Podcasts by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Past speeches and talks from the Black Hat Briefings computer security conferences.
Further podcasts by Jeff Moss
Podcast on the topic Technologie
All episodes
Joe Stewart: Just Another Windows Kernel Perl Hacker from 2023-12-12T18:58:02.347906
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. Thi...
ListenJoe Stewart: Just Another Windows Kernel Perl Hacker from 2022-03-07T00:16:11.821764
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. Thi...
ListenJoe Stewart: Just Another Windows Kernel Perl Hacker from 2022-02-22T11:05:37.745227
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. Thi...
ListenJerry Schneider: Reflection DNS Poisoning from 2022-02-22T11:05:37.744400
Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aime...
ListenStephan Patton: Social Network Site Data Mining from 2022-02-22T11:05:37.743564
Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding...
ListenJeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage from 2022-02-22T11:05:37.742438
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throug...
ListenCharlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X from 2022-02-22T11:05:37.741560
According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, ...
ListenIain Mcdonald: Longhorn Server Foundation & Server Roles from 2022-02-22T11:05:37.740762
Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and...
ListenDavid Leblanc: Practical Sandboxing: Techniques for Isolating Processes from 2022-02-22T11:05:37.739985
The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriousl...
ListenZane Lackey: Point, Click, RTPInject from 2022-02-22T11:05:37.739210
The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; h...
ListenGreg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007 from 2022-02-22T11:05:37.738140
Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and...
ListenDave G & Jeremy Rauch: Hacking Capitalism from 2022-02-22T11:05:37.737293
The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make su...
ListenEro Carerra: Reverse Engineering Automation with Python from 2022-02-22T11:05:37.736142
Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermedi...
ListenMark Ryan Del Moral Talabis: The Security Analytics Project: Alternatives in Analysis from 2022-02-22T11:05:37.735280
With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundan...
ListenPhil Zimmermann: Z-Phone from 2022-02-22T11:05:37.734167
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptogra...
ListenMark Vincent Yason: The Art of Unpacking from 2022-02-22T11:05:37.733346
Unpacking is an art - it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating ...
ListenChris Wysopal & Chris Eng: Static Detection of Application Backdoors from 2022-02-22T11:05:37.732557
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring sou...
ListenAriel Waissbein: Timing attacks for recovering private entries from database engines from 2022-02-22T11:05:37.731616
Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applicati...
ListenEugene Tsyrklevich: OpenID: Single Sign-On for the Internet from 2022-02-22T11:05:37.730530
Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about O...
ListenPeter Thermos: Transparent Weaknesses in VoIP from 2022-02-22T11:05:37.729737
The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIV...
ListenBryan Sullivan: Premature Ajax-ulation from 2022-02-22T11:05:37.728904
Interest in Ajax is sky-high and only continues to grow. Unfortunately, far too many people rush into Ajax development without giving proper consideration to security issues. These unfortunate indi...
ListenScott Stender: Blind Security Testing - An Evolutionary Approach from 2022-02-22T11:05:37.728
The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases.
Unfortunately, the current...
Alexander Sotirov: Heap Feng Shui in JavaScript from 2022-02-22T11:05:37.727187
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the pr...
ListenWindow Snyder & Mike Shaver : Building and Breaking the Browser from 2022-02-22T11:05:37.726147
Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is genera...
ListenEric Schmeidl & Mike Spindel: Strengths and Weaknesses of Access Control Systems from 2022-02-22T11:05:37.725265
Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available?card readers, biometrics, or e...
ListenLen Sassaman: Anonymity and its Discontents from 2022-02-22T11:05:37.724424
In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity ...
ListenPaul Vincent Sabanal: Reversing C++ from 2022-02-22T11:05:37.723563
As recent as a couple of years ago, reverse engineers can get by with just knowledge of C and assembly to reverse most applications. Now, due to the increasing use of C++ in malware as well as most...
ListenJoanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone? from 2022-02-22T11:05:37.722426
We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then w...
ListenDror-John Roecher: NACATTACK from 2022-02-22T11:05:37.721541
The last two years have seen a big new marketing-buzz named "Admission Control" or "Endpoint Compliance Enforcement" and most major network and security players have developed a product-suite to se...
ListenDanny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques from 2022-02-22T11:05:37.720737
Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detec...
ListenThomas H. Ptacek, Peter Ferrie & Nate Lawson: Don't Tell Joanna, The Virtualized Rootkit Is Dead from 2022-02-22T11:05:37.719401
Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized rootkits can be made. We are going to show that virtualized rootkits will always be detectable. We w...
ListenCody Pierce: PyEmu: A multi-purpose scriptable x86 emulator from 2022-02-22T11:05:37.717849
Processor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presenta...
ListenMike Perry: Securing the tor network from 2022-02-22T11:05:37.583408
Imagine your only connection to the Internet was through a potentially hostile environment such as the Defcon wireless network. Worse, imagine all someone had to do to own you was to inject some ht...
ListenChris Palmer: Breaking Forensics Software: Weaknesses in Critical Evidence Collectio from 2022-02-22T11:05:37.582325
cross the world law enforcement, enterprises and national security apparatus utilize a small but important set of software tools to perform data recovery and investigations. These tools are expecte...
ListenChris Paget: RFID for Beginners++ from 2022-02-22T11:05:37.581384
Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25%...
ListenAlfredo Ortega: OpenBSD Remote Exploit from 2022-02-22T11:05:37.580581
OpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the ...
ListenShawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World from 2022-02-22T11:05:37.579788
As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to i...
ListenHD Moore & Valsmith: Tactical Exploitation-Part 1 from 2022-02-22T11:05:37.577957
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of n...
ListenEric Monti & Dan Moniz: Defeating Extrusion Detection from 2022-02-22T11:05:37.577167
Todays headlines are rife with high profile information leakage cases affecting major corporations and government institutions. Most of the highest-profile leakage news has about been stolen laptop...
ListenLuis Miras: Other Wireless: New ways of being Pwned from 2022-02-22T11:05:37.576341
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices...
ListenHaroon Meer & Marco Slaviero: It's all about the timing from 2022-02-22T11:05:37.575521
It's all about the timing...
Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times ti...
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know . from 2022-02-22T11:05:37.574415
Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a...
ListenDavid Litchfield: Database Forensics from 2022-02-22T11:05:37.573572
Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow.
In January...
Jonathan Lindsay: Attacking the Windows Kernel from 2022-02-22T11:05:37.572719
Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Alt...
ListenDr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online from 2022-02-22T11:05:37.571852
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to d...
ListenDr. Neal Krawetz: A Picture's Worth... from 2022-02-22T11:05:37.570004
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute picture...
ListenDan Kaminsky: Black Ops 2007: Design Reviewing The Web from 2022-02-22T11:05:37.569148
Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting ...
ListenJon Callas: Traffic Analysis -- The Most Powerful and Least Understood Attack Methods from 2022-02-22T11:05:37.568242
Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a f...
ListenKrishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones from 2022-02-22T11:05:37.567446
Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like ...
ListenMikko Hypponen: Status of Cell Phone Malware in 2007 from 2022-02-22T11:05:37.566429
First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of different viruses have been found, most of them targeting smartphones running the Symbian operating s...
ListenGreg Hoglund: Active Reversing: The Next Generation of Reverse Engineering from 2022-02-22T11:05:37.565634
Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This...
ListenBilly Hoffman & John Terrill: The little Hybrid web worm that could from 2022-02-22T11:05:37.564832
The past year has seen several web worms attacks against various online applications. While these worms have gotten more sophisticated and made use of additional technologies like Flash and media f...
ListenJim Hoagland: Vista Network Attack Surface Analysis and Teredo Security Implications from 2022-02-22T11:05:37.564019
This talk will present the results of a broad analysis performed on the network-facing components of the release (RTM) version of Microsoft Windows Vista, as well as the results of study of the sec...
ListenBrad Hill: Attacking Web Service Securty: Message.... from 2022-02-22T11:05:37.563222
Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format....
ListenJohn Heasman: Hacking the extensible Firmware Interface from 2022-02-22T11:05:37.562200
Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac ca...
ListenNick Harbour: Stealth Secrets of the Malware Ninjas from 2022-02-22T11:05:37.561387
It is important for the security professional to understand the techniques used by those they hope to defend against. This presentation focuses on the anti-forensic techniques which malware authors...
ListenEzequiel D. Gutesman & Ariel Waissbein: A dynamic technique for enhancing the security and privacy of web applications from 2022-02-22T11:05:37.560510
Several protection techniques based on run-time taint analysis have been proposed within the last 3 years. Some of them provide full-automated protection for existing web applications, others requi...
ListenJeremiah Grossman & Robert Hansen: Hacking Intranet Websites from the Outside (Take 2) - "Fun with and without JavaScript malware from 2022-02-22T11:05:37.559682
Attacks always get better, never worse. The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF), coupled with JavaScript malware payloads, exploded in 2006....
ListenJennifer Granick: Disclosure and Intellectual Property Law: Case Studies from 2022-02-22T11:05:37.558583
The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are comp...
ListenKenneth Geers: Greetz from Room 101 from 2022-02-22T11:05:37.557784
Imagine you are king for a day. Enemies are all around you, and they seem to be using the Internet to plot against you. Using real-world cyber war stories from the most tightly controlled nations o...
ListenKevvie Fowler: SQL Server Database Forensics from 2022-02-22T11:05:37.556956
Databases are the single most valuable asset a business owns. Databases store and process critical healthcare, financial and corporate data, yet businesses place very little focus on securing and l...
ListenJustin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques from 2022-02-22T11:05:37.556180
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. T...
ListenBen Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript from 2022-02-22T11:05:37.555402
The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack sur...
ListenJoel Eriksson & Panel: Kernel Wars from 2022-02-22T11:05:37.554350
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit ...
ListenMark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications from 2022-02-22T11:05:37.553564
This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the...
ListenRoger Dingledine: TOR from 2022-02-22T11:05:37.552801
Tor project, an anonymous communication system for the Internet that has been funded by both the US Navy and the Electronic Frontier Foundation.
ListenRohit Dhamankar & Rob King: PISA: Protocol Identification via Statistical Analysis from 2022-02-22T11:05:37.552016
A growing number of proprietary protocols are using end-to-end encryption to avoid being detected via network-based systems performing Intrusion Detection/Prevention and Application Rate Shaping. A...
ListenBarrie Dempster: VOIP Security from 2022-02-22T11:05:37.551228
As VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issu...
ListenJared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing from 2022-02-22T11:05:37.550172
Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pool...
ListenJob De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems from 2022-02-22T11:05:37.549412
For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tamper...
ListenDavid Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget from 2022-02-22T11:05:37.548586
Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operat...
ListenRobert W Clark: Computer and Internet Security Law - A Year in Review 2006 - 2007 from 2022-02-22T11:05:37.547750
This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisi...
ListenMaria Cirino: Meet the VC's from 2022-02-22T11:05:37.546706
2007 held numerous watershed events for the security industry. Innovation is needed and the money is there. Come to this session and meet the VCs actively investing in security, web, and mobile app...
ListenJim Christy: Meet the Feds from 2022-02-22T11:05:37.545915
Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Co...
ListenBrian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat from 2022-02-22T11:05:37.545110
Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron C...
ListenStephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks from 2022-02-22T11:05:37.544336
In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript"
That presentation introduced a new technique for precise manipulation of the browser heap layout using sp...
David Byrne: Intranet Invasion With Anti-DNS Pinning from 2022-02-22T11:05:37.543512
Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new t...
ListenJamie Butler & Kris Kendall: Blackout: What Really Happened... from 2022-02-22T11:05:37.542471
Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffec...
ListenDamiano Bolzoni & Emmanuel Zambon: Sphinx: an anomaly-based Web Intrusion Detection System from 2022-02-22T11:05:37.541646
We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), ...
ListenYoriy Bolygin: Remote and Local Exploitation of Network Drivers from 2022-02-22T11:05:37.540832
During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable lap...
ListenRohyt Belani & Keith Jones: Smoke 'em Out! from 2022-02-22T11:05:37.540018
Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgea...
ListenAndrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. from 2022-02-22T11:05:37.539223
RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems.
All modern in-car Satellite Navigation system...
Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization from 2022-02-22T11:05:37.538179
Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualizati...
ListenPedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!) from 2022-02-22T11:05:37.537390
Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are su...
ListenJonathan Afek: Dangling Pointer from 2022-02-22T11:05:37.536598
A Dangling Pointer is a well known security flaw in many applications.
When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the d...
Bruce Schneier: KEYNOTE: The Psychology of Security from 2022-02-22T11:05:37.534743
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feelin...
ListenTony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community from 2022-02-22T11:05:37.533913
The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vul...
ListenGadi Evron: Estonia: Information Warfare and Strategic Lessons from 2007-12-11T14:53:10
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russ...
ListenHD Moore & Valsmith: Tactical Exploitation-Part 2 from 2007-12-11T13:59:42
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of n...
Listen