let me know!