Blackhat USA 2007 July 1, 2007 to July 1, 2007, Las Vegas, USA

Event Page

Tell us about missing data
Title Speakers Summary Topic Types
Social Network Site Data Mining Stephen Patton Social Network Sites contain a wealth of public information. This information is of great interest ... Security
Breaking Forensics Software: Weaknesses In Critical Evidence Collection Chris Ridder Across the world law enforcement, enterprises and national security apparatus utilize a small but important ... Security Forensics
Openbsd Remote Exploit Alfredo Ortega For more than a decade, OpenBSD has had only two officially disclosed bugs that could ... Security Exploitation
Rfid For Beginners++ Chris Paget Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a ... Security
(Un)Smashing The Stack: Overflows, Countermeasures, And The Real World Shawn Moyer As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of ... Security
Type Conversion Errors: How A Little Data Type Can Do A Whole Lot Of Damage Jeff Morin In the realm of application testing, one of the major, but most often overlooked vulnerabilities, ... Security
Defeating Information Leak Prevention Dan Moniz Todays headlines are rife with high profile information leakage cases affecting major corporations and government ... Security
Other Wireless: New Ways Of Being Pwned Luis Miras There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security ... Security Wireless
Tactical Exploitation Valsmith Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach ... Security Exploitation
Hacking Leopard: Tools And Techniques For Attacking The Newest Mac Os X Charlie Miller According to the Apple website, “Mac OS X delivers the highest level of security through ... Security Development
Longhorn Server Foundation &Amp; Server Roles Iain Mcdonald Iain will discuss Server Foundation and Server Roles—how Longhorn Server applied the principles of attack ... Security
It'S All About The Timing Marco Slaviero Timing attacks have been exploited in the wild for ages. In recent times timing attacks ... Security Web Firewall Malware
Simple Solutions To Complex Problems From The Lazy Hacker’S Handbook: What Your Security Vendor Doesn’T Want You To Know David Maynor Security is very hard these days: lots of new attack vectors, lots of new acronyms, ... Security Compliance
No-Tech Hacking Johnny Long I'm Johnny. I hack stuff. I've been at it for quite a while now, and ... Security Wireless Cloud
Keynote: Richard Clarke To those who seek truth through science, even when the powerful try to suppress it. Security
Database Forensics David Litchfield Since the state of California passed the Database Security Breach Notification Act (SB 1386) in ... Security Forensics
Practical Sandboxing: Techniques For Isolating Processes David Leblanc The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. ... Security
Anonymous Authentication–Preserving Your Privacy Online Andrew Lindell Our right to privacy is under attack today. Actually, no one denies our right to ... Security Privacy
Rfidiots!!!– Practical Rfid Hacking (Without Soldering Irons Or Patent Attorneys) Adam ( Major Malfunction ) Laurie RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile ... Security
Point, Click, Rtpinject Alex Garbutt The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and ... Security Media
A Picture'S Worth... Dr. Neal Krawetz Digital cameras and video software have made it easier than ever to create high quality ... Security
Black Ops 2007: Design Reviewing The Web Dan Kaminsky Design bugs are really difficult to fix—nobody ever takes a dependency on a buffer overflow, ... Security Web
Status Of Cell Phone Malware In 2007 Mikko Hypponen First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of ... Security Malware
Vulnerabilities In Wi-Fi/Dual-Mode Voip Phones Krishna Kurapati Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower ... Security
Active Reversing: The Next Generation Of Reverse Engineering Greg Hoglund Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions ... Security
The Little Hybrid Web Worm That Could John Terrill The past year has seen several web worms attacks against various online applications. While these ... Security Web
Vista Network Attack Surface Analysis And Teredo Security Implications Jim Hoagland This talk will present the results of a broad analysis performed on the network-facing components ... Security Analysis
Attacking Web Service Security: Message Oriented Madness, Xml Worms And Web Service Security Sanity Brad Hill Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and ... Security Web
Hacking The Extensible Firmware Interface John Heasman The Extensible Firmware Interface (EFI) has long been touted as the replacement for the traditional ... Security
A Dynamic Technique For Enhancing The Security And Privacy Of Web Applications Ariel Waissbein , Ezequiel D. Gutesman Web applications are often preferred targets in today’s threat landscape. Many widely deployed applications were ... Security Web Privacy
Stealth Secrets Of The Malware Ninjas Nick Harbour It is important for the security professional to understand the techniques used by those they ... Security Malware
Hacking Intranet Websites From The Outside (Take 2)–Fun With And Without Javascript Malware Robert Hansen Attacks always get better, never worse. The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site ... Security Malware
Disclosure And Intellectual Property Law: Case Studies Ennifer Granick The simple decision by a researcher to tell what he or she has discovered about ... Security Legal
Hacking Capitalism Jeremy Rauch The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has ... Security Web
Greetz From Room 101 Kenneth Geers Imagine you are king for a day. Enemies are all around you, and they seem ... Security
Sql Server Database Forensics Kevvie Fowler Databases are the single most valuable asset a business owns. Databases store and process critical ... Security Forensics SQL
Don'T Tell Joanna, The Virtualized Rootkit Is Dead Thomas Ptacek Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized ... Security Rootkits
Understanding The Heap By Breaking It: A Case Study Of The Heap As A Persistent Data Structure Through Non-Traditional Exploitation Techniques Justin Ferguson Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this ... Security Exploitation
Estonia: Information Warfare And Strategic Lessons Gadi Evron In this talk we will discuss what is now referred to as "The 'first' Internet ... Security
Caffeinemonkey: Automated Collection, Detection And Analysis Of Malicious Javascript Daniel Peck The web browser is ever increasing in its importance to many organizations. Far from its ... Security Analysis
Kernel Wars Karl Janmar Kernel vulnerabilities are often deemed unexploitable, or at least unlikely to be exploited reliably. Although ... Security Exploitation
Something Old (H.323), Something New (Iax), Something Hollow (Security), And Something Blue (Voip Administrators) Himanshu Dwivedi The presentation will discuss the security issues, attacks, and exploits against two VoIP protocols, including ... Security Testing
Breaking C++ Applications Neel Mehta This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types ... Security
Tor And Blocking-Resistance Roger Dingledine Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. ... Security Anonymity
Pisa: Protocol Identification Via Statistical Analysis Rob King A growing number of proprietary protocols are using end-to-end encryption to avoid being detected via ... Security Analysis
Voip Security: Methodology And Results Barrie Dempster As VoIP products and services increase in popularity and as the "convergence" buzzword is used ... Security
Revolutionizing The Field Of Grey-Box Attack Surface Testing With Evolutionary Fuzzing Dr. Bill Punch Runtime code coverage analysis is feasible and useful when application source code is not available. ... Security Fuzzing Testing
Side Channel Attacks (Dpa) And Countermeasures For Embedded Systems Job de Haas For 10 years Side Channel Analysis and its related attacks have been the primary focus ... Security
Building An Effective Application Security Practice On A Shoestring Budget John Viega Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published ... Security Business
Computer And Internet Security Law—A Year In Review 2006–2007 Robert Clark This presentation reviews the important prosecutions, precedents and legal opinions of the last year that ... Security Legal
Unforgivable Vulnerabilities Steven M. Christey For some products, it's just too easy to find a vulnerability. First, find the most ... Security Development
Iron Chef Blackhat Toshinari Kureha Get ready for the code to fly as two masters compete to discover as many ... Security Panel
Reverse Engineering Automation With Python Ero Carerra Instead of discussing a complex topic in detail, this talk will discuss 4 different very ... Security Automation
Defeating Web Browser Heap Spray Attacks Moti Joseph In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" Security Web Browser
Traffic Analysis—The Most Powerful And Least Understood Attack Methods Nick Matthewson Traffic analysis is gathering information about parties not by analyzing the content of their communications, ... Security Analysis
Attacking The Windows Kernel Jonathan Lindsay Most modern processors provide a supervisor mode that is intended to run privileged operating system ... Security Access
Intranet Invasion With Anti-Dns Pinning David Byrne Cross Site Scripting has received much attention over the last several years, although some of ... Security Web
Blackout: What Really Happened... Kris Kendall Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart ... Security Forensics
Remote And Local Exploitation Of Network Drivers Yuriy Bulygin During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One ... Security Exploitation
Sphinx: An Anomaly-Based Web Intrusion Detection System Emmanuele Zambon We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been ... Security Web
Smoke 'Em Out! Keith J. Jones Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we ... Security
Injecting Rds-Tmc Traffic Information Signals A.K.A. How To Freak Out Your Satellite Navigation Daniele Bianco RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio ... Security
Kick Ass Hypervisoring: Windows Server Virtualization Brandon Baker Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server ... Security
Fuzzing Sucks! (Or Fuzz It Like You Mean It!) Aaron Portnoy Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be ... Security Fuzzing
Dangling Pointer Jonathan Afek A Dangling Pointer is a well known security flaw in many applications. Security
Keynote:The Psychology Of Security Bruce Schneier Security is both a feeling and a reality. You can feel secure without actually being ... Security Risk
Keynote:The Nsa Information Assurance Directorate And The National Security Community Tony Sager The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part ... Security Community
Securing The Tor Network Mike Perry Imagine your only connection to the Internet was through a potentially hostile environment such as ... Security Wireless Anonymity Privacy Risk
Pyemu: A Multi-Purpose Scriptable X86 Emulator Cody Pierce Processor emulation has been around for as long as the processor it emulates. However, emulators ... Security Analysis Malware Development
Covert Debugging: Circumventing Software Armoring Techniques Valsmith Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections ... Security
Nacattack Michael Thumann Part I: Introduction—Marketing Buzz:The last two years have seen a big new marketing-buzz named "Admission ... Security
Isgameover(), Anyone? Alexander Tereshkin We will present new, practical methods for compromising Vista x64 kernel on the fly and ... Security
Reversing C++ Paul Vincent Sabanal As recent as a couple of years ago, reverse engineers can get by with just ... Security Analysis Malware
Anonymity And Its Discontents Len Sassaman In recent years, an increasing amount of academic research has been focused on secure anonymous ... Security Anonymity
Strengths And Weaknesses Of Access Control Systems Eric SchmiedlMike Spindel Access control systems are widely used in security, from restricting entry to a single room ... Security Access
Reflection Dns Poisoning Jerry Schneider Targeting an enterprise attack at just a few employees seems to be yielding the best ... Security DNS
Building And Breaking The Browser Mike Shaver Traditional software vendors have little interest in sharing the gory details of what is required ... Security Browser
Heap Feng Shui In Javascript Alexander Sotirov Heap exploitation is getting harder. The heap protection features in the latest versions of Windows ... Security Exploitation
Blind Security Testing—An Evolutionary Approach Scott Stender Security testing is difficult enough when auditors have complete access to the system under review. ... Security Access Testing
Just Another Windows Kernel Perl Hacker Joe Stewart , Joe Stewart This talk will detail the Windows remote kernel debugging protocol and present a Perl framework ... Security
Premature Ajax-Ulation Billy Hoffman Interest in Ajax is sky-high and only continues to grow. Unfortunately, far too many people ... Security Development
Transparent Weaknesses In Voip Peter Thermos The presentation will disclose new attacks and weaknesses associated with protocols that are used to ... Security
Exposing Vulnerabilities In Media Software David Thiel The attack surface of audio and multimedia software is quite broad. Generally, desktop users tend ... Security Media
Openid: Single Sign-On For The Internet Eugene TsyrklevichVlad Tsyrklevich Tired of tracking your username and password across 169 Web 2.0 websites that you have ... Security
Timing Attacks For Recovering Private Entries From Database Engines Pablo Damian Saura In today’s threat landscape, data security breaches are mostly due to the exploitation of bugs ... Security Web Access Exploitation
Reversing Msrc Updates: Case Studies Of Msrc Bulletins 2004–2007 Greg Wroblewski None Security
Static Detection Of Application Backdoors Chris Eng Backdoors have been part of software since the first security feature was implemented. So unless ... Security
The Art Of Unpacking Mark Vincent Yason Unpacking is an art—it is a mental challenge and is one of the most exciting ... Security
Observing The Tidal Waves Of Malware Stefano Zanero In this talk we will address the main challenges to be solved in order to ... Security Malware
Z-Phone Phil Zimmermann None Security
Panel:Ethics Challenge! Dave Goldsmith Concerns about ethics for security professionals has been on the rise of late. It's time ... Security
Panel:Executive Womens Forum Window Synder We know security is a work in progress, but have you noticed a significant shift ... Security Panel
Panel:Meet The Fed Special Christy Discussion of the power of Digital Forensics today and the real-world challenges.  Also discuss the ... Security Forensics
The Security Analytics Project: Alternatives In Analysis Mark Talabis With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, ... Security Analysis
Panel:Hacker Court2007: The Case Of A Thousand Truths Carole Arduini Expertise in computer forensic technology means nothing if that expertise can’t be conveyed convincingly to ... Security Forensics
Panel:Meet The Vcs Dov Yoran 2007 held numerous watershed events for the security industry. Innovation is needed and the money ... Security Business
Panel:Spyware 2010: Center For Democracy &Amp; Technology Anti-Spyware Coalition Mario Vuksan Profit and motive for spyware will increase drastically over the next three years. How are ... Security