"The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. The practical uses of VoIP will be discussed along with the advantages and disadvantages of VoIP technology as it is today. Key implementation issues will be addressed to ensure product selection for VoIP technology will integrate into the organization’s current infrastructure. The presentation will look at some of the latest VoIP security issues that have surfaced and the vendor/industry r...
Jun 04, 2006•17 min
"Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used by old-school DOS viruses, spyware, and many security products. This presentation will focus on one particular application of hotpatching: the development of third-party security patches in the absence of source code or vendor support, as illustrated by Ilfak Guilfanov’s unofficial fix for the WMF vulnerability in December of 2005. The presentation...
Jun 04, 2006•56 min
"How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, see what you're typing on the keyboard, take pictures of the room you're in, and monitor everything you're doing, without ever getting in the range of your Bluetooth mobile phone? In this talk we present a set of projects that can be combined to exploit Bluetooth devices (and users...), weaknesses building a distributed network of agents spreading via Bluetooth which can seek given targets and exp...
Jun 04, 2006•49 min
"Monkeyspaw is a unified, single-interface set of security-related website evaluation tools. Implemented in Greasemonkey, its purpose is to automate several common tasks employed during the early steps of an incident investigation involving client-side exploits. More generally, Monkeyspaw is also intended to demonstrate some of the more interesting data correlation capabilities of Greasemonkey. Hopefully, its release will encourage more security application development in this easy to use, cross...
Jun 04, 2006•21 min
"Rootkit technology has exploded recently, especially in the realm of remote command and control vectors. This talk will cover the evolution of rootkit techniques over the years. It will explore the interaction between corporations, the open source community, and the underground. A detailed analysis of how different rootkits are implemented will be covered. Based on this analysis, the presentation concludes with a discussion of detection methods. James Butler has almost a decade of experience re...
Jun 04, 2006•42 min
"The OODA Loop theory was conceived by Col John Boyd, AF fighter pilot. He believed that a pilot in a lethal engagement that could Observe, Orient, Decide, and Act (OODA) before his adversary had a better chance to survive. He considered air combat an art rather than a science. John Boyd proved air combat could be codified; for every maneuver there is a series of counter maneuvers and there is a counter to every counter. Today, successful fighter pilots study every option open to their adversary...
Jun 04, 2006•49 min
"In an online world, anonymity seems easy. Network addresses can be cloaked and files can be manipulated. People rapidly change virtual names, genders, and skills. But even with these precautions, anti-anonymity techniques can track people. Habitual patterns and learned skills are subtle, appearing in everything we type. This presentation discusses profiling methods for identifying online people and breaching anonymity. The topics covered include methods to identify skillsets, nationality, gende...
Jun 04, 2006•48 min
David Litchfield specializes in searching for new threats to database systems and web applications. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of "The Database Hacker's Handbook", "The Shellcoder's Handbook", "SQL Server Security", and "Special Ops". In his spare time he is the Managing Director of Next Generation Security Software Ltd.
Jun 04, 2006•45 min
"As many people are becoming more accustom to phishing attacks, standard website and e-mail phishing schemes are becoming harder to accomplish. This presentation breaks all of the phishing norms to present an effective, alternative phishing method from start to finish in 75 minutes using Linux and Asterisk, the open-source PBX platform. With an Asterisk installation, we’ll setup an account and build a telephone phishing platform most banks would fear. We’ll also show targeting techniques specifi...
Jun 04, 2006•49 min
Technology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree that working together rather than apart is the best way to secure our information. But how? This working group will bring all parties together in one room to address the issues and develop a beneficial working relationship extending beyond the conference.
Jun 04, 2006•1 hr 10 min
"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortunat...
Jun 04, 2006•1 hr 12 min
"The threat of viruses, worms, information theft and lack of control of the IT infrastructure lead companies to implement security solutions to control the access to their internal IT networks. A new breed of software (Sygate, Microsoft, etc.) and hardware (Cisco, Vernier Networks, etc.) solutions from a variety of vendors has emerged recently. All are tasked with one goal - controlling the access to a network using different methods and solutions. This presentation will examine the different st...
Jun 04, 2006•51 min
"Tony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will detail key vulnerabilities and attacks this methodology revealed as well as how the new version of IE will mitigate those threats with unique features such as the Phishing Filter and Protected Mode. Rob Franco lives to make browsing safer for internet users. Rob led Security improvements in Internet Explorer for Windows Server 2003, Windows XP SP2, a...
Jun 04, 2006•45 min
"Linux® is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly doc...
Jun 04, 2006•59 min
"The Achilles' heel of network IDSs lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS to raise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets to produce false alerts, thereby lowering the defences of the IT infrastructure. Our thesi...
Jun 04, 2006•49 min
"During the course of 2005 and 2006, we have responded to dozens of computer security incidents at some of America’s largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistic...
Jun 04, 2006•1 hr 8 min
"Imagine you’re visiting a popular website and invisible JavaScript exploit code steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005’s "Phishing with Superbait" presentation we demonstrated that all these things were in fact possible usi...
Jun 04, 2006•55 min
"Windows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who live with a laptop in easy reach, it’s going to have an effect on our workday. For users there’s a new UI experience, helpful diagnostics and updated default behaviors. For IT pros who manage Windows clients, there’s improved management via Group Policy and Scripting. For sysadmins & geeks there’s a new command line interface. But behind these more obvious changes there’s a new software stack. A stac...
Jun 04, 2006•58 min
The times of designing security software as a matter of functional design are over. Positive security functional requirements do not make secure software. Think risk driven design, think like an attacker, think about negative scenarios during the early stages of the application development from misuse and abuse cases during inception, to threats, vulnerabilities and countermeasures during elaboration, secure coding during construction and secure testing and penetration testing during transition ...
Jun 04, 2006•25 min
"Thomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience of Enterprise Agents: the most dangerous programs you've never heard of, responsible for over $2B a year in product revenue, running on the most critical enterprise servers from app servers to mainframes. WHY THIS TALK? 1. Enterprise Agents are their own worms, preinstalled for the convenience of attackers. We found critical, show-stopping vulnerabilities in every system we looked at. 2. It'...
Jun 04, 2006•1 hr
"This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a less...
Jun 04, 2006•1 hr 6 min
"This talk shall focus on exploit development from vulnerabilities. We have seen many postings on security forums which vaguely describe a vulnerability, or sometimes provide a "proof-of-concept" exploit. The Metasploit Framework is a powerful tool to assist in the process of vulnerability testing and exploit development. The framework can also be used as an engine to run exploits, with different payloads and post-exploitation mechanisms. In this talk, we shall look at how we can construct explo...
Jun 04, 2006•1 hr 15 min
"Automated identification of malicious code and subsequent classification into known malware families can help cut down laborious manual malware analysis time. Call sequence, assembly instruction statistics and graph topology all say something about the code. This talk will present three identification and classification approaches that use methods and results from complex network theory. Some familiarity with assembly, Win32 architecture, statistics and basic graph theory is helpful. Daniel Bil...
Jun 04, 2006•26 min
"How often have you encountered random-looking cookies or other data in a web application that didn‚t easily decode to human readable text? What did you do next-ignore it and move on, assuming that it was encrypted data and that brute forcing the key would be infeasible? At the end of the test, when the application developer informed you that they were using 3DES with keys rotating hourly, did you tell them they were doing a good job, secretly relieved that you didn't waste your time trying to b...
Jun 04, 2006•1 hr
"Usually, a personal firewall and an antivirus monitor are the only tools run by a user to protect the system from any malware threat with any level of sophistication. This level significantly increases when malware authors add kernel mode rootkit components to their code in order to avoid easy detection. As rootkit technologies become more and more popular, we can clearly see that many AV vendors begin to integrate anti-rootkit code into their products. However, the firewall evolution is not so...
Jun 04, 2006•52 min
"When trying to analyze a complex system for its security properties, very little information is available in the beginning. If the complex system in question contains parts that the analyst cannot see or touch, proprietary hardware and software as well as large scale server software, the task doesn't get any easier. The talk will tell the story about how Phenoelit went about looking at RIM's BlackBerry messaging solution while focusing on the approaches tryed their expected and real effectivene...
Jun 04, 2006•58 min
"Over the last three years, the Metasploit Framework has evolved from a klunky exploit toolkit to a sleek EIP-popping machine. The latest version of the Framework is the result of nearly two years of development effort and has become a solid platform for security tool development and automation. In this talk, we will demonstrate how to use the new Framework to automate vulnerability assessments, perform penetration testing, and build new security tools that interact with complex network protocol...
Jun 04, 2006•1 hr 14 min
"To be able to defend against IT security attacks, one has to understand the attack patterns and henceforth the vulnerabilities of the attached devices. But, for an in-depth risk analysis, pure technical knowledge of the properties of a vulnerability is not sufficient: one has to understand how vulnerabilities, exploitation, remediation, and distribution of information thereof is handled by the industry and the networking community. In the research, we examined how vulnerabilities are handled in...
Jun 04, 2006•22 min
"Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the Intel® Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also pre...
Jun 04, 2006•50 min
"There is an often overlooked security design flaw in many web applications today. Web applications often take user input through HTML forms. When privileged operations are performed, the server verifies the request is from an authorized user. Cross-Site Request Forgery Attacks allow an attacker to coerce an authorized user to request privileged operations of the attacker’s choice. Learn about this attack, how you can quickly identify these bugs in web applications, common techniques programmers...
Jun 04, 2006•20 min
![Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference - podcast cover](https://assets.metacast.app/images/podcast/artwork/j93KSSDg)
