BlackhatUSA 2006 Aug. 2, 2006 to Aug. 3, 2006, Las Vegas,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
KEYNOTE:Fighting Organized Cyber Crime War Stories and Trends Dan Larkin As one of the pioneers of partnerships for the FBI, Dan Larkin of the FBIs ...
WiFi in Windows Vista: A Peek Inside the Kimono Noel Anderson , Taroon Mandhana Windows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who ...
Bypassing Network Access Control (NAC) Systems Ofir Arkin The threat of viruses, worms, information theft and lack of control of the IT infrastructure ...
Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems Robert Auger , Caleb Sima This presentation will discuss the use of RSS and Atom feeds as method of delivering ...
Investigating Evil Websites with Monkeyspaw: The Greasemonkey Security Professional's Automated Webthinger Tod Beardsley Monkeyspaw is a unified, single-interface set of security-related website evaluation tools. Implemented in Greasemonkey, its ...
Finding Gold in the Browser Cache Corey Benninger Looking for instant gratification from the latest client side attack? Your search may be over ...
IPS Shortcomings Renaud Bidou Technologies emerge on a regular basis with new promises of better security. This is more ...
Automated Malware Classification/Analysis Through Network Theory and Statistics Daniel Bilar Automated identification of malicious code and subsequent classification into known malware families can help cut ...
Taming Bugs: The Art and Science of Writing Secure Code Paul Bhm If you give a thousand programmers the same task and the same tools, chances are ...
Physical Memory Forensics Mariusz Burdach Historically, only file systems were considered as locations where evidence could be found. But what ...
Fuzzing Selected Win32 Interprocess Communication Mechanisms Jesse Burns This presentation prepares attackers and defenders to perform automated testing of some popular Windows interprocess ...
R^2: The Exponential Growth in Rootkit Techniques Jamie Butler , Nick L. Petroni , William A. Arbaugh Rootkit technology has exploded recently, especially in the realm of remote command and control vectors. ...
Device Drivers David Maynor , Johnny Cache Application level security is getting better. Basic stack based string overflows have become rare, and ...
Thermoptic Camoflauge: Total IDS Evasion Brian Caswell , Hd Moore Intrusion detection systems have come a long way since Ptacek and Newsham released their paper ...
Microsoft Security Fundamentals: Engineering, Response and Outreach Andrew Cushman Youve heard about Trustworthy Computing and youve seen some security improvements from Microsoft. You may ...
Im Going To Shoot The Next Person Who Says VLANs Himanshu Dwivedi Booksigning: Hackers Challenge 3 with Jeremiah Grossman and Himanshu Dwivedi at 12:30 on Thursday, August ...
Attacking Apples Xsan Charles Edge A fundamental of many SAN solutions is to use metadata to provide shared access to ...
Sidewinder: An Evolutionary Guidance System for Malicious Input Crafting Sherri Sparks , Shawn Embleton , Ryan Cunningham Black box testing techniques like fuzzing and fault injection are responsible for discovering a large ...
Hacking VoIP Exposed Mark Collier , David Endler Lately there seems to be an explosion of press hype around the possibility of hackers ...
Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng How often have you encountered random-looking cookies or other data in a web application that ...
Analysing Complex Systems: The BlackBerry Case Fx Lidner When trying to analyze a complex system for its security properties, very little information is ...
MatriXayWhen Web App & Database Security Pen-Test/Audit Is a Joy Yuan Fan , Xiao Rong This topic will present a new web-app/DB pen-test tool. This tool supports both proxy (passive) ...
How to Unwrap Oracle PL/SQL Pete Finnigan PL/SQL is the flagship language used inside the Oracle database for many years and through ...
Carrier VoIP Security Nicolas Fischbach VoIP, IMS, FMC, NGN, PacketCore, MPLS. Put those together and you are looking at the ...
RE 2006: New Challenges Need Changing Tools Halvar Flake Reverse Engineering has come a long waywhat used to be practiced behind closed doors is ...
Black Hat Stand-up Take Two: So What If I Dont Sell My Vulnerabilities James C. Foster Encoring last years early morning stand-up act, Foster will return armed and ready to fire ...
Case Study: The Secure Development Lifecycle and Internet Explorer 7 Rob Franco Tony Chor will discuss Microsofts security engineering methodology and how it is being applied to ...
The Speed of (In)security: Analysis of the Speed of Security vs. Insecurity Stefan Frei , Dr. Martin May To be able to defend against IT security attacks, one has to understand the attack ...
Finding and Preventing Cross-Site Request Forgery Tom Gallagher There is an often overlooked security design flaw in many web applications today. Web applications ...
The NetIO Stack: Reinventing TCP/IP in Windows Vista Abolade Gbadegesin TCP/IP is on the front lines in defending against network attacks, from intrusion attempts to ...
Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous" T.c. Niedzialkowski , Jeremiah Grossman Imagine youre visiting a popular website and invisible JavaScript exploit code steals your cookies, captures ...
New Attack to RFID-Systems and their Middleware and Backends Lukas Grunwald This talk provides an overview of new RFID technologies used for dual-interface cards (credit cards, ...
Open to Attack; Vulnerabilities of the Linux Random Number Generator Zvi Gutterman Linux is the most popular open source project. The Linux random number generator is part ...
Ajax (in)security Billy Hoffman Ajax can mean different things to different people. To a user, Ajax means smooth web ...
Analysis of Web Application Worms and Viruses Billy Hoffman Worms traditionally propagate by exploiting a vulnerability in an OS or an underlying service. 2005 ...
Hacking World of Warcraft: An Exercise in Advanced Rootkit Design Greg Hoglund Online games are very popular and represent some of the most complex multi-user applications in ...
Faster PwninG Assured: Hardware Hacks and Cracks with FPGAs Dan Moniz , David Hulton This talk will go in-depth into methods for breaking crypto faster using FPGAs. FPGA's are ...
Black Ops 2006 Dan Kaminsky The known topics for this year include: The Worldwide SSL AnalysisThere's a major flaw in ...
Code Integration-Based Vulnerability Auditing William B Kimball There is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. ...
Oracle Rootkits 2.0: The Next Generation Alexander Kornbrust This presentation shows the next (2.) generation of Oracle Rootkits. In the first generation, presented ...
You Are What You Type: Non-Classical Computer Forensics Neal Krawetz In an online world, anonymity seems easy. Network addresses can be cloaked and files can ...
Security Engineering in Windows Vista John Lambert This presenation will offer a technical overview of the security engineering process behind Windows Vista. ...
All New Zero Day David Litchfield David Litchfield specializes in searching for new threats to database systems and web applications. He ...
Death of a Thousand Cuts: Finding Evidence Everywhere! Johnny Long In this day and age, forensics evidence lurks everywhere. This talk takes attendees on a ...
Hacking, Hollywood Style Johnny Long If you know good tech, you can smell bad tech from a mile away. Bad ...
The State of Incidence Response Kevin Mandia During the course of 2005 and 2006, we have responded to dozens of computer security ...
Windows Vista Heap Management Enhancements: Security, Reliability and Performance Adrian Marinescu All applications and operating systems have coding errors and we have seen technical advances both ...
Next Weeks Arms Race David Maynor Mr. Maynor is a research engineer with the ISS Xforce R&D team where his primary ...
The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device Claudio Merloni , Luca Carettoni How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, ...
Defending Against Social Engineering with Voice Analytics Doug Mohney Voice analyticsonce the stuff of science fiction and Echelon speculationis now commercially available and is ...
Six Degrees of XSSploitation Hd Moore , Dan Moniz Social networking sites such as MySpace have recently been the target of XSS attacks, most ...
Metasploit Reloaded Hd Moore Over the last three years, the Metasploit Framework has evolved from a klunky exploit toolkit ...
Building Security into the Software Life Cycle, a Business Case Marco M. Morana The times of designing security software as a matter of functional design are over. Positive ...
Runtime Packers: The Hidden Problem? Maik Morgenstern , Tom Brosch Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to ...
Defending Black Box Web Applications: Building an Open Source Web Security Gateway Shawn Moyer Web apps continue to be the soft, white underbelly of most corporate IT environments. While ...
SQL Injections by Truncation Bala Neerumalla In this talk, I will discuss some ways to circumvent common mitigations of SQL Injection ...
Vulnerabilities in Not-So Embedded Systems Brendan O'Connor Printers, scanners, and copiers still have a reputation of being embedded systems or appliances; dumb ...
Bluetooth Defense Kit Bruce Potter In the last 3 years, Bluetooth has gone from geeky protocol to an integral part ...
The Trusted Computing Revolution Bruce Potter Trusted computing is considered a dirty word by many due to its use for Digital ...
Do Enterprise Management Applications Dream of Electric Sheep? Dave Goldsmith , Tom Ptacek Thomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience ...
PDB: The Protocol DeBugger Jeremy Rauch It's late. You've been assigned the unenviable task of evaluating the security of this obtuse ...
RFID Malware Demystified Melanie Rieback Radio Frequency Identification (RFID) malware, first introduced in my paper 'Is Your Cat Infected with ...
Subverting Vista Kernel For Fun And Profit Joanna Rutkowska The presentation will first present how to generically (i.e. not relaying on any implementation bug) ...
SIP Stack Fingerprinting and Stack Difference Attacks Hendrik Scholz VoIP applications went mainstream, although the underlying protocols are still undergoing constant development. The SIP ...
Phishing with Asterisk PBX Jay Schulman As many people are becoming more accustom to phishing attacks, standard website and e-mail phishing ...
A Tale of Two Proxies Roelof ( RT ) Temmingh , Haroon Meer , Charl van der Walt During this presentation SensePost will discuss and demonstrate two pieces of new technology - the ...
Writing Metasploit Plugins - from Vulnerability to Exploit Saumil Udayan Shah This talk shall focus on exploit development from vulnerabilities. We have seen many postings on ...
RAIDE: Rootkit Analysis Identification Elimination v1.0 Jamie Butler , Peter Silberman In the past couple years there have been major advances in the field of rootkit ...
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov Hotpatching is a common technique for modifying the behavior of a closed source applications and ...
$30, 30 Minutes, 30 Networks Jonathan Squire Have you ever walked into your local Global Mega Super Tech Store and wondered how ...
Auditing Data Access Without Bringing Your Database To Its Knees Kimber Spradin , Dale Brocklehurst Todays privacy requirements place significant additional auditing burdens on databases. First you have to know ...
Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 Alex Stamos , Zane Lackey The Internet industry is currently riding a new wave of investor and consumer excitement, much ...
Attacking Internationalized Software Scott Stender Every application, from a small blog written in PHP to an enterprise-class database, receives raw ...
Punk OdeHiding Shellcode in Plain Sight Michael Sutton , Greg Macmanus Injecting shellcode into a vulnerable program so you can find it reliably can be tricky. ...
Rootkits: Attacking Personal Firewalls Alexander Tereshkin Usually, a personal firewall and an antivirus monitor are the only tools run by a ...
The Statue of Liberty: Utilizing Active Honeypots for Hosting Potentially Malicious Events Philip Trainor The premise of the demonstration is there are no secure systems. Traffic that may have ...
Wi-Fi Advanced Stealth Franck Veysset , Laurent Butti Wireless stealth was somewhat expensive some years ago as we were required to use proprietary ...
VOIP Security Essentials Jeff Waldron The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. ...
Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis , Rohyt Belani Web applications are normally the most exposed and the most easily compromised part of an ...
NIDS: False Positive Reduction Through Anomaly Detection Emmanuele Zambon , Damiano Bolzoni The Achilles' heel of network IDSs lies in the large number of false positives (i.e., ...
Host-Based Anomaly Detection on System Call Arguments Stefano Zanero Traditionally, host-based anomaly detection has dealt with system call sequences, but not with system call ...
Hardware Virtualization-Based Rootkits Dino Dai Zovi Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run ...
PANEL: Center for Democracy and Technology Anti-Spyware Coalition Public Forum on Corporate Spyware Threats Jerry Dixon , Ron Davidson , Gerhard Eschelbeck , Phil Harris , Drew Maness , Michele Iversen , John Heasman , Ari Schwartz , Eileen Harrington , Andre Gold , Dan Kaminsky This session will examine the threat of spyware to corporations. What does the threat currently ...
PANEL: Disclosure Discussion Michael Sutton , David Mortman , Jeff ( Dark Tangent ) Moss , Derrick Scholl , David Litchfield , Paul Proctor , John N. Stewart , Pamela Fuscojerry Dixon Technology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree ...
PANEL: Executive Womens Forum and Reception: No More Geek Speak Dena Haritos Tsamitis , Rhonda Maclean , Joyce Brocaglia , Becky Bace , Merike Kaeo Delivering the right message to the right people in whole numbers and primary colors makes ...
PANEL: Hacker Court 2006: Sex, Lies and Sniffers Kevin Bankston , Simple Nomad , Carole Fennelly , Jonathan Klein , Brian Martin , Jesse Kornblum , Paul Ohm , Caitlin Klein , Ryan Bulat , Philip M. Pro , Jack Holleran , Kay Petersen Expertise in computer forensic technology means nothing if that expertise cant be conveyed convincingly to ...
PANEL: The Jericho Forum and Challenge Bob West , Paul Simmonds , Henry Teng , Justin Somaini In the first half of this session, Paul Simmonds will present on behalf of the ...