Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

Informações:

Sinopsis

Past speeches and talks from the Black Hat Briefings computer security conferences.The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace.A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.htmlBlack Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and TokyoVideo, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 cbr 64k audio format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2005 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!

Episodios

  • Yuan Fan: Advance SQL Injection Detection by Join Force of Database Auditing and Anomaly Intrusion Detection

    04/06/2006 Duración: 20min

    This topic will present the proposal/idea/work from the author's master graduate project about effective detection of SQL Injection exploits while lowering the number of false positives. It gives detail analysis example of how database auditing could help this case, and also presents the challenge with anomaly detection for this attack and how the author tried to solve them. Finally a correlation between the two will be presented. Yuan Fan, CISSP, has worked in the network security area for more than 7 years. He currently works for ArcSight as a Software Engineer. He holds a Master of Computer Engineering degree from San Jose State University. The tool he is writing for master graduate research project related to this topic is a Java-based, multilayer anomaly intrusion detection system.

  • Arian J. Evans and Daniel Thompson: Building Self-Defending Web Applications: Secrets of Session Hacking and Protecting Software Sessions

    04/06/2006 Duración: 21min

    Web applications are constantly under attack, and must defend themselves. Sadly, today, most cannot. There are several key elements to building self-defending software but only a few are focused on today, including input validation, output encoding, and error handling. Strong Session Handing and effective Authorization mechanisms are almost completely ignored in web application software development. Many of the threats are well known, but the techniques for building applications that can defend themselves against the known threat landscape are still ignored due to lack of documentation, lack of sample code, and lack of awareness of the threats and attack methods. This ignorance is dangerous; The landscape has changed. In April 2005 alone, zero-day scripted session attacks were discovered in the wild for eBay and other high-profile web applications that you use. Session and Authorization attacks are real, mature, and increasing in frequency of use in the wild. They are also misunderstood or ignored by

  • Himanshu Dwivedi: iSCSI Security (Insecure SCSI)

    04/06/2006 Duración: 01h11min

    Himanshu Dwivedi's presentation will discuss the severe security issues that exist in the default implementations of iSCSI storage networks/products. The presentation will cover iSCSI storage as it pertains to the basic principals of security, including enumeration, authentication, authorization, and availability. The presentation will contain a short overview of iSCSI for security architects and basic security principals for storage administrators. The presentation will continue into a deep discussion of iSCSI attacks that are capable of compromising large volumes of data from iSCSI storage products/networks. The iSCSI attacks section will also show how simple attacks can make the storage network unavailable, creating a devastating problem for networks, servers, and applications. The presenter will also follow-up each discussion of iSCSI attacks with a demonstration of large data compromise. iSCSI attacks will show how a large volume of data can be compromised or simply made unavailable for long periods of

  • Bryan Cunningham and C. Forrest Morgan: U.S National Security, Individual and Corporate Information Security, and Information Security Providers

    04/06/2006 Duración: 01h30min

    This presentation, by a former Deputy Legal Adviser to the White House National Security Council, and author of a chapter on legal issues in the forthcoming "Case Studies for Implementing the NSA IEM," will provide information security consultants and information technology providers alike with insights into: how emerging United States national security and cybersecurity policies and initiatives could impact the work of consultants and technology providers; emerging standards of potential legal and regulatory liability for such consultants and providers; and strategies for mitigating risk and protecting proprietary and vulnerabilities information. Bryan Cunningham has extensive experience as a cybersecurity and intelligence expert, both in senior U.S. Government posts and the private sector. Cunningham, now a corporate information and homeland security consultant and principal at the Denver law firm of Morgan and Cunningham LLC, most recently served as Deputy Legal Adviser to National Security Advisor Condo

  • Greg Conti: Beyond Ethereal: Crafting A Tivo for Security Datastreams

    04/06/2006 Duración: 01h10min

    Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window of 30-40 packets that is insufficient when dealing with network datasets that could be on the order of millions of packets. In addition, it only displays traffic from packet captures and lacks the ability to incorporate and correlate other security related datastreams. In an attempt to break from this paradigm, we will explore conceptual, system design and implementation techniques to help you build better security analysis tools. By applying advanced information visualization and interaction techniques such as dynamic queries, interactive encoding, semantic zooming, n-gram analysis and rainfall visualization you will gain far more insight into your data, far more quickly than with today's best tools. We will discuss lessons learned from the implementation of a security PVR (a prototype will be released) and explore additional topics such as using visual techniques to navigate and semantically encode small and large binary obje

  • Tyler Close: Shatter-proofing Windows

    04/06/2006 Duración: 26min

    The Shatter attack uses the Windows API to subvert processes running with greater privilege than the attack code. The author of the Shatter code has made strong claims about the difficulty of fixing the underlying problem, while Microsoft has, with one exception, claimed that the attack isn't a problem at all. Whether or not Shatter is indeed an exploit worth worrying about, it uses a feature of Windows that has other malicious uses, such as keystroke logging. This talk presents a means of defeating this entire family of attacks with minimal breaking of applications and effect on the look and feel of the user interface. Tyler Close is a researcher and developer, working in the field of secure, multi-user, distributed applications since 1998. He is the designer of the web-calculus, a messaging model for creating POLA interfaces between heterogeneous applications. He is a developer for an ongoing series of applications in the POLA genre, including: Waterken Server, for web-services; petname tool, anti-phishing

  • Ian Clarke and Oskar Sandberg: Routing in the Dark: Scalable Searches in Dark P2P Networks.

    04/06/2006 Duración: 01h44s

    It has become apparent that the greatest threat toward the survival of peer to peer, and especially file sharing, networks is the openness of the peers themselves towards strangers. So called "darknets"-encrypted networks where peers connect directly only to trusted friends-have been suggested as a solution to this. Some, small-scale darknet implementations such a Nullsofts WASTE have already been deployed, but these share the problem that peers can only communicate within a small neighborhood. Utilizing the small world theory of Watts and Strogatz, Jon Kleinbergs algorithmic observations, and our own experience from working with the anonymous distributed data network Freenet, we explore methods of using the dynamics of social networks to find scalable ways of searching and routing in a darknet. We discuss how the results indicating the human relationships really form a "small world", allow for ways of restoring to the darknet the characteristics necessary for efficient routing. We illustrate our methods wit

  • Robert W. Clark: Legal Aspects of Computer Network Defense-A Government Perspective and A Year in Review Important Precedents in Computer and Internet Security Law 2004 - 2005

    04/06/2006 Duración: 01h15min

    This presentation looks at computer network defense and the legal cases of the last year that affect internet and computer security. This presentation clearly and simply explains (in non-legal terms) the legal foundations available to service providers to defend their networks. Quickly tracing the legal origins from early property common-law doctrine into today's statutes and then moving into recent court cases and battles. This presentation will quickly become an open forum for questions and debate. Major Robert Clark is the Command Judge Advocate for the Army', 1st Information Operations Command. As the sole legal advisor, his primary duty is to advise the Army's Computer Network Operations Division on all aspect of computer operations and security. This role has him consulting with the DoD Office of General Counsel, NSA, and DoJ Computer Crime and Intellectual Property Section. He lectures at the Army',s Intelligence Law Conference and at the DoD's Cybercrimes Conference.

  • Jim Christy: The Defense Cyber Crime Center

    04/06/2006 Duración: 01h04min

    This talk will cover the Defense Cyber Crime Center (DC3), our mission and capabilities. The DC3 is one-stop shopping for cyber crime related support. We have approximately 160 people assigned in 3 main organizations: * The Defense Computer Forensics Lab - probably the largest digital forensics lab in the world and the leader in handling large datasets. One case averages 75 terabytes. * The Defense Computer Investigations Training Program - the most high-tech classrooms in the world, training all of the DoD criminal and counterintelligence agents on the techniques to investigate cyber crime. FBI, Secret Service and Department of State, Diplomatic Security Service actually buy our courses for their agents due to the quality. * The Defense Cyber Crime Institute - my organization, responsible for research and development of new digital forensics tools as well as the validation, test and evaluation of these tools. Since crime labs now are moving to accreditation so that their evidence will be admis

  • Tzi-cker Chiueh: Checking Array Bound Violation Using Segmentation Hardware

    04/06/2006 Duración: 01h02min

    The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach called CASH to the array bound checking problem that exploits the segmentation feature in the virtual memory hardware of the X86 architecture. The CASH approach allocates a separate segment to each static array or dynamically allocated buffer, and generates the instructions for array references in such a way that the segment limit check in X86's virtual memory protection mechanism performs the necessary array bound checking for free. In those cases that hardware bound checking is not possible, it falls back to softwar

  • Cesar Cerrudo:Demystifying MS SQL Server and Oracle Database Server Security

    04/06/2006 Duración: 21min

    Databases are where your most valuable data rest, when you use a database server you implicitly trust the vendor, because you think you bought a good and secure product. This presentation will compare MS SQL Server and Oracle Database Server from security standpoint, comparison will include product quality, holes, patches, etc. This presentation will also show how both vendors manage security issues and how they have evolved over time. The main goal of this presentation is to kill the myths surrounding both products and let people know the truth about how secure these products are. Cesar Cerrudo is a security researcher specialized in application security. Cesar is running his own company, Argeniss. Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has autho

  • Kevin Cardwell:Toolkits: All-in-One Approach to Security

    04/06/2006 Duración: 23min

    This talk will be on using toolkits for your pen-testing, vulnerability assessment etc. Configuring a plethora of the different tools out there can be quite time consuming, and challenging. The focus of this talk will be to look at an alternative solution that provides a suite of tools at boot. Until recently there was not very many toolkits, and the ones that were there did not work very well, that has changed and in this talk I will discuss the toolkits available, and demo one of the better ones. The toolkits that will be reviewed will all be open source, and free, there are commercial solutions available, but why pay when the free ones are more than adequate. Kevin Cardwell spent 22 years in the U.S. Navy, starting off in Sound Navigation and Ranging (SONAR). He began programming in 1987. He was fortunate enough to get on the Testing Team and got to test and evaluate Surveillance and Weapon system software including; Remote Mine-Hunting System, Multi-System Torpedo Recognition Alert Processor (MSTRAP), Ad

  • Adam Boileau: Trust Transience: Post Intrusion SSH Hijacking

    04/06/2006 Duración: 59min

    Trust Transience: Post Intrusion SSH Hijacking explores the issues of transient trust relationships between hosts, and how to exploit them. Applying technique from anti-forensics, linux VXers, and some good-ole-fashioned blackhat creativity, a concrete example is presented in the form of a post-intrusion transparent SSH connection hijacker. The presentation covers the theory, a real world demonstration, the implementation of the SSH Hijacker with special reference to defeating forensic analysis, and everything you'll need to go home and hijack yourself some action. Adam Boileau is a deathmetal listening linux hippy from New Zealand. When not furiously playing air-guitar, he works for linux integrator and managed security vendor Asterisk in Auckland, New Zealand. Previous work has placed him in ISP security, network engineering, linux systems programming, corporate whore security consultancy and a brief stint at the helm of a mighty installation of solaris tar. Amongst his preoccupations at the moment are the

  • Renaud Bidou: A Dirty BlackMail DoS Story

    04/06/2006 Duración: 16min

    This is a real story of modern extortion in a cyberworld. Bots have replaced dynamite and you don't buy "protection" to prevent your shop from going in flames; you buy "consulting" to prevent your IT from beeing DoSed. From the first limited synflood to the conclusion, we will review those crazy 48 hours that end up in a one to one digital fight. We will see in depth which attacks and mitigation techniques where involved and how they both evolved quickly in complexity and intensity. As a conclusion we will see which were the major weaknesses, found either in the network architecture, the security perimeter and the target application, and how it would have been possible to prevent such attack, limit its impact... and save money. Renaud Bidou has been working in the field of IT security for about 10 years. He first performed consulting missions for telcos, pen-tests and post-mortem audits, and designed several security architectures. In 2000 he built the first operational Security Operation Center in France wh

  • Bruce Potter and Beetle: Rogue Squadron: Evil Twins, 802.11intel, Radical RADIUS, and Wireless Weaponry for Windows

    04/06/2006 Duración: 01h06s

    At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the Shmoo Group. Two years later, "Evil Twin" access points have made it to Slashdot and news.google.com. Who would have thought TSG could get away with the easy rogue AP attacks for so long? Note to Shmoo: Next time, put the word "evil" in the title of your presentation for mass appeal and acceptance. Oh, rock on--it WORKED! Wireless n00b? No problem0. This talk starts off with the basics. Wireless insecurity basics. Rogue AP basics. How your wireless users are basically screwed. Etc. If you read about "Evil Twin" access points earlier this year, you will actually see how easy it is to build your own. However, this talk quickly moves on to more advanced attacks and trickery with rogue APs, including: gathering intel beyond usernames / passwords, getting around WEP and WPA-PSK protected networks, integrating RADIUS with your rogue AP, abusing vulnerable EAPs, rogue AP backend bridging, and real-time abuse of two-factor authent

  • Darrin Barrall:Shakespearean Shellcode

    04/06/2006 Duración: 16min

    This discussion will cover the theoretical background of using ordinary, readable text to conceal an exploit payload's true content, ending with a practical application of the discussed technique. Encoding a payload as plain text is useful in cases where input filtering eliminates many of most useful values that make up a payload. In particular, Unicode based systems place numerous constraints on acceptable character values, making it worthwhile to create a simple decoder function to decode far more complex shellcode data. The technique is also useful where content filtering is used, the small amount of unusual text making up the decoder could be outweighed by a large amount of grammatically correct text. Darrin Barrall has a varied background in both hardware and software. While working in the hardware world, Darrin repaired electronics in devices ranging from televisions to sports arena lighting systems. After transitioning to the software world, his talents further diversified into banking applications, a

  • Darrin Barrall and David Dewey: Plug and Root, the USB Key to the Kingdom

    04/06/2006 Duración: 31min

    USB peripheral devices are made by reputable manufacturers and will not misbehave by attacking the host system's operating system. This device is not one of those. This discussion will cover the creation of a USB meta-device, the discovery and exploitation of flaws in operating system device drivers. In a nutshell, plug this device into an otherwise locked system and it will automatically take control of the system. Darrin Barrall has a varied background in both hardware and software. While working in the hardware world, Darrin repaired electronics in devices ranging from televisions to sports arena lighting systems. After transitioning to the software world, his talents further diversified into banking applications, and recently into buffer overflows. Darrin is currently a RandD coder for the SPI Labs group at SPI Dynamics where he specializes in breaking things. David Dewey is a security engineer for SPI Dynamics. David came to SPI Dynamics with five years of information security experience ranging from f

  • Ofir Arkin: A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control

    04/06/2006 Duración: 01h12min

    An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical for managing and securing IT assets and resources. Unfortunately, the current available network discovery technologies (active network discovery and passive network discovery) suffer from numerous technological weaknesses which prevent them from providing with complete and accurate information about an enterprise IT infrastructure. Their ability to keep track of changes is unsatisfactory at best. The inability to "know" the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something,

  • Panel: The Future of Personal Information

    04/06/2006 Duración: 01h13min

    In the last year, there have been 45 security incidents compromising the personal information of 9.3 million individuals. What can we do given our current situation? How are we going to successfully secure personal information moving forward? This panel will discuss the future of personal information and its implications on privacy. Joseph Ansanelli is CEO of Vontu, a software company focused on the insider threat. Joseph has spoken to Congress twice in the past twelve months as an advocate of privacy and consumer data standards. Mr. Ansanelli has successfully co-founded and led two other companies and has an extensive track record of developing innovative solutions into successful companies. His first venture, Trio Development's Claris Organizer, was ultimately acquired by Palm, Inc. Mr. Ansanelli holds four patents and received a B.S. in Applied Economics from the Wharton School at the University of Pennsylvania Rich Baich, CISSP, CISM, Chief Information Security Officer, ChoicePoint. Mr. Baich has been w

  • Akshay Aggarwal: Rapid Threat Modeling

    04/06/2006 Duración: 25min

    One of the most important weapons in our arsenal for securing applications is threat modeling. Applications are becoming increasingly complex and new technologies are emerging constantly. In this scenario, building or attacking applications is challenging. Threat models can help attackers discover design vulnerabilities and mount complex attacks. These models give secure application developers a great amount of leverage to envision their design, implementation and soundness of their architectures. Being living documents they also carry forward any knowledge gained from previous development life cycles and are invaluable in understanding the impact of any changes to the overall security posture of the applications. Understanding and constructing meaningful threat models is hard. Application teams and attackers need to be aware of what they want to model, how they want to model and when they want to model. Rapid Threat Modeling will help them develop models rapidly while reutilizing data they gathered either th

página 3 de 4