Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
Joe Stewart: Just Another Windows Kernel Perl Hacker
18:55
18:55
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
18:55
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. This leads to some interesting possibilities for hacking the kernel, such as code injection, hooking, forensics, sandboxing and more, all controlled from a …
…
continue reading
1
Jerry Schneider: Reflection DNS Poisoning
19:18
19:18
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
19:18
Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are…
…
continue reading
1
Stephan Patton: Social Network Site Data Mining
23:15
23:15
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
23:15
Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding an approach to automated site access, and the implications of site structure. Associated tools and scripts will be explained. Additionally, investigativ…
…
continue reading
1
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
10:25
10:25
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
10:25
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processin…
…
continue reading
1
Charlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X
25:13
25:13
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
25:13
According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the nu…
…
continue reading
1
Iain Mcdonald: Longhorn Server Foundation & Server Roles
27:37
27:37
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
27:37
Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web …
…
continue reading
1
David Leblanc: Practical Sandboxing: Techniques for Isolating Processes
24:00
24:00
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
24:00
The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.על ידי David Leblanc
…
continue reading
1
Zane Lackey: Point, Click, RTPInject
14:46
14:46
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
14:46
The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (R…
…
continue reading
1
Greg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007
18:06
18:06
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
18:06
Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection…
…
continue reading
1
Dave G & Jeremy Rauch: Hacking Capitalism
20:04
20:04
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
20:04
The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a f…
…
continue reading
1
Ero Carerra: Reverse Engineering Automation with Python
24:27
24:27
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
24:27
Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security,…
…
continue reading
1
Mark Ryan Del Moral Talabis: The Security Analytics Project: Alternatives in Analysis
17:17
17:17
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
17:17
With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe …
…
continue reading
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any…
…
continue reading
1
Mark Vincent Yason: The Art of Unpacking
1:00:52
1:00:52
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:00:52
Unpacking is an art - it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating system in order to identify or solve very difficult anti-reversing tricks employed by packers/protectors, patience and cleverness are also major factors …
…
continue reading
1
Chris Wysopal & Chris Eng: Static Detection of Application Backdoors
1:11:09
1:11:09
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:11:09
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to…
…
continue reading
1
Ariel Waissbein: Timing attacks for recovering private entries from database engines
1:01:54
1:01:54
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:01:54
Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for…
…
continue reading
1
Eugene Tsyrklevich: OpenID: Single Sign-On for the Internet
58:05
58:05
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
58:05
Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenID - a new decentralized Single Sign-On system for the web. OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL a…
…
continue reading
1
Peter Thermos: Transparent Weaknesses in VoIP
1:09:57
1:09:57
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:09:57
The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIVuS tool will be demoed.על ידי Peter Thermos
…
continue reading
1
Bryan Sullivan: Premature Ajax-ulation
1:05:29
1:05:29
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:05:29
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…
…
continue reading
1
Scott Stender: Blind Security Testing - An Evolutionary Approach
58:56
58:56
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
58:56
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…
…
continue reading
1
Alexander Sotirov: Heap Feng Shui in JavaScript
1:14:55
1:14:55
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:14:55
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application. This presentation introduces a new technique for …
…
continue reading
1
Window Snyder & Mike Shaver : Building and Breaking the Browser
58:28
58:28
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
58:28
Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same. Mozilla…
…
continue reading
1
Bruce Schneier: KEYNOTE: The Psychology of Security
49:21
49:21
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
49:21
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…
…
continue reading
1
Eric Schmeidl & Mike Spindel: Strengths and Weaknesses of Access Control Systems
55:37
55:37
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
55:37
Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available?card readers, biometrics, or even posting a guard to check IDs?each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. We pro…
…
continue reading
1
Len Sassaman: Anonymity and its Discontents
1:17:12
1:17:12
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:17:12
In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems, and explain their strengths and limitations. We will then describe the pseudonym syste…
…
continue reading
1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community
46:15
46:15
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
46:15
The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…
…
continue reading
1
Paul Vincent Sabanal: Reversing C++
52:59
52:59
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
52:59
As recent as a couple of years ago, reverse engineers can get by with just knowledge of C and assembly to reverse most applications. Now, due to the increasing use of C++ in malware as well as most moderns applications being written in C++, understanding the disassembly of C++ object oriented code is a must. This talk will attempt to fill that gap …
…
continue reading
1
Joanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone?
1:15:41
1:15:41
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:15:41
We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal fi…
…
continue reading
1
Dror-John Roecher: NACATTACK
1:10:08
1:10:08
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:10:08
The last two years have seen a big new marketing-buzz named "Admission Control" or "Endpoint Compliance Enforcement" and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: "Cisco Network Admission Cont…
…
continue reading
1
Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques
48:09
48:09
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
48:09
Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron i…
…
continue reading
1
Thomas H. Ptacek, Peter Ferrie & Nate Lawson: Don't Tell Joanna, The Virtualized Rootkit Is Dead
1:03:11
1:03:11
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:03:11
Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized rootkits can be made. We are going to show that virtualized rootkits will always be detectable. We would actually go as far as to say they can be easier to detect than kernel rootkits.על ידי Thomas H. Ptacek, Peter Ferrie & Nate Lawson
…
continue reading
1
Cody Pierce: PyEmu: A multi-purpose scriptable x86 emulator
1:01:25
1:01:25
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:01:25
Processor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presentation I address these issues and provide a solution in the form of a scriptable multi-purpose x86 emulator written in Python. The concept was to allow a s…
…
continue reading
1
Mike Perry: Securing the tor network
1:07:32
1:07:32
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:07:32
Imagine your only connection to the Internet was through a potentially hostile environment such as the Defcon wireless network. Worse, imagine all someone had to do to own you was to inject some html that runs a plugin or some clever javascript to bypass your proxy settings. Unfortunately, this is the risk faced by many users of the Tor anonymity n…
…
continue reading
1
Chris Palmer: Breaking Forensics Software: Weaknesses in Critical Evidence Collectio
1:11:17
1:11:17
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:11:17
cross the world law enforcement, enterprises and national security apparatus utilize a small but important set of software tools to perform data recovery and investigations. These tools are expected to perform a large range of dangerous functions, such as parsing dozens of different file systems, email databases and dense binary file formats. Altho…
…
continue reading
1
Chris Paget: RFID for Beginners++
26:44
26:44
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
26:44
Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. Afte…
…
continue reading
1
Alfredo Ortega: OpenBSD Remote Exploit
56:18
56:18
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
56:18
OpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the OS and installs a user-mode process. Several other possible techniques of exploitation are described.על ידי Alfredo Ortega
…
continue reading
1
Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World
59:47
59:47
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
59:47
As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing. The fact remains that m…
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 1
58:12
58:12
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
58:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
Eric Monti & Dan Moniz: Defeating Extrusion Detection
1:23:38
1:23:38
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:23:38
Todays headlines are rife with high profile information leakage cases affecting major corporations and government institutions. Most of the highest-profile leakage news has about been stolen laptops (VA, CPS), or large-scale external compromises of customer databases (TJX). On a less covered, but much more commonplace basis, sensitive financial dat…
…
continue reading
1
Luis Miras: Other Wireless: New ways of being Pwned
1:02:59
1:02:59
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:02:59
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…
…
continue reading
1
Haroon Meer & Marco Slaviero: It's all about the timing
1:13:22
1:13:22
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:13:22
It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …
…
continue reading
1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .
50:31
50:31
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
50:31
Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…
…
continue reading
1
David Litchfield: Database Forensics
1:03:44
1:03:44
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:03:44
Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…
…
continue reading
1
Jonathan Lindsay: Attacking the Windows Kernel
59:23
59:23
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
59:23
Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Although a lot of research has been conducted into exploiting bugs in user mode code for privilege escalation within the operating system defined boundaries…
…
continue reading
1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online
1:02:26
1:02:26
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:02:26
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…
…
continue reading
1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)
1:13:07
1:13:07
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
1:13:07
RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...על ידי Adam Laurie
…
continue reading
1
Dr. Neal Krawetz: A Picture's Worth...
48:37
48:37
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
48:37
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…
…
continue reading
1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web
55:14
55:14
נגן מאוחר יותר
נגן מאוחר יותר
רשימות
לייק
אהבתי
55:14
Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…
…
continue reading