![Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts6/v4/a6/ed/05/a6ed0576-c535-eb8b-400e-e9f1d468fe18/mza_9057766614341250487.jpg/100x100bb.jpg)
Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference
15 episodes - English - Latest episode: almost 18 years ago -Past speeches and talks from the Black Hat Briefings computer security conferences.
The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-index.html
If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and.mp4 h.264 192k video format.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 (English)
June 04, 2006 23:10 - 1 hour - 84.8 KB"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamental "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfortuna...
Dan Moniz: Six Degrees of XSSploitation (Japanese)
June 04, 2006 23:10 - 51 minutes - 47.5 KBSocial networking sites such as MySpace have recently been the target of XSS attacks, most notably the "samy is my hero" incident in late 2005. XSS affects a wide variety of sites and back end web technologies, but there are perhaps no more interesting targets than massively popular sites with viral user acquisition growth curves, which allow for exponential XSS worm propagation, as seen in samy's hack. Combine the power of reaching a wide and ever-widening audience with browser exploits (bas...
Darren Bilby: Defeating Windows Forensic Analysis in the Kernel (Japanese)
June 04, 2006 23:10 - 55 minutes - 50.8 KB"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap y...
Heikki Kortti: Input Attack Trees (Japanese)
June 04, 2006 23:10 - 1 hour - 75 KB"By modeling all of the possible inputs of a protocol or file format as an input tree, the potential weak points of an implementation can be assessed easily and efficiently. Existing attacks can be reused for similar structures and datatypes, and any complex or susceptible areas can be focused on to improve the probability for success. This method is applicable not only for creating new attacks, but also for proactive defense and even protocol design. Some knowledge of network protocols is ex...
Jeff Moss: Welcome Speech (English)
June 04, 2006 23:10 - 7 minutes - 6.71 KBJeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.
Jeff Moss: Welcome Speech (Japanese)
June 04, 2006 23:10 - 6 minutes - 5.79 KBJeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.
Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous (English)
June 04, 2006 23:10 - 1 hour - 77.3 KB"Imagine you?re visiting a popular website and invisible JavaScript Malware steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005?s ""Phishing with Superbait"" presentation we demonstrated that all these things were in fact possible usi...
Joanna Rutkowska: Subverting Vista Kernel For Fun And Profit (English)
June 04, 2006 23:10 - 1 hour - 77.1 KB"The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot. Next, the new technology for creating stealth malware, code-named Blue Pill, will be presented. Blue Pill utilizes the latest virtualization techno...
Kenneth Geers & Alexander Eisen: IPv6 World Update:Strategy & Tactics (Japanese)
June 04, 2006 23:10 - 1 hour - 78.8 KB"The U.S. Government has mandated that its organizations be IPv6-compliant by June 30, 2008. The Japanese government has already missed more than one IPv6 deadline. But while we can argue about specific dates for compliance and deployment, there is no question but that your organization must begin to prepare for the next generation Internet, and it should start today. This presentation is based on wide-ranging, in-depth research, including interviews with the top thinkers on the most cruc...
Mitsugu Okatani: Keynote: Change in the Meaning of Threat and Technology...What are the Current Trends in Japan? (Japanese)
June 04, 2006 23:10 - 1 hour - 59 KB"As the Internet becomes a social framework, attacks and incidents with various intents have been actualized. As a result, previously unrelated organizations and groups have become actively engaged in discussions regarding threats and technology. In addition, they have begun to approach and actively engage in creating and implementing information security policies. This session will cover the information security revolution in Japan, as seen from analzyed attack models which have been actual...
Paul Bohm: Taming Bugs: The art and science of writing secure code (English)
June 04, 2006 23:10 - 1 hour - 68 KBIf you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedStr...
Scott Stender: Attacking Internationalized Software (English)
June 04, 2006 23:10 - 1 hour - 85.1 KB"Every application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation. Some software developers understand that interpreting data is an incredibly difficult task and implement their systems appropriately. The rest write, at ...
Takayuki Sugiura: Winny P2P Security (Japanese)
June 04, 2006 23:10 - 1 hour - 93.5 KB"There have been a series of information leak incidents being happening in Japan regarding to the use of P2P file sharing softwares. But those incidents are just a tip of iceberg. There were expected to be tens of thousands of incidents that even not reported in the news. P2P file sharing softwares usually designed to enhance user anonymity therefore users of such software can enjoy act of violating the copyright law. However, contrary to such users assumption, the nature of P2P networ...
Thorsten Holz: Catching Malware to Detect, Track and Mitigate Botnets (Japanese)
June 04, 2006 23:10 - 1 hour - 81.9 KB"Botnets pose a severe threat to the today?s Internet community. We show a solution to automatically, find, observe and shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automatically collect bots with the help of the tool nepenthes.We present the architecture and give technical details of the implementation. After some more words on the effectiveness of this approach we present an automated way to analyze the collected b...
Yuji Hoshizawa: Increasingly-sophisticated Online Swindler (English)
June 04, 2006 23:10 - 1 hour - 75.6 KB"To know various fraud schemes is important when implementing counter measures against it. During this session, the presenter will show the latest online fraud schemes. Vulnerable Internet users could easily be captured in the traps of which set up by criminals who take increasingly sophisticated online fraud schemes such as Phising and One Click Fraud. In this session, we will show the latest online fraud schemes. Mr. Hoshizawa joined Symantec in 1998, took a position in charge of security ...