Just about two years ago, Tim Medin presented a new attack technique he christened “Kerberoasting“. While we didn’t realize the full implications of this at the time of release, this attack technique has been a bit of a game changer for us on engagements.

Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments.

The exhortations about the Internet’s prolonged transition to version 6 of the Internet Protocol continue, although after some two decades the intensity of the rhetoric has faded and, possibly surprisingly, it has been replaced by action in some notable parts of the Internet. But how do we know there is action? How can we tell whether, and where, IPv6 is being deployed in today’s Internet?

Nobody wants to say it outright, but the Apple Watch sucks. So do most smartwatches. Every time I use my beautiful Moto 360, its lack of functionality makes me despair. But the problem isn’t our gadgets. It’s that the future of consumer tech isn’t going to come from information devices. It’s going to come from infrastructure.

The real world is messy, and so too is its data. So messy, that a recent survey reported data scientists spend 60% of their time cleaning data. Unfortunately, 57% of them also find it to be the least enjoyable aspect of their job.

Cleaning data may be time-consuming, but lots of tools have cropped up to make this crucial duty a little more bearable. The Python community offers a host of libraries for making data orderly and legible—from styling DataFrames to anonymizing datasets.

HTTP/2 (or "H2" as the cool kids call it) has been ratified for months and browsers already support or have committed to supporting the protocol. Everything we hear tells us that the new version of HTTP will provide significant performance benefits while requiring little to no change to our applications -- all the problems with HTTP/1.x have seemingly been addressed, we no longer need the "hacks" that enabled us to circumvent them, and the Internet is about to be a happy place, at last!

But maybe we should put the pom poms down for a minute! Deploying HTTP/2 may not be as easy as it seems, since the protocol brings with it new complications and issues. Likewise, the new features the spec introduces may not work as seamlessly as we'd hope. In this session, we'll take a practical look at HTTP/2 and examine some of its core features and how they relate to real-world conditions. We'll discuss positives, negatives, and new caveats and practical considerations for deploying HTTP/2. Specifically, we'll cover:

• The single-connection model, and the impact of degraded network conditions on HTTP/2 vs HTTP/1

• How server push interacts (or doesn’t) with modern browser caches

• What HTTP/2's flow control mechanism means for server-to-client communication

• New considerations for deploying HPACK compression

• Difficulties in troubleshooting HTTP/2 communications, new tools, and new ways to use old tools

The audience will walk understanding the basic concepts of HTTP/2, and its pitfalls, allowing them to properly implement it.

Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds. You can run simple tests or perform advanced testing including multi-step transactions, video capture, content blocking and much more. Your results will provide rich diagnostic information including resource loading waterfall charts, Page Speed optimization checks and suggestions for improvements.

I study the impact of technology for a living, and I’m a former programmer. I happily bank online, and use my smartphone to message friends and family. I support and trust encryption to protect ordinary people’s communication. I even believe computers will probably turn out to be safer drivers than too-easily distracted humans. I’m not averse to technological solutions.

In this case, though, we need to stick with methods that allow a paper trail that is verifiable after the election. No matter how you vote, there should be a tightly guarded paper record that can be used for audits, if not for the initial counting. This is not just because paper verification is more tamper-resistant than our insecure voting machines. Our elections need to be open to oversight without the need for voters to understand how encryption works. We can’t tell them to simply trust the experts, especially when people are deliberately sowing distrust.

Two cyberpunks go for their big score by hacking a vicious criminal. Adam Sims reads the novel that coined the term 'cyberspace'. Read by Adam Sims.

When not jacking into the matrix to hack corporate mainframes for shady clients, Bobby Quine and Automatic Jack are hanging out in the Gentleman Loser trying to figure out a way of pulling off that one big score that will make them rich. But industrial espionage is a dangerous business, especially when they decide to rip off Chrome, the most ruthless figure in the local mob subsidiary.

Described as the father of cyberpunk fiction, William Gibson's 1982 story still influences modern sci-fi.

Producer: Eugene Murphy

Made for BBC 7 and first broadcast in 2003.

ssh-audit is a tool for ssh server auditing.
Features

SSH1 and SSH2 protocol server support;
grab banner, recognize device or software and operating system, detect compression;
gather key-exchange, host-key, encryption and message authentication code algorithms;
output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
output algorithm recommendations (append or remove based on recognized software version);
output security information (related issues, assigned CVE list, etc);
analyze SSH version compatibility based on algorithm information;
historical information from OpenSSH, Dropbear SSH and libssh;
no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;

Das Landesgremium OÖ des Maschinenhandels vergibt ausschließlich an OÖ Computer- und Büromaschinenhändler das Internet-Gütesiegel "WKO – Computerhandel – GEPRÜFT“. Um dieses Gütesiegel berechtigt zu führen, müssen diese Betriebe ein Reihe von Kriterien erfüllen und einhalten.

“What we’re getting with the IoT is actuation in the real world. If I take a bunch of thermostats offline for 24 hours in the UK in winter, I’ll probably kill a bunch of pensioners. There’s your cyber terrorism attack.”

Xapian is an Open Source Search Engine Library, released under the GPL v2+. It's written in C++, with bindings to allow use from Perl, Python, PHP, Java, Tcl, C#, Ruby, Lua, Erlang and Node.js (so far!)

Xapian is a highly adaptable toolkit which allows developers to easily add advanced indexing and search facilities to their own applications. It supports the Probabilistic Information Retrieval model and also supports a rich set of boolean query operators.

The trouble with writing fiction is that, as a famous novelist once said, reality is under no compulsion to make sense or be plausible. Those of us who make stuff up are constantly under threat of having our best fictional creations one-upped by the implausibility of real events. I'm pretty much resigned to this happening, especially with the Laundry Files stories: at least space opera and fantasy aren't as prone to being derailed as fiction set in the near-present.

Synthpop Artist made in the 80's

Personal assistants are hot these days. Open source personal assistant is a dream for many developers. Recently released Jasper makes it really easy to install personal assistant on Raspberry Pi and use it for custom voice commands, information retrieval and so on. Jasper is written in Python and can be extended through the API. More importantly, Jasper uses CMUSphinx for offline speech recognition, so much waited capability for assistant developers.

Now that I’m using OpenPGP cards for GnuPG, I may as well start using them for their other bells and whistles too. The first and most useful such extra feature of those cards is using the authentication key for SSH.

Getting this working is actually surprisingly simple...

Please don't advocate learning to code just for the sake of learning how to code. Or worse, because of the fat paychecks. Instead, I humbly suggest that we spend our time learning how to …

+) Research voraciously, and understand how the things around us work at a basic level.
+) Communicate effectively with other human beings.