All sorts of hype has been made about the big talks at Blackhat, but for those of us that weren't there, check out the side-channell coolness from the SensePost guys (straight out of SA). They have released a tool called Squeeza which provides a nice functional shell-like overlay for your SQL injections. Additionally, the demo'ed some very cool DXSRT which takes the JavaScript 'logged on' timing attacks to a new level.

However, what I thought was awesome were the side channel data leaks via DNS. Basically, by getting a machine behind a firewall to do a DNS lookup to <encoded data>.attackersdomain.com you can leak data out from behind a firewall. Simple and very cool.

While I'm at it, check out their blog, it's shaping up to be a great regular read.