Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. Black Hat Briefings Europe was held March 27-30 at the Moevenpick Amsterdam Centre Hotel. Twdays, four different tracks. Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure), spoke on "How can the Security Researcher Community Work Better for the Common Good." A post convention wrap up can be found at http://www.blackhat.com/html/bh-europe-07/bh-e ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washi ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/b ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html Black Hat Briefings bring together a unique mix in security: the best minds from governm ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html Black Hat Briefings bring together a unique mix in security: the best minds from governm ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. Black Hat Briefings Japan 2004 was held October 14-15 in Tokyo at the at the Tokyo International Exchange Center. Two days, two tracks. Raisuke Miyawaki was the keynote speaker.Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/bh-asia-04/bh-jp-04-index.html Black ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. October 17-18 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Katsuya Uchida was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/bh-japan-05/bh-jp-05-main.html Black Hat Briefings bring together a unique mix in security: t ...
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
Jeff Moss introduces the Keynote and welcomes everyone tthe Amsterdam 2007 conference! Roger will provide an overview of the work of CPNI in reducing vulnerability in information systems that form part of the UK. He will then challenge the community on a number of issues, including the development of the malicious market place, and the role securit…
…
continue reading
Closing ceremonies and speech given by Jeff Moss.Di Jeff Moss
…
continue reading
1
Charl van der Walt: When the Tables Turn (English)
1:32:09
1:32:09
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:32:09
"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…
…
continue reading
1
Jeff Moss and Panel: Welcome Speech and Security Panel (English )
1:13:49
1:13:49
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:13:49
Jeff Moss welcomes delegates of the 2004 BlackHat Japan conference and introduces a panel of security experts for a Q&A.Di Jeff Moss and Panel
…
continue reading
1
Joe Grand: Understanding the Hardware Security (English)
1:20:35
1:20:35
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:20:35
"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…
…
continue reading
1
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English)
1:30:23
1:30:23
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:30:23
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …
…
continue reading
" * Chairman, Ochanomizu Associates, Tokyo, Japan * Senior Advisor, Commission on Japanese Critical Infrastructure Protection * Research Counselor and Trustee, Institute for International Policy Studies, Tokyo * Vice President, Japan Forum for Strategic Studies Mr. Miyawaki is Japan's leading expert on the role of organized crime in Japan's economy…
…
continue reading
"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…
…
continue reading
"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…
…
continue reading
1
Johnny Long: You Got that with Google?(English)
1:20:35
1:20:35
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:20:35
"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …
…
continue reading
1
Chris Hurley: Identifying and Responding to Wireless Attacks (English)
1:04:09
1:04:09
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:04:09
"This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presen…
…
continue reading
1
Kenneth Geers: Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) (English)
1:27:12
1:27:12
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:27:12
"Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think …
…
continue reading
1
Dan Kaminsky: Black Ops Of TCP/IP 2005 (English)
1:21:18
1:21:18
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:21:18
"Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of techn…
…
continue reading
1
Saumil Shah and Dave Cole: Adware/Spyware (English)
1:19:31
1:19:31
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:19:31
"The Business * Timeline?how did we get into this mess? * The players * How their business works * Legislative environment The Technology * Technical overview of different types of programs (taxonomy) * Describe how the programs function * How adware/spyware is installed * Hijacking the system * How it updates itself * Proven techniques to prevent …
…
continue reading
Closing ceremonies and speech given by Jeff Moss.Di Jeff Moss
…
continue reading
1
Hideaki Ihara: Forensics in Japan (Japanese)
1:20:44
1:20:44
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:20:44
"In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character enco…
…
continue reading
1
Hisamichi Okamura: Cybercrime Treaty and Legal Environment of Japanese Computer Crime and Laws(Japanese)
47:48
Cybercrime Treaty and Legal Environment of Japanese Computer Crime and LawsDi Hisamichi Okamura
…
continue reading
Closing ceremonies and speech given by Jeff Moss.Di Jeff Moss
…
continue reading
"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern.…
…
continue reading
1
Sherri Sparks and Jamie Butler: "Shadow Walker" Raising The Bar For Rootkit Detection (English)
53:33
"Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly…
…
continue reading
1
Charl van der Walt: When the Tables Turn (Japanese)
1:31:56
1:31:56
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:31:56
"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…
…
continue reading
"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …
…
continue reading
1
Katsuya Uchida: Keynote: The Day After... (Japanese)
1:09:15
1:09:15
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:09:15
"ARPANET was established in 1968. In 1971, "creeper"programmed by Bob Thomas moved from computer to computer on ARPANET and displayed on each user's screen "I'm the creeper. Catch me if you can!". Xerox PARC set up the ethernet in 1973 since researchers were interested in the concept of "distributed processing". They were testing programs whose fun…
…
continue reading
1
Johnny Long: You Got that With Google? (Japanese)
1:28:17
1:28:17
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:28:17
"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …
…
continue reading
"David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software comp…
…
continue reading
1
Satoru Koyama: Botnet survey result. "Our security depends on your security." (Japanese)
1:18:14
1:18:14
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:18:14
"Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets.However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found duri…
…
continue reading
1
Jeremiah Grossman: Phishing with Super Bait (English)
1:05:44
1:05:44
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:05:44
"The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It?s imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information.This isn't just another presentation about phishing scams or cross-site scripting. We?re all very f…
…
continue reading
"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…
…
continue reading
"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…
…
continue reading
"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerab…
…
continue reading
1
Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication(English)
2:24:57
2:24:57
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
2:24:57
"Security professionals see the compromise of networked systems on a day to day basis. It's something they've come to expect. The blatant exploitation of operating systems, applications, and configurations is a common event and is taken into account by most security engineers. But a different type of security compromise threatens to crumble the und…
…
continue reading
1
Gerhard Eschelbeck: The Laws of Vulnerabilities (English)
1:22:25
1:22:25
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:22:25
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, a…
…
continue reading
1
Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests (English)
1:24:38
1:24:38
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:24:38
"With the cost of security experts increasing each year, it is expensive to audit critical systems as often as is needed. Worse yet, it is difficult to know how much to trust the reports since the worst consultants give the most positive answers. In order to address this problem, Caezar proposes a system for ranking the merit of security experts al…
…
continue reading
1
Dominique Brezinski: A Paranoid Perspective of an Interpreted Language (English)
1:16:22
1:16:22
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:16:22
"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not gua…
…
continue reading
"This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors.The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches f…
…
continue reading
1
David Maynor: Architecture Flaws in Common Security Tools (English)
1:09:42
1:09:42
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:09:42
"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TC…
…
continue reading
1
Joe Grand: Understanding the Hardware Security (Japanese)
1:28:17
1:28:17
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:28:17
"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…
…
continue reading
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any…
…
continue reading
1
Alex Wheeler and Neel Mehta: Owning Anti-Virus: Weaknesses in a Critical Security Component
1:05:10
1:05:10
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:05:10
AV software is becoming extremely popular because of the its percieved protection. Even the average person is aware they want AV on their computer (see AOL, Netscape, Netzero, Earthlink, and other ISP television ads). What if: Instead of protecting ppl from hackers AV software was actually making it easier for hackers? This talk will outline genera…
…
continue reading
This talk will present recent advances in the design of robust cryptographic backdoors in secret symmetric ciphers (i.e., classified or proprietary ciphers). The problem directly affects end-users since corporations and governments have in the past produced secret symmetric ciphers for general use (e.g., RC4 and Skipjack, respectively). The problem…
…
continue reading
1
Paul Vixie: Preventing Child Neglect in DNSSEC-bis using Lookaside Validation
1:15:01
1:15:01
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:15:01
Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. Early in his career, he developed and introduced sends, proxynet, rtty, cron and other lesser-known tools. Today, Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name …
…
continue reading
1
Andrew van der Stock: World Exclusive - Announcing the OWASP Guide To Securing Web Applications and Services 2.0
53:49
After three years of community development, the Open Web Application Security Project (OWASP) is proud to introduce the next generation of web application security standards at BlackHat USA 2005. The Guide to Securing Web Applications and Services 2.0 is a major new release - written from the ground up, with many new sections covering common and em…
…
continue reading
1
Eugene Tsyrklevich: Ozone HIPS: Unbreakable Windows
1:16:57
1:16:57
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:16:57
Windows is the number one target on the Internet today. It takes less than 5 minutes for an unpatched Windows machine, connected to the Internet, to get owned. Yet the most prevalent security practices still consist of running anti-viruses and constant patching. This presentation introduces a new tool, called Ozone, that is designed to protect agai…
…
continue reading
In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. …
…
continue reading
When we built Metasploit, our focus was on the exploit development process. We tried to design a system that helped create reliable and robust exploits. While this is obviously very important, it's only the first step in the process. What do you do once you own EIP? Our presentation will concentrate on the recent advancements in shellcode, IDS/fire…
…
continue reading
1
Alex Stamos and Scott Stender: Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps
1:12:18
1:12:18
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:12:18
Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applications. Unfortunately, the attributes that make web services attractive, such as their ease of use, platform independence, use of HTTP and powerful functiona…
…
continue reading