- Intercepting Mobile Phone/GSM Traffic (H1kari)
- Forensic Image Analysis for Password Recovery (David Smith)
- Baked not Fired: Performing an Unauthorized Phishing Awareness Exercise (Syn Phishus)
- Web Portals: Gateway to Information or a Hole in our Perimeter Defenses (Deral Heiland))
- Hacking the Samuri Spirit (Isaac Mathis)
"Intercepting Mobile Phone/GSM Traffic" was interesting though I got the impression that H1kari had dumbed it down to make it more interesting to a wider group. It was interesting in any case.
I felt the audience was a bit unfair at the end of David Smith's talk on password recovery. He had stated up front that it was a work-in-progress and that he was looking for other ideas. Basically his works comprises building attack dictionaries by extracting strings from memory space, passing them through qualifying filters (must be a certain length, must be from a certain (type-able) character set, etc.), and using the resulting dictionary in a much smaller brute force attack. (Rob! Something to include in the forensics class?)
Deral Heiland's talk on web portals had similar audience issues as it too was a work in progress. I guess we're an unforgiving bunch. It did remind us to pay attention to details when evaluating web services.
Isaac Mathis's talk well done (funny). It reminded me a bit of Johnny Long's talks on just about any subject. With a bit more practice, I think Isaac might just reach the same quality.
Overall, the conference is off to a good start (I wonder if there were any shenanigans last night). No suprises so far, security-wise. I ran into a few friends that I hadn't seen in awhile. Noticed that others were missing (maybe Saturday?).