Today I am attending the third day on the Blackhat Europe 2007 in Amsterdam. This Blackhat is my first one, and all expectations for this event (includes briefings als well as trainings) are satisfied till now. The training I’ve attended was called “Web Application (In) Security” and was held by two trainers of NGS Software Ltd. from London. The course material we got from NGS fas most quite complete, covering the basics from webapplication security to the lastest state-of-the-art attacks for exploiting webapplications. Some things were common for me, based on the fact that I am doing some pentesting for webapplications for my employer, the University of Karlsruhe.
Surprisingly, one of the trainers (Dafydd Stuttard) was the maintainer of burpsuite, a brilliant collection of tools for testing webapplications. burpsuite allows a very convenient way of attacking webappplications in various ways. I am not going into details for now, better check out for yourself - I’ts worth having a look.
The talks today I’ve been in, were quite technical (which I personally like much), and pointed out some interesting ideas and thoughts. Adam Laurie held a talk about the RFID-security (and presented (of course!) some new ways of 0wing a Hotel. Top notch.) was one of the highlights today, as well as the talk from Olli Whitehouse covering GS and ASLR in Windows Vista.
The Blackhat is located in the Moevenpick Hotel in Amsterdam. It is nice, but definitely too far way from the city centre (about 20 Minutes), whereas the “old” Place, the Hotel Krasnapolsky, was located in the middle of Amsterdam. This evening is the party event (sponsored by Microsoft), hope that boozing there won’t be that desastrous ..