PaulDotCom mailing list archives
Tips on teaching security
From: tadaka at gmail.com (Jason Wood)
Date: Fri, 4 Sep 2009 14:34:51 -0600
Just for another point of view from an audience member... I watched the guys from Mandiant present "Metasploit Autopsy: Reconstructing the Crime Scene" at Blackhat and thought they had an awesome demo. They were presenting their tools to show how a forensics investigator could reconstruct a Meterpreter session that took place in RAM only. Nothing went to disk. Here's the way it went. They had a VM of XP which they were using to run powerpoint for the presentation. At the beginning of the talk, they popped the XP box, loaded up Meterpreter, ran some commands in cmd.exe, ended their session and closed the Meterpreter process. Then they proceeded to give the talk for the next 40 minutes using the XP box they compromised. At the end of the talk, they imaged RAM and dumped it to a file. Ran their script against the image file and extracted the entire Meterpreter session, showed every command they ran and what they got back. I don't remember much of what was actually said, but I definitely remember the demo and the capability that they showed. That presentation is one that stands out to me for those two days. I was also a bit impressed that the Demo Gods didn't strike them down for attempting such a gutsy thing. Jason On Fri, Sep 4, 2009 at 10:09 AM, Michael Dickey <lonervamp at gmail.com> wrote:
As a presentation watcher, I think demos are worth their effort in gold. Especially demos of your topics (OWASP 10 and Mutillidae)! Otherwise your audience is just going to sit there watching technical concepts be described...that only gets so far and lasts so long. Even if you don't demo, specifically, examples of any sort are sexy. Similar to why analogies get used so often. On Fri, Sep 4, 2009 at 9:55 AM, Chris Teodorski <chris.teodorski at gmail.comwrote:So what is the general consensus on using demos in a talk, good, bad? I'm giving a talk at the end of September on the OWASP top 10 and Mutillidae and I'm debating demo or no demo? If I do a demo it will be a screencast, because I'm not willing to sacrifice my first born, I'm kind of fond of her._______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- irc: Tadaka Twitter: Jason_Wood jwnetworkconsulting.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090904/0761959a/attachment.htm
Current thread:
- Tips on teaching security, (continued)
- Tips on teaching security Richard Baker (Sep 03)
- Tips on teaching security John Strand (Sep 04)
- Tips on teaching security Tim Mugherini (Sep 04)
- Tips on teaching security Adrian Crenshaw (Sep 04)
- Tips on teaching security Robert Portvliet (Sep 04)
- Tips on teaching security Chris Teodorski (Sep 04)
- Tips on teaching security Russell Butturini (Sep 04)
- Tips on teaching security Brett Hoff (Sep 04)
- Tips on teaching security Jack Daniel (Sep 04)
- Tips on teaching security Michael Dickey (Sep 04)
- Tips on teaching security Jason Wood (Sep 04)
- Tips on teaching security Philippe Gamache (Symfony Project) (Sep 04)