Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Na później
Na później
Listy
Polub
Polubione
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Na później
Na później
Listy
Polub
Polubione
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
Joe Stewart: Just Another Windows Kernel Perl Hacker
18:55
18:55
Na później
Na później
Listy
Polub
Polubione
18:55
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. This leads to some interesting possibilities for hacking the kernel, such as code injection, hooking, forensics, sandboxing and more, all controlled from a …
…
continue reading
1
Jerry Schneider: Reflection DNS Poisoning
19:18
19:18
Na później
Na później
Listy
Polub
Polubione
19:18
Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are…
…
continue reading
1
Stephan Patton: Social Network Site Data Mining
23:15
23:15
Na później
Na później
Listy
Polub
Polubione
23:15
Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding an approach to automated site access, and the implications of site structure. Associated tools and scripts will be explained. Additionally, investigativ…
…
continue reading
1
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
10:25
10:25
Na później
Na później
Listy
Polub
Polubione
10:25
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processin…
…
continue reading
1
Charlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X
25:13
25:13
Na później
Na później
Listy
Polub
Polubione
25:13
According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the nu…
…
continue reading
1
Iain Mcdonald: Longhorn Server Foundation & Server Roles
27:37
27:37
Na później
Na później
Listy
Polub
Polubione
27:37
Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web …
…
continue reading
1
David Leblanc: Practical Sandboxing: Techniques for Isolating Processes
24:00
24:00
Na później
Na później
Listy
Polub
Polubione
24:00
The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.Autor: David Leblanc
…
continue reading
1
Zane Lackey: Point, Click, RTPInject
14:46
14:46
Na później
Na później
Listy
Polub
Polubione
14:46
The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (R…
…
continue reading
1
Greg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007
18:06
18:06
Na później
Na później
Listy
Polub
Polubione
18:06
Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection…
…
continue reading
1
Dave G & Jeremy Rauch: Hacking Capitalism
20:04
20:04
Na później
Na później
Listy
Polub
Polubione
20:04
The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a f…
…
continue reading
1
Ero Carerra: Reverse Engineering Automation with Python
24:27
24:27
Na później
Na później
Listy
Polub
Polubione
24:27
Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security,…
…
continue reading
1
Mark Ryan Del Moral Talabis: The Security Analytics Project: Alternatives in Analysis
17:17
17:17
Na później
Na później
Listy
Polub
Polubione
17:17
With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe …
…
continue reading
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any…
…
continue reading
1
Mark Vincent Yason: The Art of Unpacking
1:00:52
1:00:52
Na później
Na później
Listy
Polub
Polubione
1:00:52
Unpacking is an art - it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating system in order to identify or solve very difficult anti-reversing tricks employed by packers/protectors, patience and cleverness are also major factors …
…
continue reading
1
Chris Wysopal & Chris Eng: Static Detection of Application Backdoors
1:11:09
1:11:09
Na później
Na później
Listy
Polub
Polubione
1:11:09
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to…
…
continue reading
1
Ariel Waissbein: Timing attacks for recovering private entries from database engines
1:01:54
1:01:54
Na później
Na później
Listy
Polub
Polubione
1:01:54
Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for…
…
continue reading
1
Eugene Tsyrklevich: OpenID: Single Sign-On for the Internet
58:05
58:05
Na później
Na później
Listy
Polub
Polubione
58:05
Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenID - a new decentralized Single Sign-On system for the web. OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL a…
…
continue reading
1
Peter Thermos: Transparent Weaknesses in VoIP
1:09:57
1:09:57
Na później
Na później
Listy
Polub
Polubione
1:09:57
The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIVuS tool will be demoed.Autor: Peter Thermos
…
continue reading
1
Bryan Sullivan: Premature Ajax-ulation
1:05:29
1:05:29
Na później
Na później
Listy
Polub
Polubione
1:05:29
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…
…
continue reading
1
Scott Stender: Blind Security Testing - An Evolutionary Approach
58:56
58:56
Na później
Na później
Listy
Polub
Polubione
58:56
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…
…
continue reading
1
Alexander Sotirov: Heap Feng Shui in JavaScript
1:14:55
1:14:55
Na później
Na później
Listy
Polub
Polubione
1:14:55
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application. This presentation introduces a new technique for …
…
continue reading
1
Window Snyder & Mike Shaver : Building and Breaking the Browser
58:28
58:28
Na później
Na później
Listy
Polub
Polubione
58:28
Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same. Mozilla…
…
continue reading
1
Bruce Schneier: KEYNOTE: The Psychology of Security
49:21
49:21
Na później
Na później
Listy
Polub
Polubione
49:21
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…
…
continue reading
1
Eric Schmeidl & Mike Spindel: Strengths and Weaknesses of Access Control Systems
55:37
55:37
Na później
Na później
Listy
Polub
Polubione
55:37
Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available?card readers, biometrics, or even posting a guard to check IDs?each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. We pro…
…
continue reading
1
Len Sassaman: Anonymity and its Discontents
1:17:12
1:17:12
Na później
Na później
Listy
Polub
Polubione
1:17:12
In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems, and explain their strengths and limitations. We will then describe the pseudonym syste…
…
continue reading
1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community
46:15
46:15
Na później
Na później
Listy
Polub
Polubione
46:15
The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…
…
continue reading
As recent as a couple of years ago, reverse engineers can get by with just knowledge of C and assembly to reverse most applications. Now, due to the increasing use of C++ in malware as well as most moderns applications being written in C++, understanding the disassembly of C++ object oriented code is a must. This talk will attempt to fill that gap …
…
continue reading
1
Joanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone?
1:15:41
1:15:41
Na później
Na później
Listy
Polub
Polubione
1:15:41
We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal fi…
…
continue reading
The last two years have seen a big new marketing-buzz named "Admission Control" or "Endpoint Compliance Enforcement" and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: "Cisco Network Admission Cont…
…
continue reading
1
Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques
48:09
48:09
Na później
Na później
Listy
Polub
Polubione
48:09
Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron i…
…
continue reading
1
Thomas H. Ptacek, Peter Ferrie & Nate Lawson: Don't Tell Joanna, The Virtualized Rootkit Is Dead
1:03:11
1:03:11
Na później
Na później
Listy
Polub
Polubione
1:03:11
Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized rootkits can be made. We are going to show that virtualized rootkits will always be detectable. We would actually go as far as to say they can be easier to detect than kernel rootkits.Autor: Thomas H. Ptacek, Peter Ferrie & Nate Lawson
…
continue reading
1
Cody Pierce: PyEmu: A multi-purpose scriptable x86 emulator
1:01:25
1:01:25
Na później
Na później
Listy
Polub
Polubione
1:01:25
Processor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presentation I address these issues and provide a solution in the form of a scriptable multi-purpose x86 emulator written in Python. The concept was to allow a s…
…
continue reading
1
Mike Perry: Securing the tor network
1:07:32
1:07:32
Na później
Na później
Listy
Polub
Polubione
1:07:32
Imagine your only connection to the Internet was through a potentially hostile environment such as the Defcon wireless network. Worse, imagine all someone had to do to own you was to inject some html that runs a plugin or some clever javascript to bypass your proxy settings. Unfortunately, this is the risk faced by many users of the Tor anonymity n…
…
continue reading
1
Chris Palmer: Breaking Forensics Software: Weaknesses in Critical Evidence Collectio
1:11:17
1:11:17
Na później
Na później
Listy
Polub
Polubione
1:11:17
cross the world law enforcement, enterprises and national security apparatus utilize a small but important set of software tools to perform data recovery and investigations. These tools are expected to perform a large range of dangerous functions, such as parsing dozens of different file systems, email databases and dense binary file formats. Altho…
…
continue reading
Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. Afte…
…
continue reading
1
Alfredo Ortega: OpenBSD Remote Exploit
56:18
56:18
Na później
Na później
Listy
Polub
Polubione
56:18
OpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the OS and installs a user-mode process. Several other possible techniques of exploitation are described.Autor: Alfredo Ortega
…
continue reading
1
Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World
59:47
59:47
Na później
Na później
Listy
Polub
Polubione
59:47
As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing. The fact remains that m…
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 1
58:12
58:12
Na później
Na później
Listy
Polub
Polubione
58:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
Eric Monti & Dan Moniz: Defeating Extrusion Detection
1:23:38
1:23:38
Na później
Na później
Listy
Polub
Polubione
1:23:38
Todays headlines are rife with high profile information leakage cases affecting major corporations and government institutions. Most of the highest-profile leakage news has about been stolen laptops (VA, CPS), or large-scale external compromises of customer databases (TJX). On a less covered, but much more commonplace basis, sensitive financial dat…
…
continue reading
1
Luis Miras: Other Wireless: New ways of being Pwned
1:02:59
1:02:59
Na później
Na później
Listy
Polub
Polubione
1:02:59
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…
…
continue reading
1
Haroon Meer & Marco Slaviero: It's all about the timing
1:13:22
1:13:22
Na później
Na później
Listy
Polub
Polubione
1:13:22
It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …
…
continue reading
1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .
50:31
50:31
Na później
Na później
Listy
Polub
Polubione
50:31
Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…
…
continue reading
1
David Litchfield: Database Forensics
1:03:44
1:03:44
Na później
Na później
Listy
Polub
Polubione
1:03:44
Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…
…
continue reading
1
Jonathan Lindsay: Attacking the Windows Kernel
59:23
59:23
Na później
Na później
Listy
Polub
Polubione
59:23
Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Although a lot of research has been conducted into exploiting bugs in user mode code for privilege escalation within the operating system defined boundaries…
…
continue reading
1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online
1:02:26
1:02:26
Na później
Na później
Listy
Polub
Polubione
1:02:26
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…
…
continue reading
1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)
1:13:07
1:13:07
Na później
Na później
Listy
Polub
Polubione
1:13:07
RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...Autor: Adam Laurie
…
continue reading
1
Dr. Neal Krawetz: A Picture's Worth...
48:37
48:37
Na później
Na później
Listy
Polub
Polubione
48:37
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…
…
continue reading
1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web
55:14
55:14
Na później
Na później
Listy
Polub
Polubione
55:14
Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…
…
continue reading