Archive for the Conferences Category

GuestStealer 1.1 and PaulDotCom Webcast

Posted in Cloud Computing, Conferences, GuestStealer, ShmooCon, VMware, Virtualization Security, Vulnerability Assessment with tags , , , on February 18, 2010 by Tony Flick

Justin and I will be on the PaulDotCom podcast tonight to discuss the latest developments with GuestStealer and the Smart Grid book. For more information, check out tonight’s episode guide and join the live discussion tonight.

Also, GuestStealer v1.1 is now available for download. This is a bug fix release that improves the error handling and prevention of downloading the same vmdk file twice (when that vmdk self-references itself). Thanks to the efforts by Ron at Skull Security, the new version is available on the tools page.

Leave A Comment »

ShmooCon 2010 Stealing Guests… Slides Online

Posted in Conferences, ShmooCon, VMware, Virtualization Security on February 10, 2010 by Tony Flick

Luckily I was able to escape Washington DC’s 3rd round of snow to enjoy the tropical 40 degree weather here in Tampa today and write this post. Despite the blizzard and its many names, the ShmooCon faithful came out in full force to make another great conference. As usual, ShmooCon featured interesting presentations, shenanigans, and a chance to hang out with those friends you usually only see at Cons.

I want to thank everyone who attended the Stealing Guests…The VMware Way talk, especially since no one threw shmooballs at us. For those of you who haven’t done so yet, head on over to the Tools section of the Web site to grab GuestStealer and try it out yourself. Also, Ron over at Skull Security created an Nmap script to identify vulnerable VMware systems. Visit his blog to download the script and view instructions for installing the script.

For those of you who were unable to attend the talk…or find a video, here are the slides.

I would also like to thank everyone who came up to the FYRM booth and talked to Matt and I. The security bug killing/reaction time testing flash game appeared to be a big hit, which drew many contestants…some more determined than others. For those of you that didn’t win this time, check back often to find out details for round 2!

Leave A Comment »

Stealing Guests…For a Free Hard Drive

Posted in Conferences, Events, ShmooCon on February 2, 2010 by Tony Flick

During the Stealing Guests…The VMware Way presentation at ShmooCon this weekend, FYRM will be holding a contest to give away an external hard drive. The first person to exploit the discussed vulnerability on the target virtual machine and yell out the hidden phrase will win the hard drive.

In the presentation, a Perl script will be released to easily exploit the vulnerability. The to-be-released tool runs on Mac OS X (with MacPorts) and most Linux distros. Currently, the tool requires the following Perl dependencies:

  • LWP::Simple
  • XML::Simple
  • Data::Dumper
  • Crypt::SSLeay

Bring your laptops and netbooks to the presentation to try the tool and win the hard drive. Check back often for any updates.

    Leave A Comment »

    ShmooCon 2010 Sponsor

    Posted in Conferences on January 24, 2010 by Tony Flick

    ShmooCon 2010 will be taking place in a few weeks and I am excited to make the annual trek up to D.C. to co-present the “Stealing Guests… The VMware Way” talk. I am also pretty excited about the activities and contest setup at our booth. Make sure you stop by before you start drinking.

    Leave A Comment »

    XAB Presentation @ OWASP DC Chapter Meeting on 9/2

    Posted in Application Security, Conferences, Events, OWASP with tags , , on August 25, 2009 by Matthew Flick

    I will be giving an update on XAB (Cross Site Scripting Anonymous Browser) with Jeff Yestrumskas at the OWASP DC Chapter’s next meeting on September 2 at 6:30PM. More details can be found here. See you there!

    Leave A Comment »

    OWASP AppSec DC 2009 Sponsor

    Posted in Application Security, Conferences on August 20, 2009 by Matthew Flick

    OWASP just launched the official AppSec DC 2009 site @ http://appsecdc.org. We’ll be out in force and will most definitely have some type of party/event. Check back here often or follow us on Twitter (getFYRM) for updates. We’ll see you there!

    Leave A Comment »

    Follow us on Twitter (getFYRM)…and RSVP Deadline Passsed

    Posted in Black Hat, Conferences, DEFCON, Events with tags , , , , on July 30, 2009 by Tim

    You can follow us on Twitter under getFYRM. We’ll be tweeting updates this weekend for the happy hour tonight (see below) and for the netbook winners.

    The RSVP deadline for the happy hour tonight has passed. See Tony or Matt if you still want in. Also catch them for swag and a chance to win one of two Asus netbooks.

    Leave A Comment »

    Black Hat DC 2009 Reception

    Posted in Black Hat, Conferences, Events with tags , , on February 18, 2009 by Tim

    We’ll be hosting an informal reception tomorrow, Thursday, February 19, at Bailey’s Pub & Grille in Crystal City to celebrate Matt’s Black Hat DC presentation. No need to RSVP, but make sure you introduce yourself to Matt early to get in on the swag. The drinks will start flowing at 6 PM and we’ll be around until at least 7:30 PM.

    Leave A Comment »

    Black Hat DC 2009 Presentation

    Posted in Application Security, Conferences on January 28, 2009 by Matthew Flick

    My abstract for this year’s Black Hat DC was picked up. I’ll be presenting the XSS Anonymous Browser tool, or XAB for short. I’m currently hammering out some of the more technical aspects of the tool, but I’ll have a working proof of concept ready for the conference. Plus if there’s time (who am I kidding?), I’ll release a second tool that is a great defense against the attack vectors that XAB utilizes. You can read more about the XAB tool presentation at the Black Hat DC 2009 Speakers Briefings page,

    http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Flick

    For those of you in the Tampa area, I will be presenting the same tool at the OWASP Tampa meeting on February 18. You can check out the Tampa Chapter’s page here,

    https://www.owasp.org/index.php/Tampa

    I hope to see you at either or both presentations and SafeSurfing…

    Leave A Comment »