BlackHatUSA 2005 July 23, 2005 to July 28, 2005, Las Vegas,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
[ KEYNOTE ] Investing in Our Nation's Security Gilman Louie The challenge of creating an innovative, new business model aimed at enhancing national security convinced ...
Rapid Threat Modeling Akshay Aggarwal One of the most important weapons in our arsenal for securing applications is threat modeling. ...
The Future of Personal Information Paul Proctor , Adam Shostack , Joseph Ansanelli , Richard Baich In the last year, there have been 45 security incidents compromising the personal information of ...
A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control Ofir Arkin An enterprise IT infrastructure is a complex and a dynamic environment that is generally described ...
Plug and Root, the USB Key to the Kingdom David Dewey , Darrin Barrall USB peripheral devices are made by reputable manufacturers and will not misbehave by attacking the ...
Shakespearean Shellcode Darrin Barrall This discussion will cover the theoretical background of using ordinary, readable text to conceal an ...
Reverse Engineering Network Protocols using Bioinformatics Marshall A. Beddoe N/A
Rogue Squadron: Evil Twins, 802.11intel, Radical RADIUS, and Wireless Weaponry for Windows Beetle , Bruce Potter At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the ...
A Dirty BlackMail DoS Story Renaud Bidou This is a real story of modern extortion in a cyberworld. Bots have replaced dynamite ...
Trust Transience: Post Intrusion SSH Hijacking Adam ( met1storm ) Boileau Trust Transience: Post Intrusion SSH Hijacking explores the issues of transient trust relationships between hosts, ...
Executive Women’s Forum Panel and Reception - Sometimes, It Is All Who You Know! Kelly Hansen , Rhonda E. Maclean , Pamela Fusco , Joyce Brocaglia How strong is your professional network? Do you know who to call upon for support ...
Toolkits: All-in-One Approach to Security Kevin Cardwell This talk will be on using toolkits for your pen-testing, vulnerability assessment etc. Configuring a ...
Demystifying MS SQL Server & Oracle Database Server Security Cesar Cerrudo Databases are where your most valuable data rest, when you use a database server you ...
Checking Array Bound Violation Using Segmentation Hardware Tzi-cker Chiueh The ability to check memory references against their associated array/buffer bounds helps programmers to detect ...
The Defense Cyber Crime Center Jim Christy This talk will cover the Defense Cyber Crime Center (DC3), our mission and capabilities. The ...
Legal Aspects of Computer Network Defense-A Government Perspective & A Year in Review Important Precedents in Computer and Internet Security Law 2004 - 2005 Robert W. Clark This presentation looks at computer network defense and the legal cases of the last year ...
Routing in the Dark: Scalable Searches in Dark P2P Networks. Ian Clarke , Oskar Sandberg It has become apparent that the greatest threat toward the survival of peer to peer, ...
Shatter-proofing Windows Tyler Close The Shatter attack uses the Windows API to subvert processes running with greater privilege than ...
Beyond Ethereal: Crafting A Tivo for Security Datastreams Greg Conti Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window ...
U.S National Security, Individual and Corporate Information Security, and Information Security Providers C. Forrest Morgan , Bryan Cunningham This presentation, by a former Deputy Legal Adviser to the White House National Security Council, ...
iSCSI Security (Insecure SCSI) Himanshu Dwivedi Himanshu Dwivedi's presentation will discuss the severe security issues that exist in the default implementations ...
Building Self-Defending Web Applications: Secrets of Session Hacking and Protecting Software Sessions Daniel Thompson , Arian J. Evans Web applications are constantly under attack, and must defend themselves. Sadly, today, most cannot. There ...
Advance SQL Injection Detection by Join Force of Database Auditing and Anomaly Intrusion Detection Yuan Fan This topic will present the proposal/idea/work from the author’s master graduate project about effective detection ...
Advanced SQL Injection in Oracle Databases Esteban Martínez Fayó This presentation shows new ways to attack Oracle Databases. It is focused on SQL injection ...
BlackHat Standup: “Yea I’m a Hacker…” James C. Foster In a refreshing different format, Foster cracks the audience with a twenty minute comedic dissertation ...
Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch… James C. Foster , Vincent T. Liu Don’t get caught. Building off of Foster’s log manipulation and bypassing forensics session at BlackHat ...
Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) Kenneth Geers Has your network ever been hacked, and all you have to show for your investigative ...
Can You Really Trust Hardware? Exploring Security Problems in Hardware Devices Joe ( Kingpin ) Grand Most users treat a hardware solution as an inherently trusted black box. "If it's hardware, ...
Top Ten Legal Issues in Computer Security Jennifer Stisa Granick This will be a practical and theoretical tutorial on legal issues related to computer security ...
Phishing with Super Bait Jeremiah Grossman The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It’s imperative that ...
The Art of Defiling: Defeating Forensic Analysis The Grugq The Grugq has been at the forefront of forensic research for the last six years, ...
Stopping Injection Attacks with Computational Theory Robert J. Hansen , Meredith L. Patterson Input validation is an important part of security, but it's also one of the most ...
GEN III Honeynets: The birth of roo Allen Harper , Edward Balas A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, ...
Using Causal Analysis to Establish Meaningful Connections between Anomalous Behaviors in a Networking Environment Ken Hines Fueled by business needs such as supply chain integration and outsourcing, modern enterprises must open ...
Remote Windows Kernel Exploitation - Step In To the Ring 0 Barnaby Jack Almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, ...
Black Ops 2005 Dan Kaminsky Another year, another batch of packet related stunts. A preview: A Temporal Attack against IP ...
The Social Engineering Engagement Methodology - A Formal Testing process of the People and Process Joseph Klein The security of an organization is composed of technology, people and processes. In the last ...
Circumvent Oracle’s Database Encryption and Reverse Engineering of Oracle Key Management Algorithms Alexander Kornbrust This talk describes architecture flaws of the Oracle’s database encryption packages dbms_crypto and dbms_obfuscation_toolkit. These ...
CaPerl: Running Hostile Code Safely Ben Laurie There are many circumstances under which we would like to run code we don't trust. ...
All New Ø-Day David Litchfield David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This ...
Google Hacking for Penetration Testers Johnny Long Google Hacking returns for more guaranteed fun this year at Blackhat USA! If you haven’t ...
Cisco IOS Security Architecture Michael Lynn Cisco IOS - the most widely deployed network infrastructure operating system— has been perceived as ...
SPA: Single Packet Authorization Simple Nomad , Madhat Unspecific We needed a protocol that allowed us to tell a server that we are who ...
Long Range RFID and its Security Implications Kevin Mahaffey , Mark Mcgovern , Paul Simmonds , Jon Callas An RFID tagged pallet of expensive electronics was just rerouted to a warehouse where a ...
Performing Effective Incident Response Kevin Mandia During the course of 2004 and 2005, we have responded to dozens of computer security ...
NX: How Well Does It Say NO to Attacker’s eXecution Attempts? David Maynor NX. It’s known by different names to different people. AMD calls it Enhanced Virus Protection, ...
The Non-Cryptographic Ways of Losing Information Robert Morris To fully understand how to protect crucial information in the modern world, one needs to ...
The National ID Debate David Mortman , Rhonda E. Maclean , Dennis Bailey , Jim Harper As a result of the Real-ID Act, all American citizens will have an electronically readable ...
CISO Q&A with Jeff Moss Pamela Fusco , Scott Blake , Justin Somaini , Andre Gold , Ken Pfeil Jeff Moss, founder of Black Hat, invites Chief Information Security Officers from global corporations to ...
Owning the C-suite: Corporate Warfare as a Social Engineering Problem Shawn Moyer Let's face it, you ROCK at building InfoSec tech, but you SUCK at corporate warfare. ...
Economics, Physics, Psychology and How They Relate to Technical Aspects of Counter Intelligence/Counter Espionage Within Information Security Peiter Mudge Zatko The computer and network security fields have made little progress in the past decade. The ...
The Art of SIP fuzzing and Vulnerabilities Found in VoIP Ejovi Nuwere , Mikko Varpiola This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities ...
Stopping Automated Application Tools and their Attacks Gunter Ollmann Relying on client-side scripting as a positive security mechanism has been generally regarded as not ...
Injection Flaws: Stop Validating Your Input Mike Pomraning Years after the debut of XSS and SQL Injection, each passing week sees newly disclosed ...
Automation - Deus ex Machina or Rube Goldberg Machine? Roelof ( RT ) Temmingh , Haroon Meer , Charl van der Walt How far can automation be taken? How much intelligence can be embodied in code? How ...
The Jericho Challenge - Finalist Architecture Presentations and Awards Paul Simmonds The days of the corporate network, completely isolated with a well-secured outer shell are long ...
Windows Internals: Understanding Security Changes in Windows XP Service Pack 2 Window Snyder This session demonstrates previously unreleased detail around the broad scope of the changes in Windows ...
eEye BootRoot Derek Soeder , Ryan Permeh This presentation will cover the eEye BootRoot project, an exploration of technology that boot sector ...
“Shadow Walker” — Raising The Bar For Rootkit Detection Jamie Butler , Sherri Sparks Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach ...
Beyond EIP Skape , Spoonm When we built Metasploit, our focus was on the exploit development process. We tried to ...
Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps Alex Stamos , Scott Stender Web Services represent a new and unexplored set of security-sensitive technologies that have been widely ...
The Art of File Format Fuzzing Michael Sutton , Adam Greene In September 2004, much hype was made of a buffer overflow vulnerability that existed in ...
Ozone HIPS: Unbreakable Windows Eugene TsyrklevichVlad Tsyrklevich Windows is the number one target on the Internet today. It takes less than 5 ...
World Exclusive – Announcing the OWASP Guide To Securing Web Applications and Services 2.0 Andrew Stock After three years of community development, the Open Web Application Security Project (OWASP) is proud ...
Preventing Child Neglect in DNSSEC-bis using Lookaside Validation Paul A. Vixie Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer ...
Owning Anti-Virus: Weaknesses in a Critical Security Component Neel Mehta , Alex Wheeler AV software is becoming extremely popular because of the its percieved protection. Even the average ...
Building Robust Backdoors In Secret Symmetric Ciphers Adam L. Young This talk will present recent advances in the design of robust cryptographic backdoors in secret ...