Most Informative Talk: Oded Horovitz’s talk on VMware. He showed off some upcoming features of the product, like VMSafe, security APIs, and session replay. With VMSafe and the security APIs, you will be able to run code inside the hypervisor! In one demo, he showed how VMSafe can detect malware that was modified to bypass Symantec signatures. And with the session replay, VMware will record everything from the keystroke, network packet, file change, etc so you can replay the scenario after. Apparently this has been available since the release of VMware Workstation 6. Maybe I should pay more attention to the VMware blogs. But from what I saw, the logger consumes about 400mb per minute of recording.
Honorable Mention: Rich Canning’s flash talk. Even though I heard most of this talk a few months ago at iSEC’s Open Security Forum, it was still a good talk. One interesting point was that instead of fixing the vulnerable SWFs, Google moved all the files to another machine, only accessible by IP. This eliminates the threat of an attacker stealing information from the Google domain because it only references an IP, not a domain.
PWN to OWN Contest: TippingPoint updated the rules of the contest. Nobody participated in the day 1 activity, which was restricted to remote pre-auth attacks. Tomorrow they will allow client-side attacks, so hopefully there will be some action there.
Photos: Will be posted once I process them. Hopefully soon. *UPDATE* Pictures are now on flickr.
Other Day 1 Summaries: Robert Hensing did a good job of recapping all of the talks.