defcon updates
22 views
Skip to first unread message
johanna curiel curiel
Aug 6, 2016, 10:42:23 PM8/6/16
to OWASP ZSC
Hello ZSC Team
Today we had the Defcon Demo lab of OWASP ZSC and it was really great. Many people came to our booth, a couple of them were shellcode experts and they really liked the tool, others learning about were also very enthusiastic and others just curious but open to hear more about it.
Thank you to all of you we were able to get this done!
So next we will prepare much better for the upcoming conferences if accepted
BlackHat Arsenal EU(london)
Defcon Lucknow (india)
BlackHat Asia(singapore)
BlackHat US
Cheers
Johanna
Pratik Patel
Aug 7, 2016, 12:07:18 AM8/7/16
to OWASP ZSC
Great work Johanna. You did great work with Documentation, posters and everything :)
Ali Razmjoo
Aug 7, 2016, 7:36:31 AM8/7/16
to Pratik Patel, OWASP ZSC
Thanks everyone,I hope we keep it prefect all the time
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/509664a4-cf09-4f31-8517-5c83a2849f16%40googlegroups.com.
Paras Chetal
Aug 7, 2016, 8:56:04 AM8/7/16
to OWASP ZSC
Great work everyone :) . I'm looking forward to other conferences in which ZSC will be presented and hopefully we'll have even better features to show.
On Sunday, August 7, 2016 at 5:06:31 PM UTC+5:30, Ali Razmjoo wrote:
Thanks everyone,I hope we keep it prefect all the time
On Sun, Aug 7, 2016 at 8:37 AM, Pratik Patel <pratikpa...@gmail.com> wrote:
Great work Johanna. You did great work with Documentation, posters and everything :)
On Sunday, August 7, 2016 at 8:12:23 AM UTC+5:30, johanna curiel curiel wrote:Hello ZSC TeamToday we had the Defcon Demo lab of OWASP ZSC and it was really great. Many people came to our booth, a couple of them were shellcode experts and they really liked the tool, others learning about were also very enthusiastic and others just curious but open to hear more about it.Thank you to all of you we were able to get this done!So next we will prepare much better for the upcoming conferences if acceptedBlackHat Arsenal EU(london)Defcon Lucknow (india)BlackHat Asia(singapore)BlackHat USCheers--Johanna
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+...@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
johanna curiel curiel
Aug 7, 2016, 10:56:18 AM8/7/16
to Paras Chetal, OWASP ZSC
Defcon was really picky about the accepted projects.
Funny thing is that the Demo lab was officially open until the 15 June.
I checked their website because on the first week of July I decided that I will go to defcon and noticed the demo lab even though it had written 15 june as a deadline, appeared as 'open' , then I sent DEFCON the info also asking that it seems they were still accepting tools and email with our basic info and the DEFCON guy responded me within hours with 'if you send me all the info right now, you are in' , quite abrupt and unexpected!
Must say the other tools like websec were from people working for Microsoft and veteran DEFCON presenters, so guys, we definitely should be proud ;-)
DEFCON lucknow has not answered my email yet, but they maybe dormant as the conference runs until next year, so let's keep an eye when they will be accepting submissions on their website
We already submitted to be at BlackHat EU Arsenal, so we will await I think around August if we got accepted, then Ali can be there hopefully.
I had the opportunity to provide live demo during the DEFCON conference to different peeps and actually show how the compiled shellcode work, they all ask me to please set that on a video, so yes I think providing all kind of videos how this is applied is a great way to promote the tool, I just wished I had more time before I went to do this, but thats life ;-)
So next time, I'll take some of the feedback received from the public during the Demo provided sessions I had with a couple of people, like
- Create some videos showing an example from beginning to end for shellcodes
- Showing how the encode changes the shellcode every time is generated
- A lot of interest in how obfuscation module works and the algorithms used,
- Interest in shell-storm API and our own API, with some video examples
So, we have some time before BlackHAT arsenal EU, and I think if we get some nice videos rolling with a couple of clear examples, like I did during the DEMO lab, people will love it .
I have an account with POWTOON and i'm planning to create a small series that we can use as instructional videos, but all related to web server misconfigurations and web server vulnerabilities exploitation, so we stay close to OWASP goals regarding web released issues ;-)
The best compliment I got form an experienced exploit developer was that what we were doing was even better than other stuff happening in the contest area.
SO yes guys, one of my goals is to work on this and more complex obfuscation algos, something I'm looking to contribute with in the future with coding ;-)
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/5986eb7f-36c6-423d-8a73-73985eb652a5%40googlegroups.com.
Johanna Curiel
OWASP Volunteer
Akash Trehan
Aug 7, 2016, 5:29:13 PM8/7/16
to OWASP ZSC
Awesome! We nicely brought together everything for the conference I believe.
Demo videos would definitely be a nice thing to have.
Another thing would be a nice web interface for ZSC. Shouldn't be too hard to make since we have an API.
Demo videos would definitely be a nice thing to have.
Another thing would be a nice web interface for ZSC. Shouldn't be too hard to make since we have an API.
Akash Trehan
Aug 7, 2016, 5:42:52 PM8/7/16
to OWASP ZSC
By the way Johanna have you seen this?
This is from 16 June 2016:-
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
--------------------------------------------
This is from 16 June 2016:-
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
--------------------------------------------
Ali Razmjoo
Aug 7, 2016, 5:50:10 PM8/7/16
to Akash Trehan, OWASP ZSC
is that mean defcon lucknow all totally stopped ?
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/60bf1935-88da-4e97-b7ac-c3050c0ee0d2%40googlegroups.com.
Akash Trehan
Aug 7, 2016, 6:12:16 PM8/7/16
to Ali Razmjoo, OWASP ZSC
On Mon, 8 Aug 2016 at 03:20 Ali Razmjoo <ali.r...@owasp.org> wrote:
is that mean defcon lucknow all totally stopped ?Sincerely yours,
On Mon, Aug 8, 2016 at 2:12 AM, Akash Trehan <akash.t...@gmail.com> wrote:
By the way Johanna have you seen this?
This is from 16 June 2016:-
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
--------------------------------------------
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+...@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
johanna curiel curiel
Aug 7, 2016, 7:47:18 PM8/7/16
to Akash Trehan, Ali Razmjoo, OWASP ZSC
Hi Akash
Thank you for the update. That's really bad, I saw something on the Defcon Lucknow website but I wasn't aware that they stopped completly. That's probably the reason why there is no answer.
In that case, we have to look into another conferences in your area that we can submit
cheers
Johanna
On Sun, Aug 7, 2016 at 3:12 PM, Akash Trehan <akash.t...@gmail.com> wrote:
On Mon, 8 Aug 2016 at 03:20 Ali Razmjoo <ali.r...@owasp.org> wrote:
is that mean defcon lucknow all totally stopped ?Sincerely yours,
On Mon, Aug 8, 2016 at 2:12 AM, Akash Trehan <akash.t...@gmail.com> wrote:
By the way Johanna have you seen this?
This is from 16 June 2016:-
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
--------------------------------------------
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/60bf1935-88da-4e97-b7ac-c3050c0ee0d2%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/CA%2BMaSc%3DxfaGiV%2Bfm2LUNjmFKBhzFPUOH3eodj-z1cUD3nePmMg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages