Earlier this week, Valsmith and I taught a two-day class at BlackHat DC called Tactical Exploitation. This class is loosely structured around gaining access to an organization using atypical techniques. We felt that the course was a huge success and we attribute that to having a small class with exceptional students. The Tactical course is also where we showcase our recent projects and research, along with any new tools that we find especially valuable for this type of work. This week, we built a lab around the recently-released (2.0.2), commercial version of Maltego and demonstrated how to use a local transform to integrate it with the slightly-secret WarVOX project. In addition to our normal profiling, discovery, exploitation, and privilege escalation topics, we also covered WiFi driver exploitation, Karmetasploit, a section on practical IPv6 attacks, tons of post-exploitation techniques and scripts, and a small section on using and encoding metasploit payloads as stand-alone remote access tools. We have no concrete plans to offer this class again this year; BlackHat USA may work out, but we are both short on free time and will have to play it by ear. The BlackHat staff were awesome as usual, its great to see CMP staying out of their operations and letting them do what they do best.