May 10th, 2007

Hackers in Seattle for Microsoft's Blue Hat, ToorCon

Posted by Ryan Naraine @ 9:38 am

Categories: Botnets, Browsers, Data theft, Digital rights management, Exploit code, Hackers, McAfee, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Viruses and Worms, Vulnerability research, Wi-Fi security, Windows Vista, Zero-day attacks

Tags: Security, Hacker, Seattle, Ryan Naraine

White hat hackers have descended on Seattle for two semi-private security conferences where new attack and exploitation techniques are being discussed.

The first is the Spring 2007 edition of Microsoft's Blue Hat Security Briefings where researchers are invited to Redmond "to share knowledge and to educate and help protect customers against common threats."

This is the fifth series of Blue Hat briefings and, as usual, Microsoft is hush-hush about the list of attendees and presenters.  IDG's Robert McMillan was able to find out the names of a few hackers on the speaker list — Robert Hansen (RSnake), David Maynor, John Hering and Rob Thomas — but details are very scarce.

A source tells me Maynor (pictured) and Robert Graham, co-founders at Errata Security, are talking about how to evade security tools and Hansen is giving a presentation on Web application security.

Hardware hacker Bonnie Huang is also giving a talk at Blue Hat. 

Immediately after Blue Hat, the hackers will move to a more informal setting for ToorCon Seattle (Beta), an invite-only get-together of around 100 security professionals.

ToorCon Seattle (Beta) runs from May 11-13 and features a single track of 20 minute talks and 5 minute lightning talks. 

The ToorCon Seattle schedule looks very intriguing. A sample:

• Sourcefire's Lurene 'Pusscat' Grenier  - Automating exploitation.
• Dan Griffin -  Hacking Windows Vista Security
• Microsoft's Adam Shostack — Security breaches are good for you (See this .pdf file for slides on this talk, which was given at SchmooCon earlier this year)
• RSnake - Master Recon-Tool (Mr. T)
• IOActive's  Dan Kaminsky - Further Adventures In Visual Data Exploration

[UPDATE: May 10,2007 @ 1:20 PM] Microsoft has just posted the session descriptions and speaker bios for Blue Hat v5.  Andrew Cushman explains on the MSRC blog that the content centers around Microsoft's newest products like XBos, Mobile, Security Products and Web Apps.  Sarah Blankinship has more on the official Blue Hat blog.