Introduction
After Troopers 2016 and Hack In the Box, my year of conferences ends with the DefCon 24 in Las Vegas Bally’s & Paris Casino which was with about 22,000 attendees/hackers one of the largest hacker conferences. In this post I would like to give my personal impression of this great conference.
Content
DefCon offers four tracks at the same time, workshops, demo labs (dedicated area for hackers to show off what they have been working on), villages and many more. You can find the materials like speaker or workshop slides in the DefCon Archive.
Current trends:
- Car Hacking
- Internet of Things
- AD Pentest Tools
Active Directory Pentest
If you are interested in analyzing Microsofts Active Directory, it is worth to have a closer look at the following guys who enrich us with their PowerShell Frameworks PowerSploit and Empire. In the demo labs, byt3bl33d3r shows us how to combine Empire, PowerSploit and Mimikatz in his post-exploitation tool CrackMapExec.
- Sean Metcalf from adsecurity.org: BeyondTheMCSE-RedTeamingActiveDirectory
- Will Schroeder from harmj0y.net/blog/: I Have the Power
- Marcello Salvati from byt3bl33d3r.github.io : CrackMapExec
Android Hacking
Dinesh Shetty shares the InsecureBankv2 with us and introduces typical vulnerabilities in Android applications in his workshop.
The future
In their talks (Ab)using smart cities and Backdooring the Frontdoor, Matteo Beccaro and Jmaxxz shows us what the future holds for us.
Conclusion
Besides the mentioned talks, DefCon, Hacker Jeopardy, there is only one thing left to say:
- BurpSuite – Update HTTP Header in Session Handling Rules - 18. September 2018
- DefCon 24 - 27. September 2016
- Using Chrome Logger in BurpSuite - 27. July 2016