[Dailydave] Dry Runs

Dave Aitel dave at immunityinc.com
Wed Apr 8 09:54:02 EDT 2015


When hacking professionally, you model everything very carefully, run
your tools and methodology against the systems, and then revisit
multiple times as you optimize against your known defensive threats.
That's just how professionals work. And I find it funny that INFILTRATE
is the first conference in our sphere that requires a pre-conference
WebEx dry run. I'm going to bullet-list a few things we see a lot just
so everyone knows:

1. Use Prezi. You don't HAVE to because I know it makes you feel like a
hippie, but it also makes for better presentations. This is for three
reasons:
   a. Zoom. Zoom. MORE ZOOM. Zoom is the most key feature in a
presentation but so few people use it because in every other
presentation software it is super impossible to do.
   b. Hierarchical presentations. PPT and Keynote take your nice
pyramid-like thoughts which are connected naturally and then flatten
them into a line of slides. You get a MUCH better presentation by being
able to subtly show the true shape of your thoughts.
   c. It is much easier and faster to create a Prezi than a good PPT.
This means more time thinking about what you are trying to represent and
less time fixing how big the fonts are in slide 50.

That doesn't mean there aren't downsides to Prezi. But overall it is a
massive step forwards.

2. Contrast in your text. No more yellow on white please. People's eyes
are not good and what you see on a washed out projection is not as good
as what you see on your screen.

3. Gliffy.com . That way your diagrams look great and you have MORE of
them. More diagrams done more easily usually makes for a much better
presentation.

4. Be more offensive. Don't worry as much about SELLING your idea but
think more about showing the metrics behind your success. We usually ask
at the end for more NUMBERS. How does your technique compare to other
things that generate numbers? Feel free to call people out. You can name
names in your research. You can say "I dont' think this works the way
they say it does."

5. Think bigger picture. So many people talk about their technique but
don't talk about what that level of success means for the larger world.
We want to see "if the level of effort for X is so small, what does that
mean for people trying Y?" What are the defenders going to do next to
stop you? Is this something really easy for them, or really hard?

6. People do movies instead of demos, but they make the font in the
movie terminals the default, instead of GIANT SO BIG FONT THAT WE CAN
SEE IT. Please when you make a demo movie for a presentation, make the
fonts 20% larger than you think they need to be for a blind person to
read them from the back row.

7. More screenshots, with big fonts in them. People love to see
screenshots because they illustrate your bullet-list points very clearly
sometimes (i.e. what are the arguments to that thing you wrote again?).

-dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150408/fcd48f3c/attachment.sig>


More information about the Dailydave mailing list