The BlueHat team has been getting a lot of questions from both inside and outside of Microsoft asking if we are going to publicly post video or audio recordings of the BlueHat presentations, or if we are going to hoard the BlueHatty goodness and keep the presentation details all to ourselves… A totally valid question since all of our BlueHat presentations from 2005 and 2006 are fantastic and things any developer or IT Pro could benefit from seeing.
BlueHat speakers present at a number of public conferences, many of the speakers have written books, and in some cases speakers are willing to schedule private presentations to interested groups. So while we don’t want to deprive customers of information that could help them improve their enterprise or product security, Microsoft is also respectful of our speaker’s expertise and the business they derive from that. To that end, we are attempting to provide a list of publicly available resources you might reference for additional information.
(speakers – please let me know if I’ve missed something and I’ll update the posting!!)
~Kymberlee
Upcoming Public Presentations & Training (listed in date order)
Caleb Sima - Methodologies and Demos of Web Application Hacks: ISSA Charlotte 3rd Annual Information Security Summit, Charlotte NC, March 23
Vinnie Liu - Bleeding-edge Anti-forensics: InfoSecWorld 2006, Orlando FL, April 3-5
HD Moore - Metasploitation (and a dash of IPS): CanSecWest, Vancouver BC, April 5-7
Halvar Flake - More on Uninitalized Variables: CanSecWest, Vancouver BC, April 5-7
Alex Stamos & Scott Stender - Attacking Web Services: CanSecWest, Vancouver BC, April 5-7
Vinnie Liu - Defeating Forensic Analysis: Computer and Enterprise Investigations Conference 2006 (CEIC), Lake Las Vegas NV, May 3-6
David Litchfield - Breakable: Secure Your Oracle Servers By Breaking Into Them: Black Hat Training, Las Vegas NV, July 29-30 and again July 31-August 1
Kev Dunn -Advanced Database Security Assessment: Black Hat Training, Las Vegas NV, July 29-30 and again July 31-August 1
Halvar Flake -Analyzing Software for Security Vulnerabilities: Black Hat Training, Las Vegas NV, July 31-August 1**
Halvar Flake – SABRE Security Training, Frankfurt Germany, October 2006
On Demand Webcasts, Videos, & Presentations
Caleb Sima: http://www.spidynamics.com/spilabs/education/webcasts.html
Caleb Sima: http://www.spidynamics.com/spilabs/education/videos.html
Brett Moore: http://www.security-assessment.com/tech-1.htm
BlueHat speakers present at many conferences worldwide, but Black Hat and ShmooCon are the only conferences we are aware of that offer a public archive of prior conference presentations.
http://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html.
http://www.shmoocon.org/schedule.html
*whoops, REConand HITBalso have online archives… Thanks TG for the reminder.
Books
David Litchfield: The Database Hacker’s Handbook: Defending Database Servers (ISBN: 0764578014)
David Litchfield: The Shellcoder’s Handbook : Discovering and Exploiting Security Holes (ISBN: 0764544683)
David Litchfield: SQL Server Security (ISBN: 0072225157)
Caleb Sima: Hacking Exposed Web Applications, Second Edition (Hacking Exposed) (ISBN: 0072262990)
Johnny Long: Google Hacking for Penetration Testers (ISBN: 1931836361)
Vinnie Liu, Johnny Long: Penetration Tester’s Open Source Toolkit**(ISBN: 1597490210)
Vinnie Liu: Writing Security Tools and Exploits (ISBN: 1597499978)
Dan Kaminsky: Hack Proofing Your Network 2nd Edition (ISBN: 1928994709)
David Maynor: ISS X-Force: Next Generation Threat Analysis and Prevention (ISBN: 1597490563)
UPDATED MARCH 29, 2006 to add upcoming presentations by Vinnie Liu, change authors listed on Penetration Tester’s Open Source Toolkit, and add two more conference archives.**