![Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts/v4/5b/34/82/5b34824d-3f83-d06a-6dc6-c0eb07490d7a/mza_5701237111312994466.jpg/100x100bb.jpg)
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
86 episodes - English - Latest episode: almost 18 years ago - ★★★★ - 4 ratingsPast speeches and talks from the Black Hat Briefings computer security conferences.
The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo
If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!;br>
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Kevin Mandia: The State of Incidence Response
June 04, 2006 23:10 - 1 hour - 198 KB VideoDuring the course of 2005 and 2006, we have responded to dozens of computer security incidents at some of America’s largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophist...
Kimber Spradin and Dale Brocklehurst: Auditing Data Access Without Bringing Your Database To Its Knees
June 04, 2006 23:10 - 1 hour - 189 KB VideoToday’s privacy requirements place significant additional auditing burdens on databases. First you have to know which databases in your environment contain regulated Personally Identifiable Information (PII) or Protected Health Information (PHI), then you have to monitor ALL activity surrounding that data-not just changes to it. In the world of databases, this means auditing all SELECT statements-something many native database auditing tools are not very good at. This presentation will demons...
Lukas Grunwald: "New Attack to RFID-Systems and their Middle ware and Backends"
June 04, 2006 23:10 - 40 minutes - 93.8 KB VideoThis talk provides an overview of new RFID technologies used for dual-interface cards (credit cards, ticketing and passports), and RFID tags with encryption and security features. Problems and attacks to these security features are discussed and attacks to these features are presented. After dealing with the tags, an overview to the rest of an RFID-implementation, middleware and backend database and the results of special attacks to this infrastructure are given. Is it possible that your cat...
Marco M. Morana: Building Security into the Software Life Cycle, a Business Case
June 04, 2006 23:10 - 24 minutes - 60.2 KB VideoThe times of designing security software as a matter of functional design are over. Positive security functional requirements do not make secure software. Think risk driven design, think like an attacker, think about negative scenarios during the early stages of the application development from misuse and abuse cases during inception, to threats, vulnerabilities and countermeasures during elaboration, secure coding during construction and secure testing and penetration testing during transiti...
Mariusz Burdach: Physical Memory Forensics
June 04, 2006 23:10 - 44 minutes - 131 KB VideoHistorically, only file systems were considered as locations where evidence could be found. But what about the volatile memory which contains a huge amount of useful information such as the content of clipboards or the SAM database? How long can volatile data stay in the main memory? What about anti-forensic methods of defeating disk forensic and incident response tools? Why is the content of the memory not dumped during the process of data collection from a suspicious computer? What is the b...
Melanie Rieback: RFID Malware Demystified
June 04, 2006 23:10 - 51 minutes - 113 KB VideoRadio Frequency Identification (RFID) malware, first introduced in my paper 'Is Your Cat Infected with a Computer Virus?', has raised a great deal of controversy since it was first presented at the IEEE PerCom conference on March 15, 2006. The subject received an avalanche of (often overzealous) press coverage, which triggered a flurry of both positive and negative reactions from the RFID industry and consumers. Happily, once people started seriously thinking about RFID security issues, the e...
Michael Sutton & Greg MacManus: Punk Ode - Hiding shellcode in plain sight
June 04, 2006 23:10 - 58 minutes - 170 KB VideoInjecting shellcode into a vulnerable program so you can find it reliably can be tricky. With image format vulnerabilities, sometimes the only place you can put your code is in the image itself. If a file attempting to exploit one of these vulnerabilities was rendered using a non-vulnerable application, the ‘strange’ files might raise some suspicion; a file containing a NOP-sled and shellcode does not tend to look like any normal photo. What if shellcode could be injected in this way without ...
Neal Krawetz (Dr): You are what you type: No classical computer forensics
June 04, 2006 23:10 - 47 minutes - 10.9 KBIn an online world, anonymity seems easy. Network addresses can be cloaked and files can be manipulated. People rapidly change virtual names, genders, and skills. But even with these precautions, anti-anonymity techniques can track people. Habitual patterns and learned skills are subtle, appearing in everything we type. This presentation discusses profiling methods for identifying online people and breaching anonymity. The topics covered include methods to identify skillsets, nationality, gen...
Nicolas Fischbach: Carrier VoIP Security
June 04, 2006 23:10 - 1 hour - 192 KB VideoVoIP, IMS, FMC, NGN, PacketCore, MPLS. Put those together and you are looking at the next security nightmare when it comes to Service Provider infrastructure security. Carriers are already moving away from basic data and VoIP services towards the Next Generation Network, where you have one Packet-based Core network which is going to carry "junk" Internet traffic, "secure" Multi-Protocol Label Switching VPNs, "QoS guaranteed" voice, etc. And soon, thanks to new handhelds you'll see more and mo...
Noel Anderson and Taroon Mandhana: WiFi in Windows Vista: A Peek Inside the Kimono
June 04, 2006 23:10 - 58 minutes - 142 KB VideoWindows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who live with a laptop in easy reach, it’s going to have an effect on our workday. For users there’s a new UI experience, helpful diagnostics and updated default behaviors. For IT pros who manage Windows clients, there’s improved management via Group Policy and Scripting. For sysadmins & geeks there’s a new command line interface. But behind these more obvious changes there’s a new software stack. A sta...
Ofir Arkin: Bypassing Network Access Control (NAC) Systems
June 04, 2006 23:10 - 51 minutes - 152 KB VideoThe threat of viruses, worms, information theft and lack of control of the IT infrastructure lead companies to implement security solutions to control the access to their internal IT networks. A new breed of software (Sygate, Microsoft, etc.) and hardware (Cisco, Vernier Networks, etc.) solutions from a variety of vendors has emerged recently. All are tasked with one goal - controlling the access to a network using different methods and solutions. This presentation will examine the diff...
Panel: Center for Democracy and Technology Anti-Spyware Coalition Public Forum on Corporate Spyware Threats
June 04, 2006 23:10 - 2 hours - 297 KB VideoThis session will examine the threat of spyware to corporations. What does the threat currently look like and how is it evolving? What market forces are at play? How big of a threat is spyware for corporations now and in five years? What countermeasures work now and in the future? How are regulators working to combat this threat?
Panel: Disclosure Discussion
June 04, 2006 23:10 - 1 hour - 158 KB VideoTechnology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree that working together rather than apart is the best way to secure our information. But how? This working group will bring all parties together in one room to address the issues and develop a beneficial working relationship extending beyond the conference.
Panel: Meet the Feds: OODA Loop and the Science of Security
June 04, 2006 23:10 - 48 minutes - 124 KB VideoThe OODA Loop theory was conceived by Col John Boyd, AF fighter pilot. He believed that a pilot in a lethal engagement that could Observe, Orient, Decide, and Act (OODA) before his adversary had a better chance to survive. He considered air combat an art rather than a science. John Boyd proved air combat could be codified; for every maneuver there is a series of counter maneuvers and there is a counter to every counter. Today, successful fighter pilots study every option open to their adversa...
Panel: The Jericho Forum and Challenge
June 04, 2006 23:10 - 2 hours - 351 KB VideoIn the first half of this session, Paul Simmonds will present on behalf of the Jericho Forum taking participants through the initial problem statement and what people need to go away and start implementing. Topics will include: 1. De-perimeterization - the business imperative 2. From protocols to accessing the web - the technical issues 3. What should be implemented today - current and near term solutions 4. Planning for tomorrow - future solutions and roadmap The secon...
Paul Böhm: Taming Bugs: The Art and Science of Writing Secure Code
June 04, 2006 23:10 - 1 hour - 192 KB VideoIf you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedStr...
Pete Finnigan: How to Unwrap Oracle PL/SQL
June 04, 2006 23:10 - 53 minutes - 152 KB VideoPL/SQL is the flagship language used inside the Oracle database for many years and through many versions to allow customers to implement their business rules and logic. Oracle has recognized that it is necessary for customers to protect their intellectual property coded in PL/SQL and has provided the wrap program. The wrapping mechanism has been cracked some years ago and there are unwrapping tools in the black hat community. Oracle has beefed up the wrapping mechanism in Oracle 10g to in par...
Peter Silberman: RAIDE: Rootkit Analysis Identification Elimination v 1.0
June 04, 2006 23:10 - 55 minutes - 130 KB VideoIn the past couple years there have been major advances in the field of rootkit technology, from Jamie Butler and Sherri Sparks' Shadow Walker, to FU. Rootkit technology is growing at an exponential rate and is becoming an everyday problem. Spyware and BotNets for example are using rootkits to hide their presence. During the same time, there have been few public advances in the rootkit detection field since the conception of VICE. The detection that is out there only meets half the need becau...
Philip Trainor: The statue of liberty: Utilizing Active Honeypots for hosting potentially malicious Events.
June 04, 2006 23:10 - 21 minutes - 51.1 KB VideoThe premise of the demonstration is there are no secure systems. Traffic that may have malicious intent, but has not yet caused problems in any published occurrences, may reach protected services and clients after passing through edge equipment and inline IPS devices. This traffic should be sent to closely-monitored virtual machines hosting mirrors of the real services that are segregated from the primary services on the network. These virtual hosts will be the service utilized by certain typ...
Renaud BIDOU: IPS Short comings
June 04, 2006 23:10 - 1 hour - 161 KB VideoTechnologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and that 100% security is not realistic. Therefore the real need when deploying a new security device is to know its limits. IPS are part of those new technologies. They are oversold by marketing speeches and promises of an absolute security. Guess what? This is not exactly the truth.... The purpose of this speech is not to discredit IPS but to ...
Robert Auger and Caleb Sima: Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
June 04, 2006 23:10 - 43 minutes - 98.3 KB VideoThis presentation will discuss the use of RSS and Atom feeds as method of delivering exploits to client systems. In our research we have found a number of RSS clients, both local and web-based, that are far too trusting of the content that is delivered via feeds. Although this content arrives as well-formed XML, fundamentally it originated as user input elsewhere. Like any such data, it can contain malicious and mal-formed content, yet many clients fail to guard against this. And though such ...
Rob Franco: Case Study: The Secure Development Lifecycle and Internet Explorer 7
June 04, 2006 23:10 - 45 minutes - 108 KB VideoTony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will detail key vulnerabilities and attacks this methodology revealed as well as how the new version of IE will mitigate those threats with unique features such as the Phishing Filter and Protected Mode. Rob Franco lives to make browsing safer for internet users. Rob led Security improvements in Internet Explorer for Windows Server 2003, Windows XP S...
Saumil Udayan Shah: Writing Metasploit Plugins - from Vulnerability to Exploit
June 04, 2006 23:10 - 1 hour - 190 KB VideoThis talk shall focus on exploit development from vulnerabilities. We have seen many postings on security forums which vaguely describe a vulnerability, or sometimes provide a "proof-of-concept" exploit. The Metasploit Framework is a powerful tool to assist in the process of vulnerability testing and exploit development. The framework can also be used as an engine to run exploits, with different payloads and post-exploitation mechanisms. In this talk, we shall look at how we can constru...
Scott Stender: Attacking Internationialized software
June 04, 2006 23:10 - 50 minutes - 140 KB VideoEvery application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation. Some software developers understand that interpreting data is an incredibly difficult task and implement their systems appropriately. The rest write, at...
SensePost: A Tale of Two Proxies
June 04, 2006 23:10 - 40 minutes - 112 KB VideoDuring this presentation SensePost will discuss and demonstrate two pieces of new technology - the Suru WebProxy and the SP_LR Generic network proxy. The Suru web proxy is an inline web proxy (the likes of Paros, @stake webproxy and Webscarab) and offers the analyst unparalleled functionality. Are the days of the web proxy counted? Is there really room for another web proxy? Come to their presentation and see what happened when the guys at SensePost decided to develop a proxy with punch. ...
Shawn Embleton, Sherri Sparks & Ryan Cunningham: "Sidewinder": An Evolutionary Guidance System for Malicious Input Crafting
June 04, 2006 23:10 - 1 hour - 216 KB VideoBlack box testing techniques like fuzzing and fault injection are responsible for discovering a large percentage of reported software vulnerabilities. These techniques typically operate by injecting random or semi random input into a program and then monitoring its output for unexpected behavior. While their high potential for automation makes them desirable, they frequently suffer from a lack of "intelligence". That is, the random nature of input space exploration makes the probability of di...
Shawn Moyer: Defending Black Box Web Applications: Building an Open Source Web Security Gateway
June 04, 2006 23:10 - 24 minutes - 60.7 KB VideoWeb apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an option, especially for closed-source, black-box web apps or apps hosted on servers that you can't harden directly. If you have an app in your data center that your CIO thinks is the greatest thing since Microsoft Golf, but is really the HTTP equivalent of a big flashing "own me" sign, this talk is for you. We'll walk through the process of ...
Stefan Frei and Dr. Martin May: The Speed of (In)security: Analysis of the Speed of Security vs. Insecurity
June 04, 2006 23:10 - 21 minutes - 55.7 KB VideoTo be able to defend against IT security attacks, one has to understand the attack patterns and henceforth the vulnerabilities of the attached devices. But, for an in-depth risk analysis, pure technical knowledge of the properties of a vulnerability is not sufficient: one has to understand how vulnerabilities, exploitation, remediation, and distribution of information thereof is handled by the industry and the networking community. In the research, we examined how vulnerabilities are handl...
Stephano Zanero: Host Based Anomaly Detection on System calls arguments
June 04, 2006 23:10 - 1 hour - 182 KB VideoTraditionally, host-based anomaly detection has dealt with system call sequences, but not with system call arguments. We propose a prototype which is capable of detecting anomalous system calls in an execution flow, thus helping in tracing intrusions. Our tool analyzes each argument of the system call, characterizing its contents and comparing it with a model of the content. It is able to cluster system calls and detect "different uses" of the same syscall in different points of different pro...
Tod Beardsley: Investigating Evil Websites with Monkeyspaw: The Greasemonkey Security Professional's Automated Webthinger
June 04, 2006 23:10 - 21 minutes - 156 KB VideoMonkeyspaw is a unified, single-interface set of security-related website evaluation tools. Implemented in Greasemonkey, its purpose is to automate several common tasks employed during the early steps of an incident investigation involving client-side exploits. More generally, Monkeyspaw is also intended to demonstrate some of the more interesting data correlation capabilities of Greasemonkey. Hopefully, its release will encourage more security application development in this easy to use, ...
Tom Brosch and Maik Morgenstern: Runtime Packers: The Hidden Problem?
June 04, 2006 23:10 - 20 minutes - 50.8 KB VideoRuntime packers are a widely-used technique in malware today. Virtually every Win32 malware added to the WildList as well as ad- and spyware is packed with one or another runtime packer. Not only can they turn older malware into new threats again, but they might also prevent AV vendors from using more generic approaches and therefore requiring more work, which possibly generates more errors or broken updates, unless the product is able to handle all the different runtime packers out there. ...
Tom Gallagher: Finding and Preventing Cross-Site Request Forgery
June 04, 2006 23:10 - 20 minutes - 50.5 KB VideoThere is an often overlooked security design flaw in many web applications today. Web applications often take user input through HTML forms. When privileged operations are performed, the server verifies the request is from an authorized user. Cross-Site Request Forgery Attacks allow an attacker to coerce an authorized user to request privileged operations of the attacker’s choice. Learn about this attack, how you can quickly identify these bugs in web applications, common techniques programme...
Tom Ptacek and Dave Goldsmith: Do Enterprise Management Applications Dream of Electric Sheep?
June 04, 2006 23:10 - 59 minutes - 159 KB VideoThomas Ptacek and Dave Goldsmith present the results of Matasano Security's research into the resilience of Enterprise Agents: the most dangerous programs you've never heard of, responsible for over $2B a year in product revenue, running on the most critical enterprise servers from app servers to mainframes. WHY THIS TALK? 1. Enterprise Agents are their own worms, preinstalled for the convenience of attackers. We found critical, show-stopping vulnerabilities in every system we looked...
William B Kimball: Code Integration-Based Vulnerability Auditing
June 04, 2006 23:10 - 15 minutes - 40.4 KB VideoThere is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. The tools and techniques used to automate searching for these vulnerabilities are either incomplete or non-existent. Fuzz-testing is a common technique used in the discovery process but does not provide a complete analysis of all the vulnerabilities which may exist. Other techniques, such as API hooking, are used to monitor insecure imported functions while leaving inlined functions ...
Yuan Fan and Xiao Rong: MatriXay-When Web App & Database Security Pen-Test/Audit Is a Joy
June 04, 2006 23:10 - 21 minutes - 59.6 KB VideoThis topic will present a new web-app/DB pen-test tool. This tool supports both proxy (passive) mode as well as direct URL targeting. It is a mixed Web App SQL Injection systematic pen-test and WebApp/Database scanner/auditing-style tool and supports most popular databases used by web applications such as Oracle, SQL Server, Access and DB2. It has many unique features from web app backend Database automatic detection to the ability to browse database objects (without the need to ask for a pas...
Zvi Gutterman: Open to Attack; Vulnerabilities of the Linux Random Number Generator
June 04, 2006 23:10 - 58 minutes - 185 KB VideoLinux® is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly d...