A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics...
Jun 04, 2006•51 min
Input validation is an important part of security, but it's also one of the most annoying parts. False positives and false negatives force us to choose between convenience and security-but do we have to make that choice? Can't we have both? In this talk two University of Iowa researchers will present new methods of input validation which hold promise to give us both convenience _and_ security. A basic understanding of SQL and regular expressions is required. Robert J. Hansen: B.A. in Computer Sc...
Jun 04, 2006•49 min
The Grugq has been at the forefront of forensic research for the last six years, during which he has been pioneering in the realm of anti-forensic research and development. During this time, he has also worked with a leading IT security consultancy and been employed at a major financial institution. Most recently he has been involved with an innovative security software development start-up company. Currently the Grugq is a freelance forensic and IT security consultant. While not on engagements,...
Jun 04, 2006•1 hr 9 min
The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginni...
Jun 04, 2006•57 min
Most users treat a hardware solution as an inherently trusted black box. "If it's hardware, it must be secure," they say. This presentation explores a number of classic security problems with hardware products, including access to stored data, privilege escalation, spoofing, and man-in-the-middle attacks. We explore technologies commonly used in the network and computer security industries including access control, authentication tokens, and network appliances. You'll leave this presentation kno...
Jun 04, 2006•1 hr 13 min
This will be a practical and theoretical tutorial on legal issues related to computer security practices. In advance of the talk, I will unscientifically determine the "Top Ten LegalQuestions About Computer Security" that Black Hat attendees have and will answer themas clearly as the unsettled nature of the law allows. While the content of the talk is audience driven, I expect to cover legal issues related to strike-back technology,vulnerability disclosure, civil and criminal liability for maint...
Jun 04, 2006•1 hr 13 min
Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think that Anna Kournikova is hot. If the answer to any of the above questions is yes, then you need an introduction to the Gulag Archipelago of the Internet...
Jun 04, 2006•1 hr 2 min
Don't get caught. Building off of Foster's log manipulation and bypassing forensics session at BlackHat Windows 2004, James C. Foster and Vincent T. Liu will share over eighteen months of continued private forensic research with the Black Hat audience including ground-breaking vulnerabilities and key weaknesses in some of the most popular tools used by forensic examiners including EnCase, CA eTrustAudit, and Microsoft ISA Server. Watch live demonstrations as Foster and Vinnie detail how to lever...
Jun 04, 2006•58 min
In a refreshing different format, Foster cracks the audience with a twenty minute comedic dissertation of the past year in the information security industry. Performing standup, Foster will roast the year's worst companies' business mistakes, stereotypes, books, websites, Fucked Company security excerpts in addition to posing fun of those who don't have the dream job, boatloads of cash, the supermodel girlfriend, or cabana boy - boyfriend with humorous hints of how to get there. Wrapping up the ...
Jun 04, 2006•16 min
This presentation shows new ways to attack Oracle Databases. It is focused on SQL injection vulnerabilities and how can be exploited using new techniques. It also explains how to see the internal PL/SQL code that is vulnerable in Oracle built-in procedures and examples using recently discovered vulnerabilities. Buffer overflows, remote attacks using web applications and some ways to protect from these attacks also will be shown. Esteban Martinez Fayo is a security researcher; he has discovered a...
Jun 04, 2006•52 min
This topic will present the proposal/idea/work from the author's master graduate project about effective detection of SQL Injection exploits while lowering the number of false positives. It gives detail analysis example of how database auditing could help this case, and also presents the challenge with anomaly detection for this attack and how the author tried to solve them. Finally a correlation between the two will be presented. Yuan Fan, CISSP, has worked in the network security area for more...
Jun 04, 2006•20 min
Web applications are constantly under attack, and must defend themselves. Sadly, today, most cannot. There are several key elements to building self-defending software but only a few are focused on today, including input validation, output encoding, and error handling. Strong Session Handing and effective Authorization mechanisms are almost completely ignored in web application software development. Many of the threats are well known, but the techniques for building applications that can defend ...
Jun 04, 2006•22 min
This presentation, by a former Deputy Legal Adviser to the White House National Security Council, and author of a chapter on legal issues in the forthcoming "Case Studies for Implementing the NSA IEM," will provide information security consultants and information technology providers alike with insights into: how emerging United States national security and cybersecurity policies and initiatives could impact the work of consultants and technology providers; emerging standards of potential legal ...
Jun 04, 2006•1 hr 30 min
Himanshu Dwivedi's presentation will discuss the severe security issues that exist in the default implementations of iSCSI storage networks/products. The presentation will cover iSCSI storage as it pertains to the basic principals of security, including enumeration, authentication, authorization, and availability. The presentation will contain a short overview of iSCSI for security architects and basic security principals for storage administrators. The presentation will continue into a deep dis...
Jun 04, 2006•1 hr 12 min
Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window of 30-40 packets that is insufficient when dealing with network datasets that could be on the order of millions of packets. In addition, it only displays traffic from packet captures and lacks the ability to incorporate and correlate other security related datastreams. In an attempt to break from this paradigm, we will explore conceptual, system design and implementation techniques to help you build better securit...
Jun 04, 2006•1 hr 10 min
The Shatter attack uses the Windows API to subvert processes running with greater privilege than the attack code. The author of the Shatter code has made strong claims about the difficulty of fixing the underlying problem, while Microsoft has, with one exception, claimed that the attack isn't a problem at all. Whether or not Shatter is indeed an exploit worth worrying about, it uses a feature of Windows that has other malicious uses, such as keystroke logging. This talk presents a means of defea...
Jun 04, 2006•26 min
This presentation looks at computer network defense and the legal cases of the last year that affect internet and computer security. This presentation clearly and simply explains (in non-legal terms) the legal foundations available to service providers to defend their networks. Quickly tracing the legal origins from early property common-law doctrine into today's statutes and then moving into recent court cases and battles. This presentation will quickly become an open forum for questions and de...
Jun 04, 2006•1 hr 15 min
It has become apparent that the greatest threat toward the survival of peer to peer, and especially file sharing, networks is the openness of the peers themselves towards strangers. So called "darknets"-encrypted networks where peers connect directly only to trusted friends-have been suggested as a solution to this. Some, small-scale darknet implementations such a Nullsofts WASTE have already been deployed, but these share the problem that peers can only communicate within a small neighborhood. ...
Jun 04, 2006•1 hr 1 min
This talk will cover the Defense Cyber Crime Center (DC3), our mission and capabilities. The DC3 is one-stop shopping for cyber crime related support. We have approximately 160 people assigned in 3 main organizations: * The Defense Computer Forensics Lab - probably the largest digital forensics lab in the world and the leader in handling large datasets. One case averages 75 terabytes. * The Defense Computer Investigations Training Program - the most high-tech classrooms in the world, training al...
Jun 04, 2006•1 hr 4 min
The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach c...
Jun 04, 2006•1 hr 2 min
Databases are where your most valuable data rest, when you use a database server you implicitly trust the vendor, because you think you bought a good and secure product. This presentation will compare MS SQL Server and Oracle Database Server from security standpoint, comparison will include product quality, holes, patches, etc. This presentation will also show how both vendors manage security issues and how they have evolved over time. The main goal of this presentation is to kill the myths surr...
Jun 04, 2006•21 min
This talk will be on using toolkits for your pen-testing, vulnerability assessment etc. Configuring a plethora of the different tools out there can be quite time consuming, and challenging. The focus of this talk will be to look at an alternative solution that provides a suite of tools at boot. Until recently there was not very many toolkits, and the ones that were there did not work very well, that has changed and in this talk I will discuss the toolkits available, and demo one of the better on...
Jun 04, 2006•24 min
Trust Transience: Post Intrusion SSH Hijacking explores the issues of transient trust relationships between hosts, and how to exploit them. Applying technique from anti-forensics, linux VXers, and some good-ole-fashioned blackhat creativity, a concrete example is presented in the form of a post-intrusion transparent SSH connection hijacker. The presentation covers the theory, a real world demonstration, the implementation of the SSH Hijacker with special reference to defeating forensic analysis,...
Jun 04, 2006•1 hr
At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the Shmoo Group. Two years later, "Evil Twin" access points have made it to Slashdot and news.google.com. Who would have thought TSG could get away with the easy rogue AP attacks for so long? Note to Shmoo: Next time, put the word "evil" in the title of your presentation for mass appeal and acceptance. Oh, rock on--it WORKED! Wireless n00b? No problem0. This talk starts off with the basics. Wireless insecurity bas...
Jun 04, 2006•1 hr
This is a real story of modern extortion in a cyberworld. Bots have replaced dynamite and you don't buy "protection" to prevent your shop from going in flames; you buy "consulting" to prevent your IT from beeing DoSed. From the first limited synflood to the conclusion, we will review those crazy 48 hours that end up in a one to one digital fight. We will see in depth which attacks and mitigation techniques where involved and how they both evolved quickly in complexity and intensity. As a conclus...
Jun 04, 2006•16 min
USB peripheral devices are made by reputable manufacturers and will not misbehave by attacking the host system's operating system. This device is not one of those. This discussion will cover the creation of a USB meta-device, the discovery and exploitation of flaws in operating system device drivers. In a nutshell, plug this device into an otherwise locked system and it will automatically take control of the system. Darrin Barrall has a varied background in both hardware and software. While work...
Jun 04, 2006•32 min
This discussion will cover the theoretical background of using ordinary, readable text to conceal an exploit payload's true content, ending with a practical application of the discussed technique. Encoding a payload as plain text is useful in cases where input filtering eliminates many of most useful values that make up a payload. In particular, Unicode based systems place numerous constraints on acceptable character values, making it worthwhile to create a simple decoder function to decode far ...
Jun 04, 2006•16 min
An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical for managing and securing IT assets and resources. Unfortunately, the cu...
Jun 04, 2006•1 hr 12 min
In the last year, there have been 45 security incidents compromising the personal information of 9.3 million individuals. What can we do given our current situation? How are we going to successfully secure personal information moving forward? This panel will discuss the future of personal information and its implications on privacy. Joseph Ansanelli is CEO of Vontu, a software company focused on the insider threat. Joseph has spoken to Congress twice in the past twelve months as an advocate of p...
Jun 04, 2006•1 hr 14 min
One of the most important weapons in our arsenal for securing applications is threat modeling. Applications are becoming increasingly complex and new technologies are emerging constantly. In this scenario, building or attacking applications is challenging. Threat models can help attackers discover design vulnerabilities and mount complex attacks. These models give secure application developers a great amount of leverage to envision their design, implementation and soundness of their architecture...
Jun 04, 2006•26 min
![Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference - podcast cover](https://assets.metacast.app/images/podcast/artwork/5MVAgg9I)
