Blackhat USA 2005 July 25, 2005 to July 28, 2005, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Hacking World Of Warcraft®: An Exercise In Advanced Rootkit Design Greg Hoglund Security
Fighting Organized Cyber Crime – War Stories And Trends Dan Larkin As one of the pioneers of partnerships for the FBI, Dan Larkin of the FBI’s ... Security
Wifi In Windows Vista: A Peek Inside The Kimono Noel Anderson , Taroon Mandhana Windows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who live ... Security
Zero Day Subscriptions: Using Rss And Atom Feeds As Attack Delivery Systems Robert Auger , Caleb Sima This presentation will discuss the use of RSS and Atom feeds as method of delivering ... Security
Investigating Evil Websites With Monkeyspaw: The Greasemonkey Security Professional'S Automated Webthinger Tod Beardsley Monkeyspaw is a unified, single-interface set of security-related website evaluation tools. Implemented in Greasemonkey, its ... Security
Finding Gold In The Browser Cache Corey Benninger Looking for instant gratification from the latest client side attack? Your search may be over ... Security Browser
Ips Shortcomings Renaud Bidou Technologies emerge on a regular basis with new promises of better security. This is more ... Security
Automated Malware Classification/Analysis Through Network Theory And Statistics Daniel Bilar Automated identification of malicious code and subsequent classification into known malware families can help cut ... Security Malware Statistics
Taming Bugs: The Art And Science Of Writing Secure Code Paul Böhm If you give a thousand programmers the same task and the same tools, chances are ... Security
Physical Memory Forensics Mariusz Burdach Historically, only file systems were considered as locations where evidence could be found. But what ... Security Forensics
Device Drivers Johnny cacheDavid Maynor Application level security is getting better. Basic stack based string overflows have become rare, and ... Security Exploitation
Thermoptic Camoflauge: Total Ids Evasion Brian Caswell Intrusion detection systems have come a long way since Ptacek and Newsham released their paper ... Security
Microsoft Security Fundamentals: Engineering, Response And Outreach Andrew Cushman You’ve heard about Trustworthy Computing and you’ve seen some security improvements from Microsoft. You may ... Security
“Sidewinder”: An Evolutionary Guidance System For Malicious Input Crafting Ryan Cunningham , Shawn Embleton Black box testing techniques like fuzzing and fault injection are responsible for discovering a large ... Security Fuzzing Monitoring Testing Automation
Hacking Voip Exposed David Endler , Mark Collier Lately there seems to be an explosion of press hype around the possibility of hackers ... Security
Matrixay—When Web App &Amp; Database Security Pen-Test/Audit Is A Joy Yuan Fan , Xiao Rong This topic will present a new web-app/DB pen-test tool. This tool supports both proxy (passive) ... Security Web
How To Unwrap Oracle Pl/Sql Pete Finnigan PL/SQL is the flagship language used inside the Oracle database for many years and through ... Security Business
Carrier Voip Security Nicolas Fischbach VoIP, IMS, FMC, NGN, PacketCore, MPLS. Put those together and you are looking at the ... Security Infrastructure Access
Black Hat Stand-Up Take Two: So What If I Don’T Sell My Vulnerabilities… James C. Foster Encoring last year’s early morning stand-up act, Foster will return armed and ready to fire ... Security
Case Study: The Secure Development Lifecycle And Internet Explorer 7 Rob Franco Tony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to ... Security Development
The Speed Of (In)Security: Analysis Of The Speed Of Security Vs. Insecurity Martin May To be able to defend against IT security attacks, one has to understand the attack ... Security Analysis
Finding And Preventing Cross-Site Request Forgery Tom Gallagher There is an often overlooked security design flaw in many web applications today. Web applications often ... Security Web
The Netio Stack: Reinventing Tcp/Ip In Windows Vista Abolade Gbadegesin TCP/IP is on the front lines in defending against network attacks, from intrusion attempts to ... Security
Hacking Intranet Websites From The Outside Javascript Malware Just Got A Lot More Dangerous Jeremiah Grossman , T.c. Niedzialkowski Booksigning:Hacker’s Challenge 3with Jeremiah Grossman and Himanshu Dwivedi at 12:30 on Thursday, August 3 at ... Security Malware
Open To Attack; Vulnerabilities Of The Linux Random Number Generator Zvi Gutterman Linux® is the most popular open source project. The Linux random number generator is part ... Security
Code Integration-Based Vulnerability Auditing William B Kimball There is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. The ... Security Auditing
Security Engineering In Windows Vista John Lambert This presenation will offer a technical overview of the security engineering process behind Windows Vista. Windows ... Security Community
The State Of Incidence Response Kevin Mandia During the course of 2005 and 2006, we have responded to dozens of computer security ... Security
Windows Vista Heap Management Enhancements: Security, Reliability And Performance Adrian Marinescu All applications and operating systems have coding errors and we have seen technical advances both ... Security
The Bluebag: A Mobile, Covert Bluetooth Attack And Infection Device Claudio Merloni , Luca Carettoni How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, ... Security
Building Security Into The Software Life Cycle, A Business Case Marco M. Morana The times of designing security software as a matter of functional design are over. Positive ... Security Business
Runtime Packers: The Hidden Problem? Maik Morgenstern , Tom Brosch Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to ... Security Malware
Sql Injections By Truncation Bala Neerumalla In this talk, I will discuss some ways to circumvent common mitigations of SQL Injection ... Security SQL
Do Enterprise Management Applications Dream Of Electric Sheep? Thomas Ptacek Thomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience ... Security
Sip Stack Fingerprinting And Stack Difference Attacks Hendrik Scholz VoIP applications went mainstream, although the underlying protocols are still undergoing constant development. The SIP ... Security
Phishing With Asterisk Pbx Jay Schulman As many people are becoming more accustom to phishing attacks, standard website and e-mail phishing ... Security Phishing
Writing Metasploit Plugins - From Vulnerability To Exploit Saumil Udayan Shah This talk shall focus on exploit development from vulnerabilities. We have seen many postings on security ... Security Development
Raide: Rootkit Analysis Identification Elimination V1.0 Peter SilbermanJamie Butler In the past couple years there have been major advances in the field of rootkit ... Security Analysis
$30, 30 Minutes, 30 Networks Jonathan Squire Have you ever walked into your local Global Mega Super Tech Store and wondered how ... Security Wireless
Auditing Data Access Without Bringing Your Database To Its Knees&Nbsp; Kimber Spradin , Dale Brocklehurst Today’s privacy requirements place significant additional auditing burdens on databases. First you have to know ... Security Access Auditing
Punk Ode—Hiding Shellcode In Plain Sight Greg Macmanus Injecting shellcode into a vulnerable program so you can find it reliably can be tricky. ... Security Media
The Statue Of Liberty: Utilizing Active Honeypots For Hosting Potentially Malicious Events Philip Trainor The premise of the demonstration is there are no secure systems. Traffic that may have ... Security Access Risk
Wi-Fi Advanced Stealth Franck Veysset , Laurent Butti Wireless stealth was somewhat expensive some years ago as we were required to use proprietary ... Security
Voip Security Essentials Jeff Waldron The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. ... Security
Nids: False Positive Reduction Through Anomaly Detection Emmanuele ZambonDamiano Bolzoni The Achilles' heel of network IDSs lies in the large number of false positives (i.e., ... Security
Panel: Ron Davidson , Gerhard Eschelbeck , Phil Harris , Drew Maness , Michele Iversen This session will examine the threat of spyware to corporations. What does the threat currently ... Security
Panel: Jeff ( Dark Tangent ) Moss , Derrick Scholl , David Litchfield Technology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree ... Security
Panel: Joyce Brocaglia , Dena Haritos Tsamitis , Rhonda Maclean Delivering the right message to the right people in whole numbers and primary colors makes ... Security
Panel: Bob West  In the first half of this session, Paul Simmonds will present on behalf of the ... Security
Panel: Sa Ovie Carroll , Jim Christy , Sa Andy Fried , Hilary Stanhope , Tim Kosiba The OODA Loop theory was conceived by Col John Boyd, AF fighter pilot. He believed that ... Security
[ Keynote ] Gilman Louie , President Officer , Gilman Louie The challenge of creating an innovative, new business model aimed at enhancing national security convinced ... Security Keynote
A Dirty Blackmail Dos Story Renaud Bidou This is a real story of modern extortion in a cyberworld. Bots have replaced dynamite ... Security
Trust Transience: Post Intrusion Ssh Hijacking Adam Boilea Trust Transience: Post Intrusion SSH Hijacking explores the issues of transient trust relationships between hosts, ... Security
Executive Women’S Forum Panel And Reception - Sometimes, It Is All Who You Know! Rhonda E. Maclean How strong is your professional network? Do you know who to call upon for support ... Security Panel
Toolkits: All-In-One Approach To Security Kevin Cardwel This talk will be on using toolkits for your pen-testing, vulnerability assessment etc. Configuring a ... Security
Demystifying Ms Sql Server &Amp; Oracle Database Server Security Cesar Cerrudo Databases are where your most valuable data rest, when you use a database server you ... Security SQL
Checking Array Bound Violation Using Segmentation Hardware Tzi-cker Chiueh The ability to check memory references against their associated array/buffer bounds helps programmers to detect ... Security
Rapid Threat Modeling Akshay Aggarwal One of the most important weapons in our arsenal for securing applications is threat modeling. ... Security Development
The Future Of Personal Information Paul Proctor In the last year, there have been 45 security incidents compromising the personal information of ... Security Panel
Plug And Root, The Usb Key To The Kingdom David Dewey USB peripheral devices are made by reputable manufacturers and will not misbehave by attacking the ... Security Exploitation
Shakespearean Shellcode Darrin Barrall This discussion will cover the theoretical background of using ordinary, readable text to conceal an ... Security
[ Back-Up Speaker ]Reverse Engineering Network Protocols Using Bioinformatics Marshall Beddoe Network protocol analysis is currently performed by hand using only intuition and a protocol analyzer ... Security Analysis
U.S National Security, Individual And Corporate Information Security, And Information Security Providers C. Forrest Morgan This presentation, by a former Deputy Legal Adviser to the White House National Security Council, ... Security Risk Legal
Beyond Ethereal: Crafting A Tivo For Security Datastreams Greg Conti Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window ... Security Analysis
Shatter-Proofing Windows Tyler Close The Shatter attack uses the Windows API to subvert processes running with greater privilege than ... Security
Rogue Squadron: Evil Twins, 802.11Intel, Radical Radius, And Wireless Weaponry For Windows Bruce Potter At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the ... Security Wireless
The Defense Cyber Crime Center Jim Christy This talk will cover the Defense Cyber Crime Center (DC3), our mission and capabilities. The ... Security
Legal Aspects Of Computer Network Defense-A Government Perspective &Amp; A Year In Review Important Precedents In Computer And Internet Security Law 2004 - 2005 Major Robert Clark This presentation looks at computer network defense and the legal cases of the last year ... Security Legal
Routing In The Dark: Scalable Searches In Dark P2P Networks. Oskar Sandberg It has become apparent that the greatest threat toward the survival of peer to peer, ... Security Routing
Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, And The Rest Of The Bunch… Vincent T. Liu Don’t get caught. Security
Iscsi Security (Insecure Scsi) Himanshu Dwivedi Himanshu Dwivedi's presentation will discuss the severe security issues that exist in the default implementations ... Security
Phishing With Super Bait Jeremiah Grossman The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It’s imperative that ... Security Phishing
Building Self-Defending Web Applications: Secrets Of Session Hacking And Protecting Software Sessions Daniel Thompson Web applications are constantly under attack, and must defend themselves. Sadly, today, most cannot. Security Web
Gen Iii Honeynets: The Birth Of Roo Edward Balas A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, ... Security
Can You Really Trust Hardware? Exploring Security Problems In Hardware Devices Joe ( Kingpin ) Grand Most users treat a hardware solution as an inherently trusted black box. "If it's hardware, ... Security Access
Advance Sql Injection Detection By Join Force Of Database Auditing And Anomaly Intrusion Detection Yuan Fan This topic will present the proposal/idea/work from the author’s master graduate project about effective detection ... Security Auditing SQL
Advanced Sql Injection In Oracle Databases Esteban Martínez Fayó This presentation shows new ways to attack Oracle Databases. It is focused on SQL injection ... Security SQL
The Social Engineering Engagement Methodology - A Formal Testing Process Of The People And Process Joseph Klein The security of an organization is composed of technology, people and processes. In the last ... Security Testing
Ciso Q&Amp;A With Jeff Moss Justin Somaini Jeff Moss, founder of Black Hat, invites Chief Information Security Officers from global corporations to ... Security Others Panel Privacy
The Art Of Defiling: Defeating Forensic Analysis The Grugq None Security Analysis
Stopping Injection Attacks With Computational Theory Meredith L. Patterson: Input validation is an important part of security, but it's also one of the most ... Security
Remote Windows Kernel Exploitation - Step In To The Ring 0 Barnaby Jack Almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, ... Security Exploitation
Circumvent Oracle’S Database Encryption And Reverse Engineering Of Oracle Key Management Algorithms Alexander Kornbrust This talk describes architecture flaws of the Oracle’s database encryption packages dbms_crypto and dbms_obfuscation_toolkit. These ... Security
Caperl: Running Hostile Code Safely Ben Laurie There are many circumstances under which we would like to run code we don't trust. ... Security Web
Cisco Ios Security Architecture Michael Lynn Cisco IOS - the most widely deployed network infrastructure operating system— has been perceived as ... Security Infrastructure
Spa: Single Packet Authorization Simple Nomad We needed a protocol that allowed us to tell a server that we are who ... Security
Long Range Rfid And Its Security Implications Jon Callas An RFID tagged pallet of expensive electronics was just rerouted to a warehouse where a ... Security
Performing Effective Incident Response Kevin Mandia During the course of 2004 and 2005, we have responded to dozens of computer security ... Security
The Non-Cryptographic Ways Of Losing Information Robert Morris To fully understand how to protect crucial information in the modern world, one needs to ... Security Access
The National Id Debate Rhonda E. Maclean As a result of the Real-ID Act, all American citizens will have an electronically readable ... Security
Attacking Web Services: The Next Generation Of Vulnerable Enterprise Apps Scott Stender Web Services represent a new and unexplored set of security-sensitive technologies that have been widely ... Security Web
Owning The C-Suite: Corporate Warfare As A Social Engineering Problem Shawn Moyer Let's face it, you ROCK at building InfoSec tech, but you SUCK at corporate warfare. ... Security
Economics, Physics, Psychology And How They Relate To Technical Aspects Of Counter Intelligence/Counter Espionage Within Information Security Peiter ( Mudge ) Zatko The computer and network security fields have made little progress in the past decade. The ... Security Exploitation
The Art Of Sip Fuzzing And Vulnerabilities Found In Voip Mikko Varpiola This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities ... Security Fuzzing
[ Back-Up Speaker ]Stopping Automated Application Tools And Their Attacks Gunter Ollmann Relying on client-side scripting as a positive security mechanism has been generally regarded as not ... Security
Injection Flaws: Stop Validating Your Input Mike Pomraning Years after the debut of XSS and SQL Injection, each passing week sees newly disclosed ... Security
The Jericho Challenge - Finalist Architecture Presentations And Awards Paul Simmonds The days of the corporate network, completely isolated with a well-secured outer shell are long ... Security
Windows Internals: Understanding Security Changes In Windows Xp Service Pack 2 Window Snyder This session demonstrates previously unreleased detail around the broad scope of the changes in Windows ... Security
Eeye Bootroot Ryan Permeh This presentation will cover the eEye BootRoot project, an exploration of technology that boot sector ... Security Rootkits
“Shadow Walker” — Raising The Bar For Rootkit Detection Jamie Butler Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach ... Security
Beyond Eip Skap When we built Metasploit, our focus was on the exploit development process. We tried to ... Security Development
Preventing Child Neglect In Dnssec-Bis Using Lookaside Validation Paul Vixie None Security
Owning Anti-Virus: Weaknesses In A Critical Security Component Neel Mehta AV software is becoming extremely popular because of the its percieved protection. Even the average ... Security
The Art Of File Format Fuzzing Adam Greene In September 2004, much hype was made of a buffer overflow vulnerability that existed in ... Security Fuzzing
Ozone Hips: Unbreakable Windows Eugene Tsyrklevic Windows is the number one target on the Internet today. It takes less than 5 ... Security
Building Robust Backdoors In Secret Symmetric Ciphers Adam L. Young This talk will present recent advances in the design of robust cryptographic backdoors in secret ... Security