I write this now, having slept from approximately 4am to 8:30am, but we’ll get to that in a minute or two

Registration was supposed to start at 1pm according to the guide, but it was more like 1:40ish. In any event Andy and I were all set by 2pm and collected some vendor swag, had an appetizer upstairs at the Pub built into the hotel, and hung out till things kicked off at 3:30pm.

Opening comments were by the Shmoo group staff, I forget the guy’s name now but i’ll get it later. He was decently entertaining, and basically is the founder of this thing, so he drives the flow of everything. I’m going to summarize each speaker:

H1kari presenting Hacking the Airwaves with FPGA’s: This was a very strong presentation, he demonstrated using programmable circuits with FPGAs (see the wikpedia page for more details) to crack all sorts of passwords and hashes MUCH faster than normal. These things weren’t cheap though.

Eoin Millerand Adair Collins presenting Auditing Cached Credentials with Cachedump: I thought this was a rather weak presentation. On a technical level this was fairly interesting, although not very difficult to understand. Most of what they proposed probably would not work in an enterprise environment though, as it would limit a lot of remote admin capability. They did not seem to come off like SME’s with this stuff though, which kind of put me off to it.

Adam Shostack presenting Security Breaches are Good for You: Pretty much his entire presentation was common sense, and devoid of much actual knowledge or factual information. Just a guy ranting about companies being evil. We all know about how bad it is to not disclose a security breach, so this was nothing really new. No offense to ya Adam, just expected a little more substance.

Johnny Long presenting No Tech Hacking: This is probably going to be the absolute best talk this weekend, and it’s only Saturday! Johnny was extremely hilarious, and his information was very insightful, spot on. I very much enjoyed those 30 minutes, the guy is a genius. It’s amazing what kind of information people just leave out there for anyone to take advantage of.

Deviant Ollam, Noid, and Thorn presenting Broomstick-Fu: Fundamentals of Physical Security: Nothing against these guys, but this was pretty much a 30 minute NRA campaign. I was expecting more in the way of physical security and how it related to the whole information security picture, all the stuff you’d find in the CISSP domain, for example.

Sergey Bratus presenting Simple Entropy-based heuristics for Log and Traffic Analysis: This was probably my least favorite, mostly because Sergey wasn’t a very engaging speaker, but also because the content didn’t really apply to me. This was something Pete might love actually, as it was very much centered around data manipulation.

The Keynote address was by Dr. Avi Rubin from Johns Hopkins, who talked, for the most part, about legal issues associated with hacking, fair use, and even went into the Diebold voting machine fiasco. I was only really around for the first 10 and last 10 minutes of it, nothing earth shattering in his speech though.

That wrapped up Day One.