BlackHatDC 2007 Feb. 28, 2007 to Feb. 1, 2007, Washington,USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
KEYNOTE: A Story About Digital Security in 2017 | Richard Clarke | To those who seek truth through science, even when the powerful try to suppress it. | |
KEYNOTE: The NSA Information Assurance Directorate and the National Security Community | Tony Sager | The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part ... | |
KEYNOTE: The Psychology of Security | Bruce Schneier | Security is both a feeling and a reality. You can feel secure without actually being ... | |
Dangling Pointer | Jonathan Afek | A Dangling Pointer is a well known security flaw in many applications. When a developer ... | |
Fuzzing Sucks! (or Fuzz it Like you Mean it!) | Pedram Amini , Aaron Portnoy | Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be ... | |
Kick Ass Hypervisoring: Windows Server Virtualization | Brandon Baker | Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server ... | |
Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation | Andrea Barisani , Daniele Bianco | RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio ... | |
Smoke 'em Out! | Rohyt Belani , Keith J. Jones | Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we ... | |
Sphinx: An Anomaly-based Web Intrusion Detection System | Damiano Bolzoni , Emmanuele Zambon | We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been ... | |
Remote and Local Exploitation of Network Drivers | Yuriy Bulygin | During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One ... | |
Blackout: What Really Happened... | Jamie Butler , Kris Kendall | Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart ... | |
Intranet Invasion With Anti-DNS Pinning | David Byrne | Cross Site Scripting has received much attention over the last several years, although some of ... | |
Traffic AnalysisThe Most Powerful and Least Understood Attack Methods | Raven Alder , Nick Matthewson , Jon Callas , Riccardo Bettati | Traffic analysis is gathering information about parties not by analyzing the content of their communications, ... | |
Reverse Engineering Automation with Python | Ero Carerra | Instead of discussing a complex topic in detail, this talk will discuss 4 different very ... | |
Defeating Web Browser Heap Spray Attacks | Moti Joseph , Stephan Chenette | In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" ... | |
Iron Chef Blackhat | Jacob West , Toshinari Kureha , Brian Chess , Sean Fay | Get ready for the code to fly as two masters compete to discover as many ... | |
Unforgivable Vulnerabilities | Steve Christey | For some products, it's just too easy to find a vulnerability. First, find the most ... | |
Computer and Internet Security LawA Year in Review 20062007 | Robert Clark | This presentation reviews the important prosecutions, precedents and legal opinions of the last year that ... | |
Building an Effective Application Security Practice on a Shoestring Budget | David Coffey , John Viega | Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published ... | |
Side Channel Attacks (DPA) and Countermeasures for Embedded Systems | Job de Haas | For 10 years Side Channel Analysis and its related attacks have been the primary focus ... | |
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing | Jared Demott , Richard Enbody , Dr. Bill Punch | Runtime code coverage analysis is feasible and useful when application source code is not available. ... | |
VoIP Security: Methodology and Results | Barrie Dempster | As VoIP products and services increase in popularity and as the "convergence" buzzword is used ... | |
PISA: Protocol Identification via Statistical Analysis | Rob King , Rohit Dhamankar | A growing number of proprietary protocols are using end-to-end encryption to avoid being detected via ... | |
Tor and Blocking-resistance | Roger Dingledine | Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. ... | |
Breaking C++ Applications | Neel Mehta , Mark Dowd , John Mcdonald | This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types ... | |
Something Old (H.323), Something New (IAX), Something Hollow (Security), and Something Blue (VoIP Administrators) | Himanshu Dwivedi | The presentation will discuss the security issues, attacks, and exploits against two VoIP protocols, including ... | |
Kernel Wars | Christer Berg , Claes Nyberg , Joel Eriksson , Karl Janmar | Kernel vulnerabilities are often deemed unexploitable, or at least unlikely to be exploited reliably. Although ... | |
Estonia: Information Warfare and Strategic Lessons | Gadi Evron | In this talk we will discuss what is now referred to as "The 'first' Internet ... | |
CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript | Ben Feinstein , Daniel Peck | The web browser is ever increasing in its importance to many organizations. Far from its ... | |
Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques | Justin Ferguson | Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this ... | |
Don't Tell Joanna, The Virtualized Rootkit Is Dead | Thomas Ptacek , Nate Lawson , Peter Ferrie | Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized ... | |
SQL Server Database Forensics | Kevvie Fowler | Databases are the single most valuable asset a business owns. Databases store and process critical ... | |
Hacking Capitalism | Jeremy Rauch , Dave G. | The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has ... | |
Greetz from Room 101 | Kenneth Geers | Imagine you are king for a day. Enemies are all around you, and they seem ... | |
Disclosure and Intellectual Property Law: Case Studies | Jennifer Granick | The simple decision by a researcher to tell what he or she has discovered about ... | |
Hacking Intranet Websites from the Outside (Take 2)"Fun with and without JavaScript malware" | Robert J. Hansen , Jeremiah Grossman | Attacks always get better, never worse. The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site ... | |
A Dynamic Technique for Enhancing the Security and Privacy of Web Applications | Ariel Waissbein , Ezequiel D. Gutesman | Web applications are often preferred targets in todays threat landscape. Many widely deployed applications were ... | |
Stealth Secrets of the Malware Ninjas | Nick Harbour | It is important for the security professional to understand the techniques used by those they ... | |
Hacking the extensible Firmware Interface | John Heasman | "Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, ... | |
Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity | Brad Hill | Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and ... | |
Vista Network Attack Surface Analysis and Teredo Security Implications | Jim Hoagland | This talk will present the results of a broad analysis performed on the network-facing components ... | |
The Little Hybrid Web Worm that Could | Billy Hoffman , John Terrill | The past year has seen several web worms attacks against various online applications. While these ... | |
Active Reversing: The Next Generation of Reverse Engineering | Greg Hoglund | Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions ... | |
Status of Cell Phone Malware in 2007 | Mikko Hypponen | First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of ... | |
Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones | Krishna Kurapati | Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower ... | |
Black Ops 2007: Design Reviewing The Web | Dan Kaminsky | Design bugs are really difficult to fixnobody ever takes a dependency on a buffer overflow, ... | |
A Picture's Worth... | Neal Krawetz | Digital cameras and video software have made it easier than ever to create high quality ... | |
Point, Click, RTPInject | Zane Lackey , Alex Garbutt | The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and ... | |
RFIDIOts!!! Practical RFID Hacking (Without Soldering Irons or Patent Attorneys) | Adam ( Major Malfunction ) Laurie | RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile ... | |
Practical Sandboxing: Techniques for Isolating Processes | David Leblanc | The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. ... | |
Anonymous AuthenticationPreserving Your Privacy Online | Andrew Lindell | Our right to privacy is under attack today. Actually, no one denies our right to ... | |
Attacking the Windows Kernel | Jonathan Lindsay | Most modern processors provide a supervisor mode that is intended to run privileged operating system ... | |
Database Forensics | David Litchfield | Since the state of California passed the Database Security Breach Notification Act (SB 1386) in ... | |
No-Tech Hacking | Johnny Long | I'm Johnny. I hack stuff. I've been at it for quite a while now, and ... | |
Simple Solutions to Complex Problems from the Lazy Hackers Handbook: What Your Security Vendor Doesnt Want You to Know | David Maynor , Robert Graham | Security is very hard these days: lots of new attack vectors, lots of new acronyms, ... | |
Longhorn Server Foundation & Server Roles | Iain Mcdonald | Iain will discuss Server Foundation and Server Roleshow Longhorn Server applied the principles of attack ... | |
It's All About the Timing | Haroon Meer , Marco Slaviero | Timing attacks have been exploited in the wild for ages. In recent times timing attacks ... | |
Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X | Charlie Miller | According to the Apple website, Mac OS X delivers the highest level of security through ... | |
Other Wireless: New ways of being Pwned | Luis Miras | There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security ... | |
Tactical Exploitation | Valsmith , Hd Moore | Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach ... | |
Defeating Information Leak Prevention | Dan Moniz , Eric Monti | Todays headlines are rife with high profile information leakage cases affecting major corporations and government ... | |
Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage | Jeff Morin | In the realm of application testing, one of the major, but most often overlooked vulnerabilities, ... | |
(un)Smashing the Stack: Overflows, Countermeasures, and the Real World | Shawn Moyer | As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of ... | |
OpenBSD Remote Exploit | Alfredo Ortega | For more than a decade, OpenBSD has had only two officially disclosed bugs that could ... | |
RFID for Beginners++ | Chris Paget | Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a ... | |
Breaking Forensics Software: Weaknesses in Critical Evidence Collection | Alex Stamos , Chris Palmer , Chris Ridder , Tim Newsham | Across the world law enforcement, enterprises and national security apparatus utilize a small but important ... | |
Social Network Site Data Mining | Stephen Patton | Social Network Sites contain a wealth of public information. This information is of great interest ... | |
Securing the Tor Network | Mike Perry | Imagine your only connection to the Internet was through a potentially hostile environment such as ... | |
PyEmu: A multi-purpose scriptable x86 emulator | Cody Pierce | Processor emulation has been around for as long as the processor it emulates. However, emulators ... | |
Covert Debugging: Circumventing Software Armoring Techniques | Danny Quist , Valsmith | Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections ... | |
NACATTACK | Michael Thumann , Dror-john Roecher | Part I: IntroductionMarketing Buzz: The last two years have seen a big new marketing-buzz named ... | |
IsGameOver(), anyone? | Joanna Rutkowska , Alexander Tereshkin | We will present new, practical methods for compromising Vista x64 kernel on the fly and ... | |
Reversing C++ | Paul Vincent Sabanal | As recent as a couple of years ago, reverse engineers can get by with just ... | |
Anonymity and its Discontents | Len Sassaman | In recent years, an increasing amount of academic research has been focused on secure anonymous ... | |
Strengths and Weaknesses of Access Control Systems | Mike Spindel , Eric "Unlocked" Schmiedl | Access control systems are widely used in security, from restricting entry to a single room ... | |
Reflection DNS Poisoning | Jerry Schneider | Targeting an enterprise attack at just a few employees seems to be yielding the best ... | |
Building and Breaking the Browser | Window Snyder , Mike Shaver | Traditional software vendors have little interest in sharing the gory details of what is required ... | |
Heap Feng Shui in JavaScript | Alexander Sotirov | Heap exploitation is getting harder. The heap protection features in the latest versions of Windows ... | |
Blind Security TestingAn Evolutionary Approach | Scott Stender | Security testing is difficult enough when auditors have complete access to the system under review. ... | |
Just Another Windows Kernel Perl Hacker | Joe Stewart | This talk will detail the Windows remote kernel debugging protocol and present a Perl framework ... | |
Premature Ajax-ulation | Billy Hoffman , Bryan Sullivan | Interest in Ajax is sky-high and only continues to grow. Unfortunately, far too many people ... | |
The Security Analytics Project: Alternatives in Analysis | Mark Talabis | With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, ... | |
Transparent Weaknesses in VoIP | Peter Thermos | The presentation will disclose new attacks and weaknesses associated with protocols that are used to ... | |
Exposing Vulnerabilities in Media Software | David Thiel | The attack surface of audio and multimedia software is quite broad. Generally, desktop users tend ... | |
OpenID: Single Sign-On for the Internet | Eugene TsyrklevichVlad Tsyrklevich , Vlad Tsyrklevich | Tired of tracking your username and password across 169 Web 2.0 websites that you have ... | |
Timing Attacks for Recovering Private Entries From Database Engines | Ariel Waissbein , Pablo Damian Saura | In todays threat landscape, data security breaches are mostly due to the exploitation of bugs ... | |
Reversing MSRC Updates: Case Studies of MSRC Bulletins 20042007 | Greg Wroblewski | N/A | |
Static Detection of Application Backdoors | Chris Eng , Chris Wysopal | Backdoors have been part of software since the first security feature was implemented. So unless ... | |
The Art of Unpacking | Mark Vincent Yason | Unpacking is an artit is a mental challenge and is one of the most exciting ... | |
Observing the Tidal Waves of Malware | Stefano Zanero | In this talk we will address the main challenges to be solved in order to ... | |
Z-Phone | Phil Zimmermann | N/A | |
Panel: Ethics Challenge! | David Maynor , David Mortman , David Litchfield , Paul Proctor , Window Snyder , Ian Robertson , Dave Goldsmith , Steven B. Lipner , John N. Stewart | Concerns about ethics for security professionals has been on the rise of late. It's time ... | |
Panel: Executive Womens Forum | Pamela Fusco , Window Synder , Joyce Brocaglia , Becky Bace , Merike Kaeo | We know security is a work in progress, but have you noticed a significant shift ... | |
Panel: Hacker Court 2007: The Case of a Thousand Truths | Jennifer Granick , Kevin Bankston , Richard Thieme , Simple Nomad , Carole Fennelly , Brian Martin , Jesse Kornblum , Richard P. Salgado , Paul Ohm , Caitlin Klein , Ryan Bulat , Jon Klein , Merlin Arduini | Expertise in computer forensic technology means nothing if that expertise cant be conveyed convincingly to ... | |
Panel: Meet the Fed | Jim Christy , Jerry Dixon , Bob Hopper , Ken Privette , Andrew Fried , Robert F. Lentz , Tim Fowler , Keith Rhodes , Ovie L. Carroll , Barry J. Grundy , Michael J. Jacobs , Timothy Kosiba , Richard Marshal | Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the ... | |
Panel: Meet the VCs | Patrick Chung , Maria Cirino , Mark Mcgovern , Dov Yoran , Brad Stone | 2007 held numerous watershed events for the security industry. Innovation is needed and the money ... |