Hacker conference videos

Almost every security conference we’ve attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you’re bound to find an interesting talk.

[thanks, Dan]
[photo: ario_j]

The 2008 Shmooball Gun

I caught up with [Larry] from pauldotcom.com and got a quick walk-through of his Shmooball gun. After several less successful attempts, this one worked pretty damn well and featured a distinctive sound that caused a notable glimmer of fear in the eyes of the speakers. *cough*[renderman]*cough*. Read on for the secrets of the Shmooball gun.

Continue reading “The 2008 Shmooball Gun”

ShmooCon 2008: Hard drive highlights

Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.

Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.