With a double slot for talking, HD Moore and Valsmith took the stage talking about new tools and obscure techniques for penetration testing. They were the only ones to have a double slot, and lots of material was covered.
Here is a list of things they covered:
- HTTP PUT and DELETE now in an AUX module in metasploit.
- SMB version scanner now available. An apple patch came out yesterday, only after two months of the original advisory.
- Paterva Evolution tool for information gathering.
- NFS UDP scanning ids evasion techniques.
- Searching websites for CVS or SVN repositories and backup files.
- UDRW vs U3 technology for autorun USB keys.
- WPAD – Web Proxy Autodiscovery Protocol.
- SMB challenge/response to obtain NTLM hash.
- Devices with old Samba version like NAS and printers.
- Hijacking SSH.
- Hijacking Kerberos.
HD posted the slides and some videos here.