They did a brute force on private keys starting at 0x00...00 and increasing and found some BTC. They did a brute force on some brain wallets using common words as a private key generator and found some BTC.
They did a brute force on some "random" brain wallets that they were using JavaScript's Math.random(). Because JS generates a random number with a seed based on what time it is, they were able to generate past and future private keys and found some more BTC.
They also expanded on this ECDSA vulnerability explaining that once they found one bad address, they could use what they found there to expose other bad addresses. I thought it was an interesting talk, even though all of these "vulnerabilities" have been known for a while and are all because of bad client side code, aka in wallets.