![Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts/v4/1b/b1/0a/1bb10acb-ca7b-1c61-1899-aa1ab1707da7/mza_3659569681357734465.jpg/100x100bb.jpg)
Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference
14 episodes - English - Latest episode: over 17 years ago - ★★★ - 1 ratingPast speeches and talks from the Black Hat Briefings computer security conferences.
October 17-18 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Katsuya Uchida was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-japan-05/bh-jp-05-main.html
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo
If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-media-archives/bh-archives-2005.html#asia-05and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and.mp4 h.264 192k video format.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Chris Hurley: Identifying and Responding to Wireless Attacks (English)
October 31, 2006 23:10 - 1 hour - 11 KB"This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presented. Chris Hurley (Roamer) is a Senior Penetration Tester working in the Washington, DC area. He is the founder of the WorldWide WarDrive, a four-...
Dan Kaminsky: Black Ops Of TCP/IP 2005 (English)
October 31, 2006 23:10 - 1 hour - 14 KB"Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed, including: * A temporal attack against IP fragmentation, using variance in fragment reassembly timers to evade Netw...
David Maynor: Architecture Flaws in Common Security Tools (English)
October 31, 2006 23:10 - 1 hour - 12 KB"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepte...
Dominique Brezinski: A Paranoid Perspective of an Interpreted Language (English)
October 31, 2006 23:10 - 1 hour - 13.1 KB"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the p...
Ejovi Nuwere: The Art of SIP fuzzing and Vulnerabilities Found in VoIP (English)
October 31, 2006 23:10 - 50 minutes - 8.62 KB"This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors. The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches for fuzzing text based protocols which can be more complex then fuzzing binary protocols. This talk will include: * 0 day vulnerabilities (o...
Hideaki Ihara: Forensics in Japan (Japanese)
October 31, 2006 23:10 - 1 hour - 13.9 KB"In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character encoding and Japanese are significant issues for Japanese agents. This session will cover the various issues on Japanese when using popular forensic to...
Jeff Moss: Closing Speech (English )
October 31, 2006 23:10 - 8 minutes - 1.47 KBClosing ceremonies and speech given by Jeff Moss.
Jeremiah Grossman: Phishing with Super Bait (English)
October 31, 2006 23:10 - 1 hour - 11.3 KB"The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It?s imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We?re all very familiar with each of those issues. Instead, we?ll discuss the potential impact when the two are combined to form new attack techniques. Phishers ...
Katsuya Uchida: Keynote: The Day After... (Japanese)
October 31, 2006 23:10 - 1 hour - 11 KB"ARPANET was established in 1968. In 1971, "creeper"programmed by Bob Thomas moved from computer to computer on ARPANET and displayed on each user's screen "I'm the creeper. Catch me if you can!". Xerox PARC set up the ethernet in 1973 since researchers were interested in the concept of "distributed processing". They were testing programs whose function were to check other computers on a network to see if they were active. One of the programs became known as the Xerox worm. More than thirty ...
Kenneth Geers: Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) (English)
October 31, 2006 23:10 - 1 hour - 15 KB"Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think that Anna Kournikova is hot. If the answer to any of the above questions is yes, then you need an introduction to the Gulag Archipelago of the Inte...
Michael Sutton and Adam Greene: The Art of File Format Fuzzing (English)
October 31, 2006 23:10 - 49 minutes - 8.43 KB"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be ...
Satoru Koyama: Botnet survey result. "Our security depends on your security." (Japanese)
October 31, 2006 23:10 - 1 hour - 13.4 KB"Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets. However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found during the investigation and the current state of the massive amount of infected users and sub-species of botnets. Satoru Koyama Joined NIPPON TELEG...
Saumil Shah and Dave Cole: Adware/Spyware (English)
October 31, 2006 23:10 - 1 hour - 13.7 KB"The Business * Timeline?how did we get into this mess? * The players * How their business works * Legislative environment The Technology * Technical overview of different types of programs (taxonomy) * Describe how the programs function * How adware/spyware is installed * Hijacking the system * How it updates itself * Proven techniques to prevent & remove Looking ahead * Market polarization, bad get worse, good get better (more white, less g...
Sherri Sparks and Jamie Butler: "Shadow Walker" Raising The Bar For Rootkit Detection (English)
October 31, 2006 23:10 - 53 minutes - 9.2 KB"Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly by modifying private kernel objects in memory. This technique was coined DKOM, or Direct Kernel Object Manipulation. The difficulty in detecting t...