Yep you read right, the folks at Co-operative Linux have created a distro where Linux runs as a Windows service. There is a version of Gentoo (my favourite distro) or Debian.

I was dual booting my laptop or using two laptops when Pen Testing so I could use both Windows and Linux based tools, now I run Gentoo in a DOS box on my Windows laptop with access to all my favourite Linux Pen Test tools.

CoLinux even supports multiple consoles through the Alt F1-F4 keys and the ability to cut and paste between Linux and Windows. Networking is provided by WinPCap bridging, so that the Linux "service" gets its own IP address. Very sweet solution.

Google has released another new product which is called Google Secure Access. ("GSA") Essentially it is a PPTP VPN to the Google servers. The purpose of GSA is to secure your WiFi access if you were using WiFi in an airport or some other hotspot.

I have found a nice nefarious use for this tool that I am sure people will soon realise. Use the Google VPN to connect to the Internet and bypass your company's content filtering solution. Another good reason to have your outbound firewall rules as tight as your inbound rules.

Well Ruxcon has been and gone. It was awesome, really enjoyed it and will definitely go next year.

So here is my 60 second run down of the talks:

• Mark Dowd (ISS) - COM security: Really interesting talk about Windows COM object security. Think local privilege escalation.
  
  
• Roelof Temmingh (SensePost) - Attack Automation: Roelof demonstrated the new BiDiBlah tool. Sensational. Shows that GUI tools don't always have to be for S'Kiddies. Clever asynchronous scanning engine which allows for super fast port scans.
  
  
• Ben Nagy (eEye) - Beyond NX, Attackers Guide: Highly technical yet fascinating talk about Microsoft's NX (No Execute) technology to prevent buffer overflows and potential ways to circumvent it. Great presenter.
  
  
• Brett Moore (SecurityAssessment) - Same Bug, Different App: Great presentation about a common sense approach to vulnerability discovery. I got a lot out of this presentation that I am going to apply in my approach to pen testing. Brett is a great presenter.
  
  
• Nik Cubrilovic (Solutionstap) - Securing Modern Web Applications: I think Nik knows his stuff when it comes to web apps but his talk just sucked. It was slow and boring. I think he re-hashed a middle management presentation for Ruxcon. The Ruxcon audience didn't need the difference between HTTP GET and POST explained to them. He also carried on about the use of GET as panic worthy "if your web apps are accepting GET I would be rushing home to fix them now...". Nik has obviously never heard of an interception proxy like Burp for messing around with POSTs, but in fairness I think his comments about GET were more around XSS, which I don't think is as important as some of the other vulnerabilities I am seeing in the wild, XSS is just more high profile. (Can you tell he bugged me?)
  
  
• Andrew Van Der Stock (OWASP) - OWASP 2.0 for Deep Penetration Testing: Andrew is a really smart guy and I know him personally from my local OWASP chapter, but I didn't get much out of his talk. I have been getting right into OWASP stuff lately so I shouldn't be too surprised.
  
  
• David Jorm - Black Box Web App Pen Testing: I didn't get much out of this one either. David is a great presenter but his presentation was a bit introductory for my liking. Good use of demo's.
  
  
• Amy Beth Corman (Melbourne University) - Crypto Rodeo: Another good presentation. It was easy enough for non-crypto people to understand without being boring for people who have a crypto background. I liked the side channel attack on AES, interesting.
  
  
• Christian Heinrich (SecureAgility) - Defeating NIDS: This was a case of good subject matter presented poorly.
  Update: (20th December 2005). To be fair I have spoken to Christian since Ruxcon and there were some extenuating circumstances that severely curtailed his ability to deliver the presentation in the manner he was hoping for.
  
  
• Cedric Blancher (Rstack) - Attacking WiFi with Traffic Injection: I was expecting a ho-hum "WEP is vulnerable" presentation but I was happily surprised. This was a great WiFi presentation with an update on latest tools and techniques including discussion on security features in WPA and WPA2. Excellent.
  
  
• Nicolas Brulez (WebSense) - Malware Analysis: Although Nicolas was a bit hard to understand, his presentation about reverse engineering malware was quite informative.
  
  
• Ilja Van Sprundel & Neil Archibald - Breaking Mac OS X: This was quite a good talk even if not of particular interest to me. These guys knew their stuff and have found several vulnerabililties in OS X.

I missed the last two presentations as I had a flight to catch. Next year I will make sure I am there till the end.