Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Canonical List Of Things To Do At A Security Conference During A Boring Presentation

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Canonical List Of Things To Do At A Security Conference During A Boring Presentation

    Canonical List Of Things To Do At A Security Conference During A Boring Presentation

    You’re sitting there, bored out of you skull. The speakers are just repeating over and over again how important security is, but are presenting no technical content that would help you in any way. Hey, you showed up at a security conference, you already believe security is important. Other wise you would not be there, so they are preaching to the choir. To quote someone else:

    “Sounds boring as hell to me. A bunch of managerial types wafting hot air on various pithy, high level statements that are brutally obvious to anyone with half a clue. I would rather subject myself to the tender mercies of the North Korean Police. They should have technical content of which there is none.” ~Alt.don from Security-Forums.com

    During those special times what do you do to keep yourself occupied? Here’s my list, tell me what you would add. No, not all of the activities are ethical, but I’ve seen some them done and they do help to amuse a bored listener.

    1. Categorize the attendees. Kind of like spot the Fed at Defcon. Sorry, but many times stereotypes hold a lot of truth. Here are a few categories:
    a. Manager types who are just there to look like they care about security.
    b. Bored techies that are there because their boss wants them to be.
    c. Hackers who want to learn more about the subjects and are hoping for some technical content.
    d. Play spot the Fed/Whitehat/Blackhat/Greyhat.

    2. Play sniffer games. Lots of conferences provide free Wi-Fi for attendees.
    a. See what traffic is out on the LAN using Ethereal.
    b. Snarf HTTP traffic and see what web pages other attendees are looking at.
    c. Sniff other folks passwords with Ettercap/Dsniff/Cain, not to do anything with them, but just for the hell of it. It’s amusing to see all these folks at a security conference using unsecured protocols.

    3. Spot others playing “Sniffer Games”. You will see quite a few.
    4. Ask them if they found anything cool.
    5. Scan the network with Nmap to see what’s out there.
    6. Try to “own” the presentation machine.
    7. Net message the presenters computer.
    8. Death match video games with other attendees.
    9. Try not to get kicked out for doing any of the above.

    What would you add?

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    2 d Fire up ethereal or any other sniffer of preference and filter for msn messenger packets. They are flat text with a very small amount of controll chars so its easy to read like that. (filter in ethereal would be msnms). There is software out there that does it specifcily for msn and makes it all easely readeble but i dont bother with that stuff.

    10. Take fresh install of windows. dont patch it or anything else. Wait and see what happens.

    11. Take other fresh install of windows. Patch up to decent security. Wait and see what happens.

    12. Look for people that did 10 or 11.

    13. Find ip to proxie/router/watherver that is providing internet. Create an ip conflict.

    14. Dont get caught for 13.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I don't do it, but it seems to happen everytime I go to a security conference:

    15. Issue wireless disassociate broadcast and then pretend to be the WAP and relay the packets through you for the juicy sniffing sessions.

    Don't think I have been to a conference in the last couple of years where someone didn't have to run around with a directional attenae and try to locate the I%&%%# trying to be cute...and then issue veiled threats to the person doing it...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Senior Member
    Join Date
    Sep 2004
    Posts
    117
    well guys u mentioned most the things i would do
    but i want to add the following

    i think the most embarrassing thing to do is to hack into the big security guy computer
    then fall asleep in front of him as he speaks :P and let him know that it was you

    or just tell him in his face what u think

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    How about:

    16. Chain smoke cigarettes outside until they serve lunch.

    Every security seminat I have been to has been catered to perfection, definitly one of the highlights of the day. the best was a bar sponsored by cisco!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    17. Take your laptop with wireless connection and see how many people just like you try to hack your connection (using something like AirSnare). I get enough kicks out of just doing this at home. I can't imagine what would happen at a security conference.

  7. #7
    18, take a dump... but during unusual moments and in places where people usually don't expect to find poop laying around.

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    18, take a dump... but during unusual moments and in places where people usually don't expect to find poop laying around.
    Probably not that practical, but always comical!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    How about running a tarpit to see who's doing the hacking. Then take some coutermeasure to let them know you know.

    Personally I do the gaming, interrupt gamers, and hack the presenters box, mostly. Spot the fed is boring and I don't care about what your hat is, either.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  10. #10
    19, try to convince others that you actually know something about computers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •