Podcasts by Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Past speeches and talks from the Black Hat Briefings computer security conferences.
Further podcasts by Jeff Moss
Podcast on the topic Technologie
All episodes
Philip R. Zimmermann: The Unveiling of My Next Big Project from 2023-12-12T18:58:06.132638
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptogra...
ListenAdam L. Young: Building Robust Backdoors In Secret Symmetric Ciphers from 2023-12-12T18:58:06.127748
This talk will present recent advances in the design of robust cryptographic backdoors in secret symmetric ciphers (i.e., classified or proprietary ciphers). The problem directly affects end-users ...
ListenAlex Wheeler and Neel Mehta: Owning Anti-Virus: Weaknesses in a Critical Security Component from 2023-12-12T18:58:06.122838
AV software is becoming extremely popular because of the its percieved protection. Even the average person is aware they want AV on their computer (see AOL, Netscape, Netzero, Earthlink, and other ...
ListenPaul Vixie: Preventing Child Neglect in DNSSEC-bis using Lookaside Validation from 2023-12-12T18:58:06.116380
Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. Early in his career, he developed and introduced sends, proxynet, r...
ListenAndrew van der Stock: World Exclusive - Announcing the OWASP Guide To Securing Web Applications and Services 2.0 from 2023-12-12T18:58:06.106637
After three years of community development, the Open Web Application Security Project (OWASP) is proud to introduce the next generation of web application security standards at BlackHat USA 2005. T...
ListenEugene Tsyrklevich: Ozone HIPS: Unbreakable Windows from 2023-12-12T18:58:06.102026
Windows is the number one target on the Internet today. It takes less than 5 minutes for an unpatched Windows machine, connected to the Internet, to get owned. Yet the most prevalent security pract...
ListenMichael Sutton and Adam Greene: The Art of File Format Fuzzing from 2023-12-12T18:58:06.096698
In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was not...
ListenAlex Stamos and Scott Stender: Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps from 2023-12-12T18:58:06.092080
Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applicatio...
Listenspoonm and skape: Beyond EIP from 2023-12-12T18:58:06.086499
When we built Metasploit, our focus was on the exploit development process. We tried to design a system that helped create reliable and robust exploits. While this is obviously very important, it's...
ListenSherri Sparks and Jamie Butler:"Shadow Walker"- Raising The Bar For Rootkit Detection from 2023-12-12T18:58:06.081643
Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function poin...
ListenDerek Soeder and Ryan Permeh: eEye BootRoot from 2023-12-12T18:58:06.076867
This presentation will cover the eEye BootRoot project, an exploration of technology that boot sector code can use to subvert the Windows NT-family kernel and retain the potential for execution, ev...
ListenPaul Simmonds: The Jericho Challenge - Finalist Architecture Presentations and Awards from 2023-12-12T18:58:06.071879
The days of the corporate network, completely isolated with a well-secured outer shell are long gone; yet we continue to cling to this model. Global networks with no borders, offer the potential of...
ListenSensePost: Automation - Deus ex Machina or Rube Goldberg Machine? from 2023-12-12T18:58:06.066927
How far can automation be taken? How much intelligence can be embodied in code? How generic can automated IT security assessment tools really be? This presentation will attempt to show which areas ...
ListenMike Pomraning: Injection Flaws: Stop Validating Your Input from 2023-12-12T18:58:06.062061
Years after the debut of XSS and SQL Injection, each passing week sees newly disclosed vulnerabilities ready to be exploited by these same techniques. Labelling all of these as"input validation fla...
ListenEjovi Nuwere and Mikko Varpiola: The Art of SIP fuzzing and Vulnerabilities Found in VoIP from 2023-12-12T18:58:06.057069
This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging techno...
ListenMudge aka Peiter Mudge Zatko: Economics, Physics, Psychology and How They Relate to Technical Aspects of Counter Intelligence/Counter Espionage Within Information Security from 2023-12-12T18:58:06.051452
The computer and network security fields have made little progress in the past decade. The rhetoric that the field is in an arms race; attacks are becoming more complicated and thus defenses are al...
ListenShawn Moyer: Owning the C-suite: Corporate Warfare as a Social Engineering Problem from 2023-12-12T18:58:06.046944
Let's face it, you ROCK at building InfoSec tech, but you SUCK at corporate warfare. Sooner or later, you WILL have to sit in a boardroom with the suits and justify your existence. If you approach ...
ListenPanel: CISO QA with Jeff Moss from 2023-12-12T18:58:06.042354
Jeff Moss, founder of Black Hat, invites Chief Information Security Officers from global corporations to join him on stage for a unique set of questions and answers. What do CISOs think of Black Ha...
ListenPanel: The National ID Debate from 2023-12-12T18:58:06.037637
As a result of the Real-ID Act, all American citizens will have an electronically readable ID card that is linked to the federal database by May 2008. This means that in three years we will have a ...
ListenRobert Morris: The Non-Cryptographic Ways of Losing Information from 2023-12-12T18:58:06.033619
To fully understand how to protect crucial information in the modern world, one needs to fully understand how the modern spy steals it. Since the glorious days of cryptanalysis during World War II,...
ListenDavid Maynor: NX: How Well Does It Say NO to Attacker's eXecution Attempts? from 2023-12-12T18:58:06.023769
NX. It's known by different names to different people. AMD calls it Enhanced Virus Protection, or EVP. Microsoft calls its support Data Execution Prevention, or DEP. After the press about how this ...
ListenKevin Mandia: Performing Effective Incident Response from 2023-12-12T18:58:06.018925
During the course of 2004 and 2005, we have responded to dozens of computer security incidents at some of America's largest organizations. Mr. Mandia was on the front lines assisting these organiza...
ListenSimple Nomad and MadHat Unspecific: SPA: Single Packet Authorization from 2023-12-12T18:58:06.014578
We needed a protocol that allowed us to tell a server that we are who we say we are, have it work across NAT, use TCP, UDP, or ICMP as the transport mechanism, act as an extra layer of security, an...
ListenJohnny Long: Google Hacking for Penetration Testers from 2023-12-12T18:58:06.010071
Google Hacking returns for more guaranteed fun this year at Blackhat USA! If you haven't caught one of Johnny's Google talks, you definitely should. Come and witness all the new and amazing things ...
ListenDavid Litchfield: All New 0-Day from 2023-12-12T18:58:06.006615
David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as'Th...
ListenBen Laurie: CaPerl: Running Hostile Code Safely from 2023-12-12T18:58:06.003386
There are many circumstances under which we would like to run code we don't trust. This talk presents a method for making that possible with various popular scripting languages-the test case is Per...
ListenAlexander Kornbrust: Circumvent Oracle's Database Encryption and Reverse Engineering of Oracle Key Management Algorithms from 2023-12-12T18:58:06.000175
This talk describes architecture flaws of the Oracle's database encryption packages dbms_crypto and dbms_obfuscation_toolkit. These encryption packages are used to encrypt sensitive information in ...
ListenJoseph Klein: The Social Engineering Engagement Methodology - A Formal Testing process of the People and Process from 2023-12-12T18:58:05.996969
The security of an organization is composed of technology, people and processes. In the last few years, many organizations have done a good job addressing technology but have focused very little on...
ListenBarnaby Jack: Remote Windows Kernel Exploitation - Step In To the Ring 0 from 2023-12-12T18:58:05.993275
Almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has rarely been touched on publicly is the remote exploitation of W...
ListenKen Hines: Using Causal Analysis to Establish Meaningful Connections between Anomalous Behaviors in a Networking Environment from 2023-12-12T18:58:05.989222
Fueled by business needs such as supply chain integration and outsourcing, modern enterprises must open up portions of their networks to potentially untrusted outsiders. Combined with the troubling...
ListenAllen Harper and Edward Balas: GEN III Honeynets: The birth of roo from 2023-12-12T18:58:05.985260
A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honey...
ListenRobert J. Hansen and Meredith L. Patterson: Stopping Injection Attacks with Computational Theory from 2023-12-12T18:58:05.982384
Input validation is an important part of security, but it's also one of the most annoying parts. False positives and false negatives force us to choose between convenience and security-but do we ha...
ListenThe Grugq: The Art of Defiling: Defeating Forensic Analysis from 2023-12-12T18:58:05.979889
The Grugq has been at the forefront of forensic research for the last six years, during which he has been pioneering in the realm of anti-forensic research and development. During this time, he has...
ListenJeremiah Grossman: Phishing with Super Bait from 2023-12-12T18:58:05.976857
The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their w...
ListenJennifer Stisa Granick: Top Ten Legal Issues in Computer Security from 2023-12-12T18:58:05.974324
This will be a practical and theoretical tutorial on legal issues related to computer security practices. In advance of the talk, I will unscientifically determine the"Top Ten LegalQuestions About ...
ListenJoe Grand: Can You Really Trust Hardware? Exploring Security Problems in Hardware Devices from 2023-12-12T18:58:05.971435
Most users treat a hardware solution as an inherently trusted black box."If it's hardware, it must be secure,"they say. This presentation explores a number of classic security problems with hardwar...
ListenKenneth Geers: Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) from 2023-12-12T18:58:05.968140
Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that res...
ListenJames C. Foster and Vincent T. Liu: Catch Me If You Can:Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch. from 2023-12-12T18:58:05.964869
Don't get caught.Building off of Foster's log manipulation and bypassing forensics session at BlackHat Windows 2004, James C. Foster and Vincent T. Liu will share over eighteen months of continued ...
ListenJames C. Foster: BlackHat Standup:"Yea I'm a Hacker" from 2023-12-12T18:58:05.961861
In a refreshing different format, Foster cracks the audience with a twenty minute comedic dissertation of the past year in the information security industry. Performing standup, Foster will roast t...
ListenEsteban Martinez Fayo: Advanced SQL Injection in Oracle Databases from 2023-12-12T18:58:05.958110
This presentation shows new ways to attack Oracle Databases. It is focused on SQL injection vulnerabilities and how can be exploited using new techniques. It also explains how to see the internal P...
ListenYuan Fan: Advance SQL Injection Detection by Join Force of Database Auditing and Anomaly Intrusion Detection from 2023-12-12T18:58:05.954814
This topic will present the proposal/idea/work from the author's master graduate project about effective detection of SQL Injection exploits while lowering the number of false positives. It gives d...
ListenArian J. Evans and Daniel Thompson: Building Self-Defending Web Applications: Secrets of Session Hacking and Protecting Software Sessions from 2023-12-12T18:58:05.950993
Web applications are constantly under attack, and must defend themselves. Sadly, today, most cannot.There are several key elements to building self-defending software but only a few are focused on ...
ListenHimanshu Dwivedi: iSCSI Security (Insecure SCSI) from 2023-12-12T18:58:05.947290
Himanshu Dwivedi's presentation will discuss the severe security issues that exist in the default implementations of iSCSI storage networks/products. The presentation will cover iSCSI storage as it...
ListenBryan Cunningham and C. Forrest Morgan: U.S National Security, Individual and Corporate Information Security, and Information Security Providers from 2023-12-12T18:58:05.943086
This presentation, by a former Deputy Legal Adviser to the White House National Security Council, and author of a chapter on legal issues in the forthcoming"Case Studies for Implementing the NSA IE...
ListenGreg Conti: Beyond Ethereal: Crafting A Tivo for Security Datastreams from 2023-12-12T18:58:05.937800
Ethereal is a thing of beauty, but ultimately you are constrained to a tiny window of 30-40 packets that is insufficient when dealing with network datasets that could be on the order of millions of...
ListenTyler Close: Shatter-proofing Windows from 2023-12-12T18:58:05.913399
The Shatter attack uses the Windows API to subvert processes running with greater privilege than the attack code. The author of the Shatter code has made strong claims about the difficulty of fixin...
ListenIan Clarke and Oskar Sandberg: Routing in the Dark: Scalable Searches in Dark P2P Networks. from 2023-12-12T18:58:05.908179
It has become apparent that the greatest threat toward the survival of peer to peer, and especially file sharing, networks is the openness of the peers themselves towards strangers. So called"darkn...
ListenRobert W. Clark: Legal Aspects of Computer Network Defense-A Government Perspective and A Year in Review Important Precedents in Computer and Internet Security Law 2004 - 2005 from 2023-12-12T18:58:05.903470
This presentation looks at computer network defense and the legal cases of the last year that affect internet and computer security. This presentation clearly and simply explains (in non-legal term...
ListenJim Christy: The Defense Cyber Crime Center from 2023-12-12T18:58:05.898359
This talk will cover the Defense Cyber Crime Center (DC3), our mission and capabilities. The DC3 is one-stop shopping for cyber crime related support. We have approximately 160 people assigned in 3...
ListenTzi-cker Chiueh: Checking Array Bound Violation Using Segmentation Hardware from 2023-12-12T18:58:05.894386
The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult ...
ListenCesar Cerrudo:Demystifying MS SQL Server and Oracle Database Server Security from 2023-12-12T18:58:05.890167
Databases are where your most valuable data rest, when you use a database server you implicitly trust the vendor, because you think you bought a good and secure product. This presentation will comp...
ListenKevin Cardwell:Toolkits: All-in-One Approach to Security from 2023-12-12T18:58:05.885524
This talk will be on using toolkits for your pen-testing, vulnerability assessment etc. Configuring a plethora of the different tools out there can be quite time consuming, and challenging. The foc...
ListenAdam Boileau: Trust Transience: Post Intrusion SSH Hijacking from 2023-12-12T18:58:05.879945
Trust Transience: Post Intrusion SSH Hijacking explores the issues of transient trust relationships between hosts, and how to exploit them. Applying technique from anti-forensics, linux VXers, and ...
ListenRenaud Bidou: A Dirty BlackMail DoS Story from 2023-12-12T18:58:05.871361
This is a real story of modern extortion in a cyberworld. Bots have replaced dynamite and you don't buy"protection"to prevent your shop from going in flames; you buy"consulting"to prevent your IT f...
ListenBruce Potter and Beetle: Rogue Squadron: Evil Twins, 802.11intel, Radical RADIUS, and Wireless Weaponry for Windows from 2023-12-12T18:58:05.866462
At DefCon 11, a rogue access point setup utility named"Airsnarf"was presented by the Shmoo Group. Two years later,"Evil Twin"access points have made it to Slashdot and news.google.com. Who would ha...
ListenDarrin Barrall:Shakespearean Shellcode from 2023-12-12T18:58:05.861288
This discussion will cover the theoretical background of using ordinary, readable text to conceal an exploit payload's true content, ending with a practical application of the discussed technique. ...
ListenDarrin Barrall and David Dewey: Plug and Root, the USB Key to the Kingdom from 2023-12-12T18:58:05.848857
USB peripheral devices are made by reputable manufacturers and will not misbehave by attacking the host system's operating system. This device is not one of those. This discussion will cover the cr...
ListenOfir Arkin: A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control from 2023-12-12T18:58:05.841701
An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology),...
ListenPanel: The Future of Personal Information from 2023-12-12T18:58:05.820033
In the last year, there have been 45 security incidents compromising the personal information of 9.3 million individuals. What can we do given our current situation? How are we going to successfull...
ListenAkshay Aggarwal: Rapid Threat Modeling from 2023-12-12T18:58:05.810761
One of the most important weapons in our arsenal for securing applications is threat modeling. Applications are becoming increasingly complex and new technologies are emerging constantly. In this s...
ListenGilman Louie: Investing in Our Nation's Security from 2023-12-12T18:58:05.804623
Gilman Louie, President and Chief Executive Officer, In-Q-Tel The challenge of creating an innovative, new business model aimed at enhancing national security convinced Gilman Louie to join In-Q-T...
Listen