Here we are on the cusp of another ShmooCon, and I’m really excited to get down to DC. Since I can’t stop thinking about it, I figured I’d write about it – and give you a sneak peek at some cool things my colleagues are doing at the conference.
First up, Andrés Agnese of our CoreLabs research team is hosting a Coretex competition where you can test your skills in reverse engineering, hacking and blackbox testing – using modified Data Matrices. The match will be played using specially crafted scanning software loaded on a central machine. Contestants will get paper Data Matrix templates containing clues toward scoring points in the competition (here's an interactive version of the template). You’ll need to complete the matrices, attempting to use, and – um – overuse, the scanner functionality. You’ll also be able to audit portions of the scan software and try to execute certain functions and exploit bugs using your reverse engineering skills. I can see some people getting really into this. We’ll be sure to bring a lot of game templates. Prizes are perfect for the paranoid: a mini bug detector and a hidden camera detector! Stop by our table for more details.
Next, world traveler, absinthe expert, and scaler of rocky precipices (take THAT, “World’s Most Interesting Man”!), @dan_crowley, will be discussing why private Tweets using shortened URLs aren’t so private – and other fun topics related to shorties – during his talk, “URL Enlargement: Is It for You?” at 10am on Sunday. Here’s the abstract:
“URL shorteners are ubiquitous in today's Internet culture and have a variety of uses for a variety of users. While many have theorized about the security issues and usages involved with URL shortening services (of which there are an impressive number), this talk will aim to demonstrate them, along with interesting statistics such as the percentage of Goatse-equivalent short URLs. Come see what's behind the short URLs: personal documents, private photos, authentication credentials and more!”
Also, if you are a Core Security customer, we’re having a couple of customer meetups during ShmooCon, where you can eat, drink and talk pen testing with fellow customers, me and other members of the Core team. Please contact me directly if you’re interested in joining us: alex<dot>horan<at>coresecurity<dot>com.
Finally, as I hinted above, Core Security will have a table at the conference – please stop by and ask me to show you the latest in Core Impact Pro penetration testing software.
Looking forward to seeing you all there!
- Alex Horan, Sr. Product Manager