Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference artwork

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

86 episodes - English - Latest episode: almost 18 years ago - ★★★★ - 4 ratings

Past speeches and talks from the Black Hat Briefings computer security conferences.
The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html



Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo



If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!;br>
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format

Technology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Episodes

Abolade Gbadegesin : The NetIO Stack - Reinventing TCP/IP in Windows Vista

June 04, 2006 23:10 - 58 minutes - 133 KB Video

TCP/IP is on the front lines in defending against network attacks, from intrusion attempts to denial-of-service. Achieving resilience depends on factors from NIC driver quality up through network application behavior. Windows Vista delivers resilience, security and extensibility with the NetIO stack-a re-architected and re-written TCP/IP stack. Windows Vista Network Architect Abolade Gbadegesin will provide an in-depth technical description of the new architecture and new features, and will p...

Adrian Marinescu: Windows Vista Heap Management Enhancements - Security, Reliability and Performance

June 04, 2006 23:10 - 1 hour - 165 KB Video

All applications and operating systems have coding errors and we have seen technical advances both in attack and mitigation sophistication as more security vulnerabilities are exploiting defects related to application and OS memory and heap usage. Starting with W2k3 and XP/SP2, Windows incorporated technologies to reduce the reliability of such attacks. The heap manager in Windows Vista pushes the innovation much further in this area. This talk will describe the challenges the heap team faced...

Alexander Kornbrust: Oracle Rootkits 2.0

June 04, 2006 23:10 - 43 minutes - 121 KB Video

This presentation shows the next (2.) generation of Oracle Rootkits. In the first generation, presented at the Blackhat 2005 in Amsterdam, Oracle Rootkits were implemented by modifying database views to hide users, jobs and sessions. The next generation presented at the BH USA is using more advanced techniques to hide users/implement backdoors. Modifications on the data dictionary objects are no longer necessary so it’s not possible to find the new generation of rootkits by checksumming th...

Alexander Sotirov: Hotpatching and the Rise of Third-Party Patches

June 04, 2006 23:10 - 56 minutes - 134 KB Video

Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used by old-school DOS viruses, spyware, and many security products. This presentation will focus on one particular application of hotpatching: the development of third-party security patches in the absence of source code or vendor support, as illustrated by Ilfak Guilfanov’s unofficial fix for the WMF vulnerability in December of 2005. The present...

Alexander Tereshkin: Rootkits: Attacking Personal Firewalls

June 04, 2006 23:10 - 51 minutes - 116 KB Video

Usually, a personal firewall and an antivirus monitor are the only tools run by a user to protect the system from any malware threat with any level of sophistication. This level significantly increases when malware authors add kernel mode rootkit components to their code in order to avoid easy detection. As rootkit technologies become more and more popular, we can clearly see that many AV vendors begin to integrate anti-rootkit code into their products. However, the firewall evolution is not ...

Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

June 04, 2006 23:10 - 1 hour - 172 KB Video

The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamentals of "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques developers can use to give their applications the level of interactivity of client-side software with the platform-independence of JavaScript. Unfor...

Andrew Cushman: Microsoft Security Fundamentals - Engineering, Response and Outreach

June 04, 2006 23:10 - 57 minutes - 135 KB Video

You’ve heard about Trustworthy Computing and you’ve seen some security improvements from Microsoft. You may have wondered-"is this change real or is it just lip service?" You may also have asked yourself "self, why did they do that?" This presentation will give you an historical and current view of the changes Microsoft has made and our policies and procedures that deliver more secure products and improved security response. This promises to be a lively and entertaining talk illustrated with ...

Bala Neerumalla: SQL Injections by truncation

June 04, 2006 23:10 - 28 minutes - 85.6 KB Video

In this talk, I will discuss some ways to circumvent common mitigations of SQL Injection vulnerabilities in dynamic SQL. I will then suggest ways to protect against them. Bala Neerumalla specializes in finding application security vulnerabilities. He worked as a security engineer for SQL Server 2000 and SQL Server 2005. He is currently working as a security engineer for Exchange Hosted Services."

Billy Hoffman: Ajax (in)security

June 04, 2006 23:10 - 1 hour - 166 KB Video

Ajax can mean different things to different people. To a user, Ajax means smooth web applications like Google Maps or Outlook Web Access. To a developer, Ajax provides methods to enrich a user's experience with a web application by reducing latency and offloading complex tasks on the client. To an information architect, Ajax means fundamentally changing the design of web applications so they span both client and server. To the security professional, Ajax makes life difficult by increasing the...

Billy Hoffman: Analysis od Web application worms and Viruses

June 04, 2006 23:10 - 1 hour - 190 KB Video

Worms traditionally propagate by exploiting a vulnerability in an OS or an underlying service. 2005 saw the release in the wild of the first worms that propagate by exploiting vulnerabilities in web applications served by simple http daemons. With the near ubiquity of W3C compliant web browsers and advances in dynamic content generation and client-side technologies like AJAX, major players like Google, Yahoo, and Microsoft are creating powerful application accessible only through web browsers...

Brendan O'Connor: Vulnerabilities in Not-So Embedded Systems

June 04, 2006 23:10 - 1 hour - 134 KB Video

Printers, scanners, and copiers still have a reputation of being embedded systems or appliances; dumb machines that perform a specific, repetitive function. Today's devices are far different than their predecessors, but still do not receive the same level of security scrutiny as servers, workstations, routers, or even switches. The goal of this talk is to change the way we look at these devices, and leave the audience with a better awareness of the security implications of having these device...

Brian Caswell and HD Moore: Thermoptic Camoflauge: Total IDS Evasion

June 04, 2006 23:10 - 1 hour - 198 KB Video

Intrusion detection systems have come a long way since Ptacek and Newsham released their paper on eluding IDS, but the gap between the attackers and the defenders has never been wider. This presentation focuses on the two weakest links in the current generation of intrusion detection solutions: application protocols and resource limitations. Complex protocols often have the most dangerous flaws, yet these protocols are barely supported by most intrusion detection engines. Like any other netwo...

Bruce Potter: Bluetooth Defense kit

June 04, 2006 23:10 - 1 hour - 147 KB Video

In the last 3 years, Bluetooth has gone from geeky protocol to an integral part of our daily life. From cars to phones to laptops to printers, Bluetooth is everywhere. And while the state of the art with respect to Bluetooth attack has been progressing, Bluetooth defense has been lagging. For many vendors, the solution to securing Bluetooth is to simply "turn it off." There are very few tools and techniques that can be used today to secure a Bluetooth interface without resorting to such extr...

Bruce Potter: The Trusted Computing Revolution

June 04, 2006 23:10 - 44 minutes - 127 KB Video

Trusted computing is considered a dirty word by many due to its use for Digital Rights Management (DRM). There is a different side of trusted computing, however, that can solve problems information security professionals have been attempting to solve for more than three decades. Large scale deployment of trusted computing will fundamentally change the threat model we have been using for years when building operating systems, applications, and networks. This talk will examine the history of tr...

Charles Edge: Attacking Apple’s Xsan

June 04, 2006 23:10 - 16 minutes - 42 KB Video

A fundamental of many SAN solutions is to use metadata to provide shared access to a SAN. This is true in iSCSI or FibreChannel and across a wide variety of products. Metadata can offer a way around the built-in security features provided that attackers have FibreChannel connectivity. SAN architecture represents a symbol of choosing speed over security. Metadata, the vehicle that provides speed, is a backdoor into the system built around it. In this session we will cover using Metadata to ...

Chris Eng: Breaking Crypto Without Keys: Analyzing Data in Web Applications

June 04, 2006 23:10 - 1 hour - 140 KB Video

How often have you encountered random-looking cookies or other data in a web application that didn‚t easily decode to human readable text? What did you do next-ignore it and move on, assuming that it was encrypted data and that brute forcing the key would be infeasible? At the end of the test, when the application developer informed you that they were using 3DES with keys rotating hourly, did you tell them they were doing a good job, secretly relieved that you didn't waste your time trying to...

Chuck Willis : Web application Incident Response and forensics- A Whole new ball game.

June 04, 2006 23:10 - 1 hour - 191 KB Video

Web applications are normally the most exposed and the most easily compromised part of an organization's network presence. This combination requires that organizations be prepared for web application compromises and have an efficient plan for dealing with them. Unfortunately, traditional techniques for forensics and incident response do not take into account the unique requirements of web applications. The multi-level architecture, business criticality, reliance on major database and middlewa...

Claudio Merloni: The BlueBag: a mobile, covert Bluetooth attack and infection device

June 04, 2006 23:10 - 49 minutes - 111 KB Video

How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, see what you're typing on the keyboard, take pictures of the room you're in, and monitor everything you're doing, without ever getting in the range of your Bluetooth mobile phone? In this talk we present a set of projects that can be combined to exploit Bluetooth devices (and users...), weaknesses building a distributed network of agents spreading via Bluetooth which can seek given targets an...

Corey Benninger: Finding Gold in the Browser Cache

June 04, 2006 23:10 - 17 minutes - 47 KB Video

Looking for instant gratification from the latest client side attack? Your search may be over when you see the data that can be harvested from popular web browser caches. This discussion will focus on what web application programmers are NOT doing to prevent data like credit card and social security numbers from being cached. It will explore what popular websites are not disabling these features and what tools an attacker can use to gather this information from a compromised machine. A genera...

Daniel Bilar: Automated Malware Classification/Analysis Through Network Theory and Statistics

June 04, 2006 23:10 - 26 minutes - 67 KB Video

Automated identification of malicious code and subsequent classification into known malware families can help cut down laborious manual malware analysis time. Call sequence, assembly instruction statistics and graph topology all say something about the code. This talk will present three identification and classification approaches that use methods and results from complex network theory. Some familiarity with assembly, Win32 architecture, statistics and basic graph theory is helpful. Danie...

Dan Kaminsky: Black Ops 2006

June 04, 2006 23:10 - 1 hour - 182 KB Video

The known topics for this year include: 1. The Worldwide SSL Analysis-There's a major flaw in the way many, many SSL devices operate. I'll discuss how widespread this flaw is, as well as announce results from this worldwide SSL scan. 2. Syntax Highlighting...on Hexdumps. Reverse Engineering efforts often require looking at hex dumps-without much context for whats being looked at. I will discuss a "bridge" position between AI and manual operation in which compression code is used to ...

Dan Larkin: Keynote: Fighting Organized Cyber Crime - War Stories and Trends

June 04, 2006 23:10 - 54 minutes - 158 KB Video

As one of the pioneers of partnerships for the FBI, Dan Larkin of the FBI’s Cyber Division will outline how the FBI has taken this concept from rhetoric to reality over the past 5 years. This presentation will explore how the mantra "make it personal" has aided the FBI in forging exceptional alliances with key stake holders from industry, academia and law enforcement both domestically and abroad. This presentation will also outline how such collaborations have helped to proactively advance th...

Dan Moniz & HD Moore: Six Degrees of XSSploitation

June 04, 2006 23:10 - 43 minutes - 106 KB Video

Social networking sites such as MySpace have recently been the target of XSS attacks, most notably the "samy is my hero" incident in late 2005. XSS affects a wide variety of sites and back end web technologies, but there are perhaps no more interesting targets than massively popular sites with viral user acquisition growth curves, which allow for exponential XSS worm propagation, as seen in samy's hack. Combine the power of reaching a wide and ever-widening audience with browser exploits (bas...

David Endler: Hacking VOIP Exposed

June 04, 2006 23:10 - 1 hour - 14.3 KB

Lately there seems to be an explosion of press hype around the possibility of hackers exploiting Voice-over-IP networks and services (Skype, Vonage, etc.). VoIP Spam, Caller ID Spoofing, Toll Fraud, VoIP Phishing, Eavesdropping, and Call Hijacking are just some of the terms being thrown around that seem to cause a fair share of fear and uncertainty in the market. We set out to write "Hacking Exposed VoIP" in part to combat this FUD, and also in order to help admins prioritize and defend a...

David Hulton & Dan Moniz: Faster Pwning Assured: Hardware Hacks and Cracks with FPGA's

June 04, 2006 23:10 - 1 hour - 159 KB Video

This talk will go in-depth into methods for breaking crypto faster using FPGAs. FPGA's are chips that have millions of gates that can be programmed and connected arbitrarily to perform any sort of task. Their inherent structure provides a perfect environment for running a variety of crypto algorithms and do so at speeds much faster than a conventional PC. A handful of new FPGA crypto projects will be presented and will demonstrate how many algorithms can be broken much faster than people real...

David Litchfield : All New Zero Day

June 04, 2006 23:10 - 45 minutes - 131 KB Video

David Litchfield specializes in searching for new threats to database systems and web applications. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of "The Database Hacker's Handbook", "The Shellcoder's Handbook", "SQL Server Security", and "Special Ops". In his spare time he is the Managing Director of Next Generation Security Software Ltd.

Dino Dai Zovi: Hardware Virtualization Based Rootkits

June 04, 2006 23:10 - 50 minutes - 109 KB Video

Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the Intel® Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also p...

Doug Mohney: Defending Against Social Engineering with Voice Analytics

June 04, 2006 23:10 - 45 minutes - 123 KB Video

Voice analytics-once the stuff of science fiction and Echelon speculation-is now commercially available and is being used by call centers processing hundreds of thousands of calls per day to authenticate identity, spot key words and phrases, and even detect when a caller is angry or frustrated. It is also being used by large financial institutions for fraud prevention. These same tools can be applied to detect and deter social engineering attacks. This presentation will discuss the current of...

Emmanuele Zambon: "NIDS, false positive reduction through anomaly detection"

June 04, 2006 23:10 - 48 minutes - 107 KB Video

The Achilles' heel of network IDSs lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS to raise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets to produce false alerts, thereby lowering the defences of the IT infrastructure. Our ...

Franck Veysset and Laurent Butti: Wi-Fi Advanced Stealth

June 04, 2006 23:10 - 17 minutes - 46 KB Video

Wireless stealth was somewhat expensive some years ago as we were required to use proprietary radios and so on… Thanks to increasingly flexible low-cost 802.11 chipsets we are now able to encode any MAC layer proprietary protocol over 2.4 GHz/5 GHz bands! This could mean stealth to everybody at low-cost! This presentation will focus on two techniques to achieve a good level of stealth: * a userland technique exploiting a covert channel over valid 802.11 frames; * a driverland t...

FX: Analysing Complex Systems: The BlackBerry Case

June 04, 2006 23:10 - 57 minutes - 164 KB Video

When trying to analyze a complex system for its security properties, very little information is available in the beginning. If the complex system in question contains parts that the analyst cannot see or touch, proprietary hardware and software as well as large scale server software, the task doesn't get any easier. The talk will tell the story about how Phenoelit went about looking at RIM's BlackBerry messaging solution while focusing on the approaches tryed their expected and real effective...

Greg Hoglund: Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design

June 04, 2006 23:10 - 49 minutes - 117 KB Video

Online games are very popular and represent some of the most complex multi-user applications in the world. World of Warcraft® takes center stage with over 5 million players worldwide. In these persistent worlds, your property (think gold and magic swords), is virtual-it exists only as a record in a database. Yet, over $600 million real dollars were spent in 2005 buying and selling these virtual items. Entire warehouses in China are full of sweatshop‚ workers who make a few dollars a month to ...

Hacker Court Panel: Hacker Court 2006: Sex, Lies and Sniffers

June 04, 2006 23:10 - 1 hour - 165 KB Video

Expertise in computer forensic technology means nothing if that expertise can’t be conveyed convincingly to a jury. Presenting technical evidence in a courtroom is a far cry from presenting a technical paper at Black Hat. Sure, a computer professional may understand the importance of full headers in tracing email origins, but a jury has no clue. The real challenge in the field of computer forensics is translating complicated technical evidence in terms your typical grandmother would understan...

Hacker Court Part 2: Hacker Court 2006: Sex, Lies and Sniffers

June 04, 2006 23:10 - 1 hour - 282 KB Video

Part two: Expertise in computer forensic technology means nothing if that expertise can’t be conveyed convincingly to a jury. Presenting technical evidence in a courtroom is a far cry from presenting a technical paper at Black Hat. Sure, a computer professional may understand the importance of full headers in tracing email origins, but a jury has no clue. The real challenge in the field of computer forensics is translating complicated technical evidence in terms your typical grandmother wou...

Halvar Flake: RE 2006: New Challenges Need Changing Tools

June 04, 2006 23:10 - 45 minutes - 109 KB Video

Reverse Engineering has come a long way-what used to be practiced behind closed doors is now a mainstream occupation practiced throughout the security industry. Compilers and languages are changing, and the reverse engineer has to adapt: Nowadays, understanding C and the target platform assembly language is not sufficient any more. Too many reverse engineers shy away from analyzing C++ code and run into trouble dealing with heavily optimized executables. This talk will list common challenges ...

HD Moore: Metasploit Reloaded

June 04, 2006 23:10 - 1 hour - 218 KB Video

Over the last three years, the Metasploit Framework has evolved from a klunky exploit toolkit to a sleek EIP-popping machine. The latest version of the Framework is the result of nearly two years of development effort and has become a solid platform for security tool development and automation. In this talk, we will demonstrate how to use the new Framework to automate vulnerability assessments, perform penetration testing, and build new security tools that interact with complex network protoc...

Hendrik Scholz: SIP Stack Fingerprinting and stack difference attacks

June 04, 2006 23:10 - 51 minutes - 145 KB Video

VoIP applications went mainstream, although the underlying protocols are still undergoing constant development. The SIP protocol being the main driver behind this has been analyzed, fuzzed and put to the test before, but interoperability weaknesses still yield a large field for attacks. This presentation gives a short introduction to the SIP protocol and the threats it exposes; enough to understand the issues described. A SIP stack fingerprinting tool will be released during the talk which al...

Himanshu Dwivedi: I’m Going To Shoot The Next Person Who Says VLANs

June 04, 2006 23:10 - 24 minutes - 60.3 KB Video

Assessing and analyzing storage networks are key to protecting sensitive data at rest; however, the tools and procedures to protect such resources are absent. The presentation will attempt to bridge the gap between security professionals worried about storage security and the lack of tools/process to mitigate any exposures. The presentation will introduce the Storage Network Audit Program (SNAP), which is an assessment program for security professionals who wish to ensure their storage networ...

Jamie Butler: R^2: The Exponential Growth in Rootkit Techniques

June 04, 2006 23:10 - 42 minutes - 98.4 KB Video

Rootkit technology has exploded recently, especially in the realm of remote command and control vectors. This talk will cover the evolution of rootkit techniques over the years. It will explore the interaction between corporations, the open source community, and the underground. A detailed analysis of how different rootkits are implemented will be covered. Based on this analysis, the presentation concludes with a discussion of detection methods. James Butler has almost a decade of experien...

Jay Schulman: Phishing with Asterisk PBX

June 04, 2006 23:10 - 48 minutes - 135 KB Video

As many people are becoming more accustom to phishing attacks, standard website and e-mail phishing schemes are becoming harder to accomplish. This presentation breaks all of the phishing norms to present an effective, alternative phishing method from start to finish in 75 minutes using Linux and Asterisk, the open-source PBX platform. With an Asterisk installation, we’ll setup an account and build a telephone phishing platform most banks would fear. We’ll also show targeting techniques speci...

Jeff Waldron: VOIP Security Essentials

June 04, 2006 23:10 - 17 minutes - 47.1 KB Video

The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. The practical uses of VoIP will be discussed along with the advantages and disadvantages of VoIP technology as it is today. Key implementation issues will be addressed to ensure product selection for VoIP technology will integrate into the organization’s current infrastructure. The presentation will look at some of the latest VoIP security issues that have surfaced and the vendor/industry...

Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous

June 04, 2006 23:10 - 54 minutes - 127 KB Video

Imagine you’re visiting a popular website and invisible JavaScript exploit code steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005’s "Phishing with Superbait" presentation we demonstrated that all these things were in fact possible u...

Jeremy Rauch: PDB: The Protocol DeBugger

June 04, 2006 23:10 - 1 hour - 201 KB Video

It's late. You've been assigned the unenviable task of evaluating the security of this obtuse application suite. 2006! Why doesn't everything just use SSL as its transport? No time for excuses. Deadlines loom, and you need to figure this out. And when you do figure it out, write your own fuzzer client. This sucks. (pdb) module add MyAction pdb-ruby.so cifs-ruby.rb (pdb) rule add MyRule dst port 445 (pdb) rule action MyRule MyAction (pdb) rule list MyRule: dst port 445 Action 0: deb...

Jesse Burns: Fuzzing Selected Win32 Interprocess Communication Mechanisms

June 04, 2006 23:10 - 1 hour - 190 KB Video

This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a le...

Joanna Rutkowska: Rootkits vs Stealth by design Malware

June 04, 2006 23:10 - 1 hour - 191 KB Video

The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot. Next, the new technology for creating stealth malware, code-named Blue Pill, will be presented. Blue Pill utilizes the latest virtualization techn...

John Lambert: Security Engineering in Windows Vista

June 04, 2006 23:10 - 48 minutes - 106 KB Video

This presenation will offer a technical overview of the security engineering process behind Windows Vista. Windows Vista is the first end-to-end major OS release in the Trustworthy Computing era from Microsoft. Come see how we’ve listened to feedback from the security community and how we’ve changed how we engineer our products as a result. The talk covers how the Vista engineering process is different from Windows XP, details from the largest-commercial-pentest-in-the-world, and a sneak peek...

Johnny cache and David Maynor: Device Drivers

June 04, 2006 23:10 - 57 minutes - 162 KB Video

Application level security is getting better. Basic stack based string overflows have become rare, and even simple heap overflows are getting hard to find. Despite this fact there is still a huge avenue of exploitation that has not been tapped yet: device drivers. Although they don’t sound very interesting, they are full of simple security programming errors as they are often developed for performance and in tight time frames. The traditional thinking is that although the code is bad an attac...

Johnny Long: Death By 1000 cuts

June 04, 2006 23:10 - 1 hour - 169 KB Video

In this day and age, forensics evidence lurks everywhere. This talk takes attendees on a brisk walk through the modern technological landscape in search of hidden digital data. Some hiding places are more obvious than others, but far too many devices are overlooked in a modern forensics investigation. As we touch on each device, we'll talk about the possibilities for the forensic investigator, and take a surprising and fun look at the nooks and crannies of many devices considered commonplace ...

Johnny Long: Secrets of the Hollywood Hacker

June 04, 2006 23:10 - 1 hour - 158 KB Video

If you know good tech, you can smell bad tech from a mile away. Bad tech is the stuff that makes you laugh out loud in a theater when all the "normal" people around you thought something k-rad just happened. The stuff that makes real hackers cringe, furious that they missed their true calling: the cushy life of a Hollywood "technical consultant". Then again, maybe Hollywood got it right, and the hackers have it all confused. Judge for yourself as Johnny slings the code that quite possibly exp...

Jonathan Squire: $30, 30 Minutes, 30 Networks

June 04, 2006 23:10 - 17 minutes - 43.6 KB Video

Have you ever walked into your local Global Mega Super Tech Store and wondered how cheaply you could build a device that could play your digital music, display pictures, and listen to your neighbor's wireless network? Project Cowbird is part of an on-going research project to chart the various predators and prey within the information security landscape into a pseudo-ecology. Project Cowbird demonstrates the reuse of a $30 wireless media adapter as a kismet server. The small form fact...

Books