The conference is half through the first day, with loads of great presentations already done.
The morning started off strong with the ever energetic Georgia Weidman presenting on Mobile devices in penetration tests. My mental summary... mobile devices are not outside the scope of pentests. Smart phones = Computer that people forget is a computer.
I unfortunately missed Stefano Zanero's presentation on the use of social media site login to login to other resources, but heard great things.
Then the ever masterful Deviant Ollam presented on mastering master key systems. Don't let this man near your data center... 🙂 , but whenever you see him offering lessons, take them!
Saumil Shah presented on delivering exploits hidden inside images. The exploits load when the image loads and trigger based on the implementation. The next time you are loading that image gallery.. think twice, he might be there.
Right now, sitting back watching Chris Gates and Rob Fuller presenting "Dirty little Secrets, Part 2" . This talk is jam packed with tools, tips, new fun and old crookedness.
Some key take aways at this time:
How does your BYoD policy look? Do you have one.....
Locks, don't assume your locked cabinet will stay that way. Physical security is just as vulnerable as network.
Social media, still there, still dangerous. Do you allow it in your comany network?
Hidden exploits: The exploit deliveries continue to grow more and more tricky. Make sure all your security layers are in place and updated...