Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference - podcast cover

Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference

Jeff Mosswww.blackhat.com
Technology
Tech News
Podcasting
Past speeches and talks from the Black Hat Briefings computer security conferences.

The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-index.html
If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and.mp4 h.264 192k video format.
Last refreshed:
Follow this podcast in the Metacast mobile app to refresh it and see new episodes.
Follow on
Apple Podcasts
Spotify
RSS
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episodes

Jeff Moss: Welcome Speech (Japanese)

Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.

Jun 04, 20066 min

Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous (English)

"Imagine you?re visiting a popular website and invisible JavaScript Malware steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005?s ""Phishing with Superbait"" presentation we demonstrated that all these things were in fact possible using ...

Jun 04, 20061 hr 24 min

Heikki Kortti: Input Attack Trees (Japanese)

"By modeling all of the possible inputs of a protocol or file format as an input tree, the potential weak points of an implementation can be assessed easily and efficiently. Existing attacks can be reused for similar structures and datatypes, and any complex or susceptible areas can be focused on to improve the probability for success. This method is applicable not only for creating new attacks, but also for proactive defense and even protocol design. Some knowledge of network protocols is expec...

Jun 04, 20061 hr 22 min

Darren Bilby: Defeating Windows Forensic Analysis in the Kernel (Japanese)

"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap you ...

Jun 04, 200655 min

Mitsugu Okatani: Keynote: Change in the Meaning of Threat and Technology...What are the Current Trends in Japan? (Japanese)

"As the Internet becomes a social framework, attacks and incidents with various intents have been actualized. As a result, previously unrelated organizations and groups have become actively engaged in discussions regarding threats and technology. In addition, they have begun to approach and actively engage in creating and implementing information security policies. This session will cover the information security revolution in Japan, as seen from analzyed attack models which have been actualized...

Jun 04, 20061 hr 4 min

Yuji Hoshizawa: Increasingly-sophisticated Online Swindler (English)

"To know various fraud schemes is important when implementing counter measures against it. During this session, the presenter will show the latest online fraud schemes. Vulnerable Internet users could easily be captured in the traps of which set up by criminals who take increasingly sophisticated online fraud schemes such as Phising and One Click Fraud. In this session, we will show the latest online fraud schemes. Mr. Hoshizawa joined Symantec in 1998, took a position in charge of security rese...

Jun 04, 20061 hr 23 min

Jeff Moss: Welcome Speech (English)

Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.

Jun 04, 20067 min

Dan Moniz: Six Degrees of XSSploitation (Japanese)

Social networking sites such as MySpace have recently been the target of XSS attacks, most notably the "samy is my hero" incident in late 2005. XSS affects a wide variety of sites and back end web technologies, but there are perhaps no more interesting targets than massively popular sites with viral user acquisition growth curves, which allow for exponential XSS worm propagation, as seen in samy's hack. Combine the power of reaching a wide and ever-widening audience with browser exploits (based ...

Jun 04, 200652 min

Takayuki Sugiura: Winny P2P Security (Japanese)

"There have been a series of information leak incidents being happening in Japan regarding to the use of P2P file sharing softwares. But those incidents are just a tip of iceberg. There were expected to be tens of thousands of incidents that even not reported in the news. P2P file sharing softwares usually designed to enhance user anonymity therefore users of such software can enjoy act of violating the copyright law. However, contrary to such users assumption, the nature of P2P networks are nea...

Jun 04, 20061 hr 42 min

Thorsten Holz: Catching Malware to Detect, Track and Mitigate Botnets (Japanese)

"Botnets pose a severe threat to the today?s Internet community. We show a solution to automatically, find, observe and shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automatically collect bots with the help of the tool nepenthes.We present the architecture and give technical details of the implementation. After some more words on the effectiveness of this approach we present an automated way to analyze the collected bina...

Jun 04, 20061 hr 29 min

Paul Bohm: Taming Bugs: The art and science of writing secure code (English)

If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedString...

Jun 04, 20061 hr 14 min

Kenneth Geers & Alexander Eisen: IPv6 World Update:Strategy & Tactics (Japanese)

"The U.S. Government has mandated that its organizations be IPv6-compliant by June 30, 2008. The Japanese government has already missed more than one IPv6 deadline. But while we can argue about specific dates for compliance and deployment, there is no question but that your organization must begin to prepare for the next generation Internet, and it should start today. This presentation is based on wide-ranging, in-depth research, including interviews with the top thinkers on the most crucial iss...

Jun 04, 20061 hr 26 min

Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 (English)

"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamental "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunately,...

Jun 04, 20061 hr 33 min

Joanna Rutkowska: Subverting Vista Kernel For Fun And Profit (English)

"The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot. Next, the new technology for creating stealth malware, code-named Blue Pill, will be presented. Blue Pill utilizes the latest virtualization technology...

Jun 04, 20061 hr 24 min

Scott Stender: Attacking Internationalized Software (English)

"Every application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation. Some software developers understand that interpreting data is an incredibly difficult task and implement their systems appropriately. The rest write, at best...

Jun 04, 20061 hr 33 min
For the best experience, listen in Metacast app for iOS or Android