The Bug Hunter’s Methodology Jason Haddix @jhaddixA little late to the game but I wanted to encourage everyone to go checkout the Defcon Videos for this year. For those who don't know, the conference was held virtually this year due to the COVID pandemic but still offered talks and various activities. To get to the videos, just head over to the official Def Con YouTube Channel.
A couple of talks I found interesting or would be interesting to new people are:
DEF CON Safe Mode - Zhipeng Huo, Chuanda Ding - Hack Windows Machines with Printer Protocol
DEF CON Safe Mode - Bill Demirkapi - Demystifying Modern Windows Rootkits
DEF CON Safe Mode - Erik Hunstad - Domain Fronting is Dead, Long Live Domain Fronting Using TLS 1.3
This talk is absolutely incredible. If you have been saddened by the demise of Domain Fronting. Weep not as there is a newer badder version in town. At least until Cloud Flare fixes it.
The Bug Hunter’s Methodology Jason Haddix @jhaddix
Jhaddix' update to his seminal Bug Hunters methodology. A few new tricks in there if you have been following along and a great place to start if you are interested in bug bounty hunting.
Guerrilla Red Team: Decentralize the Adversary - Christopher Cottrell
Filled with a great information on a training that Christopher used with one of his cohorts. I encourage you to jot down the plan and follow it if you are just starting out. HTB boxes, books and podcasts o my.
I haven't been through all of them but I watched ones that I thought would have interesting content based on the title.
My favorite talk was the last one on the list. Such a clever new take on the popular but now neutered Domain Fronting Attack. Erik provides a great walk through of the previous attack and also a weaponized approached to Domain Hiding, the new version.
Enjoy the talks and Let me know what your favorites were.
In the ecosystem of cyber security conferences, there are many types ranging from industry to subject matter within a specific industry. In the cyber security world, two main types exist, vendor specific and vendor agnostic. Before recently, I only attended general security conferences to be exposed to a broader range of material. However, since my trip to the Carbon Black conference I wanted to discuss which are better to attend for new folks in the industry.