A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense
Derbycon 2012

No matter how fast you type, your brain moves faster. Itís a constant competition between thinking of great ideas, and making them happen at the keyboard. But inside your brain, another competition is underway. As quickly as you imagine things, youíre also evaluating them and rejecting the ones that wonít work. At least, thatís the way itís supposed to happen. When your enthusiasm for trying something outpaces the review of consequences, then efficiency goes down, not up.

Over the past few years, Iíve made a hobby of playing crypto challenges. Iíve managed to win quite a few of them. But despite all that experience, I still make stupid mistakes. All the time. My enthusiasm drags me down blind alleys, wasting precious time and frustrating whatís supposed to be a fun game.

This talk will review some of these mistakes, incorrect assumptions, and head-meets-desk ďduh!Ē moments, to attempt to draw useful advice from my mistakes. Advice that can be applied to any activity where ideas outstrip the ability to quickly (and safely) test those ideas. Advice that may bring additional discipline to penetration tests, web app tests, mobile app reviews, and other aspects of the security and even engineering fields.

David Schuetz

David is a Senior Consultant with Intrepidus Group, where heís spouted off about RSA, supported large-scale iPad deployments, and found obscure bugs in Appleís MDM system. Heís been fortunate enough to present at ShmooCon and at Black Hat, and recently co-authored an iOS programming security class for SANS.

In 2009, David won the Shmoocon V badge puzzle, and has been hooked ever since. Heís been the first to solve over a dozen such challenges, and has won prizes ranging from a Sakebomb decanter to an iPad (twice!), but he feels the best prize is simply completing the challenge. However, David also estimates that he makes at least one boneheaded mistake for every puzzle heís solved.

Prior to Intrepidus, he spent some years performing compliance-based testing. Despite this, people actually interact with him on Twitter (@schuetzdj) and sometimes leave nice comments on his blog ( http://www.darthnull.org ).
 

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast