DEFCON 32 (2024) Notes & References

21AE5307-97BD-4099-846E-59D38EEC8B05-COLLAGEHere are my DEFCON notes from the sessions that I attended in 2024 for DEFCON 32:

Please feel free to do what you want with these notes.  I go to sessions, so you don't have to.

Here are some quick links to notes from previous years: 31 (2023), 30 (2022), 29 (2021), 28 (2020)*, 27 (2019), 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

*I have 28 (2020) notes, but they still need work.

I plan on attending DEF CON 33 (2025).  Follow along near real-time on Twitter @technewsradio, Instagram @otto_locke


Updated CISSP Domains

Security-info-graphic

The CISSP Domains (Effective April 15, 2015) will be changing:

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

DEFCON 21 (and 20 oops!)

Defcon-21-badge+stuffDEFCON 21 was in Las Vegas, NV from August 02-04, 2013 and we were there.  Our real-time posts, references, and links are available over on @Technewsradio on Twitter.  

We have a detailed report (PDF) from the sessions attended if you are interested.  Just drop us an email to get the full report or a request via message on Twitter.  A podcast summary is planned but not promised at this time.

Things that we are "worried about" from an Enterprise computing perspective:

  • Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
  • You can't secure what you don't manage.
  • Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
  • USB is not your friend.
  • Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
  • Cloud computing could be your friend but probably won't.
  • Developers writing code for an organization without a security focus is just asking for trouble.
  • If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
  • In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.

P.S. x 1: We were also at DEFCON 20 and have that report available if you are interested. Just drop us an email or message on Twitter for a link.

P.S. x 2: There are also DEFCON 18 and DEFCON 19 reports.  They are surprisingly still relevant IMHO -- same bat channel.


Another Week Of Recommended Podcasts Worth A Listen


Podcast-recommendations-01 Looking through my listened to podcast list for this past week, I'm going to recommend the following as potentially interesting:

 


TECH NEWS RADIO PODCAST #371 | 2010-07-16 | VMWare Fusion 3.1

 Listen! (Size 2.6 MBs, Running Time 2m36s)

Today's podcast examines the latest version 3.1 of VMware Fusion for the Apple Mac OS X

Feel free to follow along with Steve Holden at: Twitter and/or Google+.  For technology news only updates follow TechNewsRadio @ Twitter.


TECH NEWS RADIO PODCAST #369 | 2010-07-13 | OpenOffice.org News

 Listen! (Size 3.0 MBs, Running Time 2m58s)

Today's podcast examines some recent news from OpenOffice.org that Petroleo Brasileiro SA is rolling out a big BrOffice.org deployment to over 90,000 systems; and that v3.21 of Open Office has been release with v3.3 expected this Fall 2010.  Two additional links mentioned in this podcast include: Open Document Format (ODF) and Oracle.

Feel free to follow along with Steve Holden at: TwitterFriendFeed, and/or Delicious.  For tech news only updates follow TechNewsRadio on Twitter.

This podcast is sponsored by SCOTTEVEST and Amazon.


TECH NEWS RADIO PODCAST #367 | 2010-07-09 | Amazon's Improving Cloud of Computing

 Listen! (Size 3.1 MBs, Running Time 3m04s)

Today's podcast is a couple of tech tidbits that examine recent news from Amazon S3 with regards to:

Feel free to follow along with Steve Holden at: TwitterFriendFeed, and/or Delicious.  For tech news only updates follow TechNewsRadio on Twitter.

This podcast is sponsored by SCOTTEVEST and Amazon.


Twitter Updates - Google, Amazon, Windows, Chrome, TweetDeck, iPad

The following is a summary of tweets posted to TechNewsRadio@Twitter over the last week:

  • This WEEK in GOOGLE42 bit.ly/9SYkfL Check out: Ribbit, Android Kindle app, Google Reader Play, Diaspora, Google Wave open to all
  • Per @LeviathanChrons the podcast novel "Leviathan Chronicles" has a big update on 5/26 http://bit.ly/8ZzfDq
  • Amazon has announced a Asia Pacific Region AWS datacenter in Singapore (EC2 S3 SimpleDB RDS SNS CloudWatch Cloudfront) http://bit.ly/9NMCNc
  • TechPodcast.com Roundtable is today - Sat. May 22nd at 1pm PT / 4pm ET - Stitcher Radio, Green Screen HowTo, 5 Top Windows Utilities
  • standardizing all my computers with Google Chrome as the default browser - it seems to be faster, more reliable, etc than Firefox
  • TweetDeck 0.3.4.1 seems like a nice upgrade: more meaningful icons, location, scheduled updates, translations, etc
  • OpenOffice.org is looking for proposals their 10th year conference in Budapest, Hungary from 08/31- 09/03/2010 http://bit.ly/b6d6cQ
  • Checking out Apple's "iPad : The Missing Manual—New from O'Reilly" - new book $25 - http://oreil.ly/90aNZO
  • Mark/Space has announced Android Calendar Sync Version 1.4 Beta bit.ly/aDLSrX
  • The new Apple OS X Snow Leopard Security Guide is now available online http://bit.ly/9Rm19H via PDF http://bit.ly/cSanMT
  • Slysoft.com has released AnyDVD6.6.4.2 with support for Avatar, more encryption updates & other fixes http://bit.ly/c0tub1
  • Willow Garage has a new open-source initiative for institutions and universities to build upon a robot platform bit.ly/9muTgs
  • OpenBook Specification for ePub (xhtml, css, etc) - some tools: Calibre & Adobe InDesign http://bit.ly/bGryk8
  • Just installed the new VMWARE 3.1 for Mac -- reports about Bootcamp VMs being faster seem true - more info: http://bit.ly/vmware31
  • PhatWare has announced WritePad for iPad - an advanced handwriting recognition software http://bit.ly/aSuNXT
  • Checking out Tweekdeck v0.34.2 (upgrade from v0.34.1) --- I wonder what is new?
  • Checking out PersonalBrain 5.5 (visual information management) for Mac, Windows, Linux http://bit.ly/bpWZ7Y [free 30 day demo]
  • AppleCentral.com is now the new "centralized" home for MacTech, Now Software, MacNews, MacsimumNews, MacMinute, etc
  • Manager Tools Effective Manager Conference at Denver Marriott City Center has been announced for June 7, 2010 http://bit.ly/akUuI3
  • SitePoint's newest book "Create Stunning HTML Email That Just Works!" looks like a good HTML intro: http://bit.ly/cs7ZCk
  • How to Upgrade Your MacBook's Hard Drive bit.ly/benw4m -- Is a good reference!
  • Anyone interest in an Apple iPad meetup in San Diego, CA - Wednesday, June 9, 2010 http://bit.ly/985fSY


TECH NEWS RADIO PODCAST #362 | 091215 | Parallel Development, RFID, Ubuntu & Conference Pointers

Listen! (Size 7.1 MBs, Running Time 9m47s)

This podcast is sponsored by SCOTTEVEST and Amazon.

Today's TechNewsRadio.com podcast examines the following topics:

Links mentioned in this podcast includes:

We also play a promo for FriendInTech.com's Christmas Special that is expected to be release on Monday, December 21, 2009.

Feel free to follow along with Steve Holden at: Twitter, FriendFeed, and/or Delicious.  For tech news only updates follow TechNewsRadio on Twitter.

This podcast is sponsored by SCOTTEVEST and Amazon.