With the conclusion of this talk I'm happy to announce that two new evil agent updates have been completed!
- IMAP Mirroring! Download a victim's entire IMAP directory! Use social engineering, have the help desk e-mail them a new password!
- Metasploit integration! SMB Relay an enterprise's server farm with Squirtle!
On Nov 11th MSRC posted some information on MS08-068 implementing some changes to the NTLM protocol to neuter the SMB Relay attack and possibly (but not mentioned) Squirtle as well. I haven't had a chance to play with yet as I didn't want to possibly spoil the live demos so close to DeepSec. It's nearly time to spend the evening at Metalab so more information as it develops (I promise!)
Big thanks to everyone here at DeepSec for coordinating this one-of-kind conference. Vienna is such a beautiful place to visit, I only wish it would be earlier in the season when it's not so cold and dreary outside. I hope to come next year for DeepSec 09!
Also, look for my ugly mug to make an appearance on Help Net Security soon. It's a brief plea on using Squirtle and hopefully my excitement over reaching more people isn't too transparent. :)