Where can you learn more?

The BlueHat team has been getting a lot of questions from both inside and outside of Microsoft asking if we are going to publicly post video or audio recordings of the BlueHat presentations, or if we are going to hoard the BlueHatty goodness and keep the presentation details all to ourselves…  A totally valid question since all of our BlueHat presentations from 2005 and 2006 are fantastic and things any developer or IT Pro could benefit from seeing. 

BlueHat speakers present at a number of public conferences, many of the speakers have written books, and in some cases speakers are willing to schedule private presentations to interested groups.  So while we don’t want to deprive customers of information that could help them improve their enterprise or product security, Microsoft is also respectful of our speaker’s expertise and the business they derive from that.  To that end, we are attempting to provide a list of publicly available resources you might reference for additional information.

(speakers – please let me know if I’ve missed something and I’ll update the posting!!)


Upcoming Public Presentations & Training (listed in date order)

Caleb SimaMethodologies and Demos of Web Application Hacks: ISSA Charlotte 3rd Annual Information Security Summit, Charlotte NC, March 23

Vinnie LiuBleeding-edge Anti-forensics: InfoSecWorld 2006, Orlando FL, April 3-5

HD Moore – Metasploitation (and a dash of IPS): CanSecWest, Vancouver BC, April 5-7

Halvar FlakeMore on Uninitalized Variables: CanSecWest, Vancouver BC, April 5-7

Alex Stamos & Scott StenderAttacking Web Services: CanSecWest, Vancouver BC, April 5-7

Vinnie LiuDefeating Forensic AnalysisComputer and Enterprise Investigations Conference 2006 (CEIC), Lake Las Vegas NV, May 3-6

David Litchfield – Breakable: Secure Your Oracle Servers By Breaking Into Them: Black Hat Training, Las Vegas NV, July 29-30 and again July 31-August 1

Kev Dunn – Advanced Database Security Assessment: Black Hat Training, Las Vegas NV, July 29-30 and again July 31-August 1

Halvar Flake Analyzing Software for Security Vulnerabilities: Black Hat Training, Las Vegas NV, July 31-August 1

Halvar FlakeSABRE Security Training, Frankfurt Germany, October 2006


On Demand Webcasts, Videos, & Presentations

Caleb Sima: http://www.spidynamics.com/spilabs/education/webcasts.html

Caleb Sima: http://www.spidynamics.com/spilabs/education/videos.html

Brett Moore: http://www.security-assessment.com/tech-1.htm

BlueHat speakers present at many conferences worldwide, but Black Hat and ShmooCon are the only conferences we are aware of that offer a public archive of prior conference presentations. 



*whoops, RECon and HITB also have online archives…  Thanks TG for the reminder.


David Litchfield: The Database Hacker’s Handbook: Defending Database Servers (ISBN: 0764578014)

David Litchfield: The Shellcoder’s Handbook : Discovering and Exploiting Security Holes (ISBN: 0764544683)

David Litchfield: SQL Server Security (ISBN: 0072225157)

Caleb Sima: Hacking Exposed Web Applications, Second Edition (Hacking Exposed) (ISBN: 0072262990)

Johnny Long: Google Hacking for Penetration Testers (ISBN: 1931836361)

Vinnie Liu, Johnny Long: Penetration Tester’s Open Source Toolkit (ISBN: 1597490210)

Vinnie Liu: Writing Security Tools and Exploits (ISBN: 1597499978)

Dan Kaminsky: Hack Proofing Your Network 2nd Edition (ISBN: 1928994709)

David Maynor: ISS X-Force: Next Generation Threat Analysis and Prevention (ISBN: 1597490563)


UPDATED MARCH 29, 2006 to add upcoming presentations by Vinnie Liu, change authors listed on Penetration Tester’s Open Source Toolkit, and add two more conference archives.