![Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference. artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts/v4/d0/5c/ca/d05ccac3-ae40-4ca3-071e-3d023fdbec84/mza_6447887925402317768.jpg/100x100bb.jpg)
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
89 episodes - English - Latest episode: over 16 years ago - ★★★★★ - 1 ratingPast speeches and talks from the Black Hat Briefings computer security conferences.
The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier.
A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
December 11, 2007 22:53 - 1 hour - 16.9 KBIn this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what f...
HD Moore & Valsmith: Tactical Exploitation-Part 2
December 11, 2007 21:59 - 1 hour - 16.6 KBPenetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework. REVIEWER NOTES: This is a monstrous presentation and will absolutely requir...
Alfredo Ortega: OpenBSD Remote Exploit
January 09, 2006 23:10 - 56 minutes - 12.9 KBOpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the OS and installs a user-mode process. Several other possible techniques of exploitation are described.
Andrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation.
January 09, 2006 23:10 - 1 hour - 15.3 KBRDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems. All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course. The system is increasingly being used around Europe and North America. The audience will be introduced to RD...
Ariel Waissbein: Timing attacks for recovering private entries from database engines
January 09, 2006 23:10 - 1 hour - 14.2 KBDynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for example, they may allow to add data in a column of the database but not to view the complete contents of this column. We will describe a new techn...
Barrie Dempster: VOIP Security
January 09, 2006 23:10 - 44 minutes - 10.2 KBAs VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issues underwent a thorough security review. This presentation will discuss the current issues in VoIP security, explain why the current focus is slightly wrong, then detail how to effectively test the security of VoIP products and services. With examples of real life vulnerabilities found, how to find ...
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript
January 09, 2006 23:10 - 1 hour - 13.8 KBThe web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular JavaScript. The web experience now depends more than ever on the ability of the browser to dynamically interpret JavaScript on the client. The a...
Billy Hoffman & John Terrill: The little Hybrid web worm that could
January 09, 2006 23:10 - 1 hour - 16.9 KBThe past year has seen several web worms attacks against various online applications. While these worms have gotten more sophisticated and made use of additional technologies like Flash and media formats, they all have some basic limitations such as infecting new domains and injection methods. These worms are fairly easily detected using signatures and these limitations have made web worms annoying, but ultimately controllable. Often the source website simply fixes a single flaw and the worm ...
Brad Hill: Attacking Web Service Securty: Message....
January 09, 2006 23:10 - 1 hour - 16.3 KBWeb Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format. This presentation will take a critical look at the technologies used to secure these systems and the emerging attention to "message-oriented" security. How do WS-Security, XML Digital Signatures and XML Encryption measure up? The first half of the talk will take a strategic view of message-orient...
Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization
January 09, 2006 23:10 - 59 minutes - 13.5 KBVirtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment considerations. Aspects of virtualization security related to hardware functions will also be explored.
Brian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat
January 09, 2006 23:10 - 57 minutes - 13.2 KBGet ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battle. The guest panel will judge the tools created and used to determine which who's hack-fu will be victorious and who will be vanquished. Remember...
Bruce Schneier: KEYNOTE: The Psychology of Security
January 09, 2006 23:10 - 49 minutes - 11.3 KBSecurity is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why so many smart security solutions go unimplemented. Two different fieldsbehavioral economics and the psychology of decision makingshed light on how w...
Bryan Sullivan: Premature Ajax-ulation
January 09, 2006 23:10 - 1 hour - 15 KBThe vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened against attack, something more sophisticated is required. Evolutionary algorithms can be used to gain the benefits of both approaches: tests that are b...
Charlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X
January 09, 2006 23:10 - 25 minutes - 5.81 KBAccording to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the number of announced vulnerabilities on Mac OS X low is that not many researchers are interested in exploring this operating system due to low market ...
Chris Paget: RFID for Beginners++
January 09, 2006 23:10 - 26 minutes - 6.15 KBBlack Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. After spending far too much time and money dealing with lawyers and consulting with some strategic allies, IOActive has made some relatively minor twea...
Chris Palmer: Breaking Forensics Software: Weaknesses in Critical Evidence Collectio
January 09, 2006 23:10 - 1 hour - 16.4 KBcross the world law enforcement, enterprises and national security apparatus utilize a small but important set of software tools to perform data recovery and investigations. These tools are expected to perform a large range of dangerous functions, such as parsing dozens of different file systems, email databases and dense binary file formats. Although the software we tested is considered a critical part of the investigatory cycle in the criminal and civil legal worlds, our te...
Chris Wysopal & Chris Eng: Static Detection of Application Backdoors
January 09, 2006 23:10 - 1 hour - 16.3 KBBackdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to. And what about your developer tool chain? Ken Thompson in "Reflections on Trusting Trust" showed your compiler can't be trusted. What about your ...
Cody Pierce: PyEmu: A multi-purpose scriptable x86 emulator
January 09, 2006 23:10 - 1 hour - 14.1 KBProcessor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presentation I address these issues and provide a solution in the form of a scriptable multi-purpose x86 emulator written in Python. The concept was to allow a security researcher the ability to quickly integrate an emulator into their work flow and custom tools. Python was chosen as the development languag...
Damiano Bolzoni & Emmanuel Zambon: Sphinx: an anomaly-based Web Intrusion Detection System
January 09, 2006 23:10 - 1 hour - 14.6 KBWe present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of eac...
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web
January 09, 2006 23:10 - 55 minutes - 12.7 KBDesign bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks With Nothing But A Lured Web Browser. Part of the design of the web is that browsers are able to collect and render resources across security bounda...
Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques
January 09, 2006 23:10 - 48 minutes - 11.1 KBSoftware armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron is based upon dynamic instrumentation techniques as well as a newly developed page fault assisted debugger. We show that the combination of these tw...
Dave G & Jeremy Rauch: Hacking Capitalism
January 09, 2006 23:10 - 20 minutes - 4.63 KBThe financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a fixed timeframe. Unlike the protocols that comprise the internet as a whole, these haven't been scrutinized to death for security flaws. They're wr...
David Byrne: Intranet Invasion With Anti-DNS Pinning
January 09, 2006 23:10 - 53 minutes - 12.4 KBCross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of anti-DNS pinning techniques. A victim web browser will be used to execute arbitrary, interactive HTTP requests to any server, completely bypassing pe...
David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget
January 09, 2006 23:10 - 1 hour - 15.6 KBSoftware companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business drivers behind them. Some organizations struggle to deal with this trend to try to protect their products and customers. Other organizations have no...
David Leblanc: Practical Sandboxing: Techniques for Isolating Processes
January 09, 2006 23:10 - 24 minutes - 5.53 KBThe sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.
David Litchfield: Database Forensics
January 09, 2006 23:10 - 1 hour - 14.6 KBSince the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were 335 publicized breaches in the U.S.; in 2005 there were 116 publicized breaches; between 1st January and March 31st of 2007, a 90 day period, ...
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .
January 09, 2006 23:10 - 50 minutes - 11.6 KBSecurity is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to find new and interesting shortcuts to a quick payoff with minimal effort. Or, they look at a protocol designed by committee and fin...
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online
January 09, 2006 23:10 - 1 hour - 14.3 KBOur right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this presentation we describe some concrete dangers that arise out of this situation and show that the uncomfortable feeling we have when our privacy is com...
Dr. Neal Krawetz: A Picture's Worth...
January 09, 2006 23:10 - 48 minutes - 11.2 KBDigital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it computer generated or modified? In a world where pictures are more influencial than words, being able to distinguish fact from fiction in a systematic way...
Dror-John Roecher: NACATTACK
January 09, 2006 23:10 - 1 hour - 16.1 KBThe last two years have seen a big new marketing-buzz named "Admission Control" or "Endpoint Compliance Enforcement" and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: "Cisco Network Admission Control". NAC is a pivotal part of Cisco?s "Self Defending Network" strategy and supported on the complete range of Cisco network- and security-product...
Eric Monti & Dan Moniz: Defeating Extrusion Detection
January 09, 2006 23:10 - 1 hour - 19.2 KBTodays headlines are rife with high profile information leakage cases affecting major corporations and government institutions. Most of the highest-profile leakage news has about been stolen laptops (VA, CPS), or large-scale external compromises of customer databases (TJX). On a less covered, but much more commonplace basis, sensitive financial data, company secrets, and customer information move in and out of networks and on and off of company systems all the time. Where...
Eric Schmeidl & Mike Spindel: Strengths and Weaknesses of Access Control Systems
January 09, 2006 23:10 - 55 minutes - 12.8 KBAccess control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available?card readers, biometrics, or even posting a guard to check IDs?each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. We provide a comprehensive overview of 20 different access control technologies that focuses on weaknesses (particularly little known or not-yet public a...
Ero Carerra: Reverse Engineering Automation with Python
January 09, 2006 23:10 - 24 minutes - 5.63 KBInstead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security, home of BinDiff and BinNavi. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse e...
Eugene Tsyrklevich: OpenID: Single Sign-On for the Internet
January 09, 2006 23:10 - 58 minutes - 13.3 KBTired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenID - a new decentralized Single Sign-On system for the web. OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL acting as a provider. In addition, integrated OpenID support has been made a mandatory priority in Firefox 3 and Microsoft is working on implement...
Ezequiel D. Gutesman & Ariel Waissbein: A dynamic technique for enhancing the security and privacy of web applications
January 09, 2006 23:10 - 53 minutes - 12.3 KBSeveral protection techniques based on run-time taint analysis have been proposed within the last 3 years. Some of them provide full-automated protection for existing web applications, others require human interaction, and yet others require source code modification and/or special tunning. We briefly discuss advantages and disadvantages of these approaches. Next, we introduce a new technique which permits to efficiently identify and block several attack vectors on the fly by augmenting the we...
Greg Hoglund: Active Reversing: The Next Generation of Reverse Engineering
January 09, 2006 23:10 - 1 hour - 15.2 KBMost people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, as a machine, can be understood by active observation, as opposed to static decompilation and prediction. In other words, you can reverse engineer ...
Greg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007
January 09, 2006 23:10 - 18 minutes - 4.18 KBGreg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapt...
Haroon Meer & Marco Slaviero: It's all about the timing
January 09, 2006 23:10 - 1 hour - 16.8 KBIt's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are still very much alive and kicking on the Internet and fairly prevalent in web applications (if only we were looking for them). The talk will cove...
HD Moore & Valsmith: Tactical Exploitation-Part 1
January 09, 2006 23:10 - 58 minutes - 13.4 KBPenetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework. REVIEWER NOTES: This is a monstrous presentation and will absolutely requir...
Iain Mcdonald: Longhorn Server Foundation & Server Roles
January 09, 2006 23:10 - 27 minutes - 6.36 KBIain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web Server, Read Only Domain Controller, etc.
Jamie Butler & Kris Kendall: Blackout: What Really Happened...
January 09, 2006 23:10 - 1 hour - 16.2 KBMalicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has over those tools by hiding in certain locations. This session provides a detailed exploration of code injection attacks and novel ...
Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
January 09, 2006 23:10 - 40 minutes - 9.21 KBRuntime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing is more effective at finding bugs than RFC compliant or capture-replay mutation black-box tools. This research is focused on building a better/new...
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
January 09, 2006 23:10 - 10 minutes - 2.42 KBIn the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in ...
Jennifer Granick: Disclosure and Intellectual Property Law: Case Studies
January 09, 2006 23:10 - 1 hour - 16.9 KBThe simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against Michael Lynn (from Black Hat 2005) and HID's cease and desist letter to IOActive (from Black Hat 2006) to discuss major intellectual property la...
Jeremiah Grossman & Robert Hansen: Hacking Intranet Websites from the Outside (Take 2) - "Fun with and without JavaScript malware
January 09, 2006 23:10 - 54 minutes - 12.5 KBAttacks always get better, never worse. The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF), coupled with JavaScript malware payloads, exploded in 2006. Intranet Hacking from the Outside, Browser Port Scanning, Browser History Stealing, Blind Web Server Fingerprinting, and dozens of other bleeding-edge attack techniques blew away our assumptions that perimeter firewalls, encryption, A/V, and multi-actor authentication can protect w...
Jerry Schneider: Reflection DNS Poisoning
January 09, 2006 23:10 - 19 minutes - 4.45 KBTargeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are affected that detection is rapid... There is one approach to DNS cache poisoning that can control the attack surface and is particularly effecti...
Jim Christy: Meet the Feds
January 09, 2006 23:10 - 1 hour - 17 KBDiscussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime investigations and the critical role law enforcement plays in a Network Centric Warfare environment. The accreditation process for a...
Jim Hoagland: Vista Network Attack Surface Analysis and Teredo Security Implications
January 09, 2006 23:10 - 54 minutes - 12.6 KBThis talk will present the results of a broad analysis performed on the network-facing components of the release (RTM) version of Microsoft Windows Vista, as well as the results of study of the security implications of the related Teredo protocol. Windows Vista features a rewritten network stack, which introduces a number of core behavior changes. New protocols include IPv6 and related protocols, LLTD, LLMNR, SMB2, PNRP, PNM, and WSD. One of the IPv4-IPv6 transition mechanisms provided by Vis...
Joanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone?
January 09, 2006 23:10 - 1 hour - 17.4 KBWe will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal firewalls on Vista systems. A significant amount of time will be devoted to presenting new details about virtualization-based malware. This will inc...
Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems
January 09, 2006 23:10 - 1 hour - 18.2 KBFor 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on embedded systems. These systems have their own specific need for security. This need can vary significantly between systems and in addition a much ...