Some of the DC16 speaker summaries have been posted, and these 2 caught my eye:
Time-Based Blind SQL Injection using heavy queries
and
New Tool for SQL Injection with DNS Exfiltration
Both descriptions seem pretty much spot on with what we did in our DefCon talk last year..
hmm.. wonder if its new twists on it, or a little more of the same?
/mh