-
May 31st, 2005, 03:38 PM
#1
Canonical List Of Things To Do At A Security Conference During A Boring Presentation
Canonical List Of Things To Do At A Security Conference During A Boring Presentation
You’re sitting there, bored out of you skull. The speakers are just repeating over and over again how important security is, but are presenting no technical content that would help you in any way. Hey, you showed up at a security conference, you already believe security is important. Other wise you would not be there, so they are preaching to the choir. To quote someone else:
“Sounds boring as hell to me. A bunch of managerial types wafting hot air on various pithy, high level statements that are brutally obvious to anyone with half a clue. I would rather subject myself to the tender mercies of the North Korean Police. They should have technical content of which there is none.” ~Alt.don from Security-Forums.com
During those special times what do you do to keep yourself occupied? Here’s my list, tell me what you would add. No, not all of the activities are ethical, but I’ve seen some them done and they do help to amuse a bored listener.
1. Categorize the attendees. Kind of like spot the Fed at Defcon. Sorry, but many times stereotypes hold a lot of truth. Here are a few categories:
a. Manager types who are just there to look like they care about security.
b. Bored techies that are there because their boss wants them to be.
c. Hackers who want to learn more about the subjects and are hoping for some technical content.
d. Play spot the Fed/Whitehat/Blackhat/Greyhat.
2. Play sniffer games. Lots of conferences provide free Wi-Fi for attendees.
a. See what traffic is out on the LAN using Ethereal.
b. Snarf HTTP traffic and see what web pages other attendees are looking at.
c. Sniff other folks passwords with Ettercap/Dsniff/Cain, not to do anything with them, but just for the hell of it. It’s amusing to see all these folks at a security conference using unsecured protocols.
3. Spot others playing “Sniffer Games”. You will see quite a few.
4. Ask them if they found anything cool.
5. Scan the network with Nmap to see what’s out there.
6. Try to “own” the presentation machine.
7. Net message the presenters computer.
8. Death match video games with other attendees.
9. Try not to get kicked out for doing any of the above.
What would you add?
-
May 31st, 2005, 03:56 PM
#2
2 d Fire up ethereal or any other sniffer of preference and filter for msn messenger packets. They are flat text with a very small amount of controll chars so its easy to read like that. (filter in ethereal would be msnms). There is software out there that does it specifcily for msn and makes it all easely readeble but i dont bother with that stuff.
10. Take fresh install of windows. dont patch it or anything else. Wait and see what happens.
11. Take other fresh install of windows. Patch up to decent security. Wait and see what happens.
12. Look for people that did 10 or 11.
13. Find ip to proxie/router/watherver that is providing internet. Create an ip conflict.
14. Dont get caught for 13.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
May 31st, 2005, 04:47 PM
#3
I don't do it, but it seems to happen everytime I go to a security conference:
15. Issue wireless disassociate broadcast and then pretend to be the WAP and relay the packets through you for the juicy sniffing sessions.
Don't think I have been to a conference in the last couple of years where someone didn't have to run around with a directional attenae and try to locate the I%&%%# trying to be cute...and then issue veiled threats to the person doing it...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 1st, 2005, 11:38 AM
#4
well guys u mentioned most the things i would do
but i want to add the following
i think the most embarrassing thing to do is to hack into the big security guy computer
then fall asleep in front of him as he speaks :P and let him know that it was you
or just tell him in his face what u think
-
June 1st, 2005, 07:55 PM
#5
How about:
16. Chain smoke cigarettes outside until they serve lunch.
Every security seminat I have been to has been catered to perfection, definitly one of the highlights of the day. the best was a bar sponsored by cisco!
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
June 2nd, 2005, 03:54 AM
#6
Junior Member
17. Take your laptop with wireless connection and see how many people just like you try to hack your connection (using something like AirSnare). I get enough kicks out of just doing this at home. I can't imagine what would happen at a security conference.
-
June 2nd, 2005, 04:59 PM
#7
18, take a dump... but during unusual moments and in places where people usually don't expect to find poop laying around.
-
June 2nd, 2005, 05:17 PM
#8
18, take a dump... but during unusual moments and in places where people usually don't expect to find poop laying around.
Probably not that practical, but always comical!
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
June 2nd, 2005, 05:52 PM
#9
How about running a tarpit to see who's doing the hacking. Then take some coutermeasure to let them know you know.
Personally I do the gaming, interrupt gamers, and hack the presenters box, mostly. Spot the fed is boring and I don't care about what your hat is, either.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
June 3rd, 2005, 12:00 AM
#10
19, try to convince others that you actually know something about computers.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|