Alright, now that I've got a safe internet connection (via my Bluetooth connection to a 3G network), I can finally blog about Defcon 15. So far, it's been super good, and I've been able to meet some great people and see some good talks. Here's my review of Day 1.
The Church of Wifi has made some great progress in the WPA cracking. Last year, they presented the possibility of using FPGAs to crack WPA, using a 7GB set of Rainbow tables. This year, they've expanded those tables to more that 35GB, touting a word dictionary of more than a million words. Up at the Wireless Village, render was copying those tables to as many external hard drives as could be provided. They've also gone as far as creating their own live cd based on Backtrack. Although it's a great idea, it doesn't sound too stable yet. I'm still trying to find the cd on their site
Thomas Wilhelm discussed creating your own pen test lab in your home. I'll swear by this methodology. While I understood a lot of the basic pen testing because I'm familiar with Linux, the concepts of finding bugs in compiled software was not something I was very familiar with, because I lack a lot of experience with compiled languages. If you'd like to follow in my footsteps (ooh, I'm not a role model), check out Damn Vulnerable Linux. The videos and tutorials were great for me.
Jacob Applebaum called me out of the audience for some Mac settings with power management. Lucky me. Linux geek recently converted to OS X less than a week ago, and I'm caught with my pants down. Apparently, on hibernate of OS X, a systemimage is written. However, this is not deleted on resume, so you've got a systemimage saved on your system. Ew. He did add that EFI has the option of loading modules into the kernel on boot, and that there is a possibility of removing the file on resume yourself. Silly that it has to be hacked together like that.
Johnny Long's talk, the last of the night, took the cake for the highlight of my day. Last year, his talks were so charismatic that I just had to sit in on his talk this year. It was entitled "No Tech Hacking" and detailed his exploits into social engineering. With the exception of hotel cable hacking, there was absolutely no technical hacking performed. It was information gathering consisting of dumpster diving (or rather, dumpster picture taking), badge forgery, and shoulder surfing.
I went up to the Wireless Village, expecting there to be some workshop-type instructions, and found a few cliques. My mental firmware doesn't have clique support, so I spent a bit of time people watching, and decided that I'd just go see some more talks. Maybe I'll try again tomorrow. Overall, I've already felt quite rewarded for this little trip.