Hi all! I enjoyed sharing a bit of infosec with you on Saturday, and I hope you learned a bit and had some fun.
Here are the slides as a PDF: 200 Milliseconds to Owned
The first “mother may I” exploit was MS06-014. The second demo I did was the more interesting MS10-002, a heap spray used in the Aurora attacks. Symantec has a good writeup. If you actually want to play with either of these, you’ll find them both in Metasploit. You should have little trouble duplicating the demos on XP virtual machines with IE6, and with a little websearching you can probably find a version of the MS10-002 exploit that will work on Vista and IE7 machines.