Dailydave mailing list archives
Re: Dry Runs
From: Jordan Wiens <jordan () psifertex com>
Date: Tue, 14 Apr 2015 23:25:07 -0400
I strongly agree with your general comments about dry-run throughs. I'm surprised no other security conference (that I know of) has borrowed the approach. One of the problems I have with Prezi is hinted at by your 1(b). Prezi doesn't lend itself to easy organization of thoughts in that it's up to you to provide all the structure. I often start with an outlining app first and then migrate to prezi when I use it, but that's not efficient. Also, the infinite zooming can certainly be useful, but I think it often ends up being distracting more often than clarifying. One alternative I like is reveal.js (https://github.com/hakimel/reveal.js/). It allows easy hierarchical organization (in two-axes at least), and has other added bonuses like being plain text and therefore convenient for version control, viewable anywhere without proprietary software (heck, it works fine on mobile platforms even -- a good way to test your minimum font sizes). Oh -- I don't think I showed it off during our dry-run through, but you can also zoom out of the whole presentation when you want to quickly navigate to a particular slide and that's where the hierarchical structure is extra handy for quick navigation. Also, prezi doesn't do this: http://lab.hakim.se/reveal-js/#/10/4 There's all sorts of generator scripts from structured markup like Markdown (https://github.com/webpro/reveal-md) or org-mode ( https://github.com/yjwen/org-reveal) that are even more convenient for simple editing of the initial slide content which helps for quick outlining, version control, etc. That helps a ton with the separation of presentation and content that Jacob referenced, but LaTeX can get annoying. There's also a few other .js based presentation frameworks that have similar capabilities to prezi if you're up for experimentation, like impress.js (http://bartaz.github.io/impress.js/#/bored), strut.io ( http://strut.io/) which is an almost-wysiwyg like editor for a couple of these frameworks, though it's a bit buggy. -- jordan On Wed, Apr 8, 2015 at 9:54 AM, Dave Aitel <dave () immunityinc com> wrote:
When hacking professionally, you model everything very carefully, run your tools and methodology against the systems, and then revisit multiple times as you optimize against your known defensive threats. That's just how professionals work. And I find it funny that INFILTRATE is the first conference in our sphere that requires a pre-conference WebEx dry run. I'm going to bullet-list a few things we see a lot just so everyone knows: 1. Use Prezi. You don't HAVE to because I know it makes you feel like a hippie, but it also makes for better presentations. This is for three reasons: a. Zoom. Zoom. MORE ZOOM. Zoom is the most key feature in a presentation but so few people use it because in every other presentation software it is super impossible to do. b. Hierarchical presentations. PPT and Keynote take your nice pyramid-like thoughts which are connected naturally and then flatten them into a line of slides. You get a MUCH better presentation by being able to subtly show the true shape of your thoughts. c. It is much easier and faster to create a Prezi than a good PPT. This means more time thinking about what you are trying to represent and less time fixing how big the fonts are in slide 50. That doesn't mean there aren't downsides to Prezi. But overall it is a massive step forwards. 2. Contrast in your text. No more yellow on white please. People's eyes are not good and what you see on a washed out projection is not as good as what you see on your screen. 3. Gliffy.com . That way your diagrams look great and you have MORE of them. More diagrams done more easily usually makes for a much better presentation. 4. Be more offensive. Don't worry as much about SELLING your idea but think more about showing the metrics behind your success. We usually ask at the end for more NUMBERS. How does your technique compare to other things that generate numbers? Feel free to call people out. You can name names in your research. You can say "I dont' think this works the way they say it does." 5. Think bigger picture. So many people talk about their technique but don't talk about what that level of success means for the larger world. We want to see "if the level of effort for X is so small, what does that mean for people trying Y?" What are the defenders going to do next to stop you? Is this something really easy for them, or really hard? 6. People do movies instead of demos, but they make the font in the movie terminals the default, instead of GIANT SO BIG FONT THAT WE CAN SEE IT. Please when you make a demo movie for a presentation, make the fonts 20% larger than you think they need to be for a blind person to read them from the back row. 7. More screenshots, with big fonts in them. People love to see screenshots because they illustrate your bullet-list points very clearly sometimes (i.e. what are the arguments to that thing you wrote again?). -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Dry Runs Dave Aitel (Apr 08)
- Re: Dry Runs Jacob Torrey (Apr 13)
- Re: Dry Runs Jordan Wiens (Apr 15)