374
374
Feb 21, 2014
02/14
by
Justin N. Ferguson
movies
eye 374
favorite 0
comment 0
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This paper examines a flaw that was found in several popular implementations of the GSS-API as a method for elaborating upon the true beauty of data structure exploitation. This paper focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and...
Topics: heap, metadata, exploitation, memory management
96
96
Feb 21, 2014
02/14
by
Thomas Ptacek & Nate Lawson
movies
eye 96
favorite 0
comment 0
2007 BlackHat Vegas-V18-Ptacek-Ferrie-Lawson-Dont Tell Joanna.mp4
Topic: rootkits
48
48
movies
eye 48
favorite 0
comment 0
2007 BlackHat Vegas-V79-Dempster-VOIP Security.mp4
23
23
movies
eye 23
favorite 0
comment 0
2007 BlackHat Vegas-V56-Schmiedl-Spindel-Stregths-Weakness ACS.mp4
96
96
Feb 21, 2014
02/14
by
HD Moore and Valsmith
movies
eye 96
favorite 2
comment 0
Penetration testing often focuses on individual vulnerabilities and services. This paper describes a tactical approach that does not rely on exploiting known flaws. The first section of this paper covers information gathering and discovery techniques, with a concentration on third-party services and new tools. The second section of this paper combines the information discovery techniques in the first section with various protocol and implementation weaknesses, in order to provide clear steps...
Topics: penetration, vulnerabilities, services
61
61
Feb 21, 2014
02/14
by
Stephen Patton
movies
eye 61
favorite 0
comment 0
It is hard to deny the booming popularity of social networking sites, the type of sites that facilitate a high degree of user personalization, and user intercommunication. While yearly growth in the largest sites may have started to slow, there is evidence that growth is accelerating in communities that have previously not had a high degree of social networking site use.
Topics: social networks, data mining
31
31
movies
eye 31
favorite 0
comment 0
2007 BlackHat Vegas-V22-Byrne-Anti-DNS Pinning.mp4
55
55
movies
eye 55
favorite 0
comment 0
2007 BlackHat Vegas-V57-DeHaas-Side Channel Attacks-DPA.mp4
33
33
movies
eye 33
favorite 0
comment 0
2007 BlackHat Vegas-V71-Dowd-Mcdonald-Mehta-Breaking C.mp4
97
97
Feb 21, 2014
02/14
by
Pedram Amini and Aaron Portnoy
movies
eye 97
favorite 0
comment 0
There are a number of available specialized fuzzing utilities which target many common and documented network protocols and file formats. These fuzzers exhaustively iterate through a designated protocol and can be used across the board to stress test a variety of applications that support that protocol. For instance, the same specialized SMTP fuzzer could be used against a variety of e-mail transfer programs such as Microsoft Exchange, Sendmail, qmail, etc. Other “dumb” fuzzers take a more...
Topics: fuzzing, protocols, stress test
114
114
Feb 21, 2014
02/14
by
Jonathan Lindsay
movies
eye 114
favorite 0
comment 0
Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Although a lot of research has been conducted into exploiting bugs in user mode code for privilege escalation within the operating system defined boundaries as well as what can be done if one has arbitrary supervisor access (typically related to modern root kit work), not a great deal of research has...
Topics: kernel, supervisor, APIs, fuzzing
96
96
Feb 21, 2014
02/14
by
Jeremiah Grossman and Robert Hansen
movies
eye 96
favorite 0
comment 0
New research has revealed that even if JavaScript has been disabled or restricted, some of the now popular attack techniques — such as Browser Intranet Hacking, Port Scanning, and History Stealing—can still be perpetrated. From an enterprise security perspective, when users are visiting “normal” public websites (including Web mail, blogs, social networks, message boards, news, etc.), there is a growing probability that their browser might be silently hijacked by a hacker and exploited...
Topics: javascript, exploits, port scanning
48
48
Feb 21, 2014
02/14
by
Jim Hoagland
movies
eye 48
favorite 0
comment 0
This report examines the security implications of Teredo. Teredo is a platform-independent protocol developed by Microsoft®, which is enabled by default in Windows VistaTM. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some security concerns. Primary concerns include bypassing security controls, reducing defense in depth, and...
Topics: windows, vista, tunneling, ipv4, ipv6
28
28
movies
eye 28
favorite 0
comment 0
2007 BlackHat Vegas-V65-Perry-Securing the Tor Net.mp4
70
70
Feb 21, 2014
02/14
by
Peter Thermos
movies
eye 70
favorite 0
comment 0
How do we secure NGN /VoIP networks and conclusions.
Topics: VoIP, security, transparent weaknesses
60
60
Feb 21, 2014
02/14
by
David LeBlanc
movies
eye 60
favorite 0
comment 0
2007 BlackHat Vegas-V11-LeBlanc-Practical Sandboxing.mp4
35
35
movies
eye 35
favorite 0
comment 0
2007 BlackHat Vegas-V68-Quist-Valsmith-Covert Debugging.mp4
339
339
Feb 21, 2014
02/14
by
Alexander Sotirov
movies
eye 339
favorite 0
comment 0
The exploitation of heap corruption vulnerabilities on the Windows platform has become increasingly more difficult since the introduction of XP SP2. Heap protection features such as safe unlinking and heap cookies have been successful in stopping most generic heap exploitation techniques. Methods for bypassing the heap protection exist, but they require a great degree of control over the allocation patterns of the vulnerable application. This video introduces a new technique for precise...
Topics: javascript, heap, browser
27
27
movies
eye 27
favorite 0
comment 0
2007 BlackHat Vegas-V58-Clark-Year in Review.mp4
39
39
movies
eye 39
favorite 0
comment 0
2007 BlackHat Vegas-V59-Granick-Disclosure Intellectual property Law.mp4
77
77
Feb 21, 2014
02/14
by
Joe Stewart
movies
eye 77
favorite 0
comment 0
The Microsoft Windows kernel has included code to allow developers to debug the kernel itself since its inception, although until now, it required use of the freely-available but proprietary windb program to take advantage of it.
Topics: kernel, windb, perl, debug
21
21
movies
eye 21
favorite 0
comment 0
2007 BlackHat Vegas-V29-Hoffman-Terrill-Hybrid Web Worm.mp4
67
67
Feb 21, 2014
02/14
by
Ariel Waissbein and Damian Saura
movies
eye 67
favorite 0
comment 0
Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where ex- pected, for example, they may allow to add data in a column of the database but not to view the complete contents of this column. We will describe a new...
Topics: dynamic content, database, timing attack
72
72
Feb 21, 2014
02/14
by
Brandon Baker
movies
eye 72
favorite 0
comment 0
Why a hypervisor? * Thin, low level microkernel * Eliminates ring compression * Runs guest operating systems w/o modification Adds defense in depth * Leverage current & future hardware * Scalability
Topics: hypervisor, scalability, microkernel
64
64
Feb 21, 2014
02/14
by
David Maynor and Robert Graham
movies
eye 64
favorite 0
comment 0
Instead of reverse engineering vulnerabilities to find 0day, hackers can now reverse security products. More and more companies are buying and commercializing 0day vulnerabilities and exploits. This includes offensive hacking toolkits, and also defensive products like vulnerability assessment appliances, intrusion detection systems, and intrusion-prevention systems. In this paper, we will demonstrate that it’s possible to crack open a defensive product in order to get its 0day information....
Topics: exploits, security
24
24
movies
eye 24
favorite 0
comment 0
2007 BlackHat Vegas-V6-Schneider-Reflective DNS Poison.mp4
223
223
Feb 21, 2014
02/14
by
Kevvie Fowler
movies
eye 223
favorite 0
comment 0
Why are databases critical assets? * Databases hold critical information * Industry trends are scaling in versus out * Database servers today hold more sensitive information than ever before * Data security legislations & regulations dictate that security breaches must be reported * Database security breaches are “Front Page” news
26
26
movies
eye 26
favorite 0
comment 0
2007 BlackHat Vegas-V75-Tsyrklevich-Open ID-SSO.mp4
37
37
movies
eye 37
favorite 0
comment 0
2007 BlackHat Vegas-V28-Snyder-Shaver-Building and Breaking Browser.mp4
36
36
movies
eye 36
favorite 0
comment 0
2007 BlackHat Vegas-V4-Del Moral Talabis-Security Analytics.mp4
40
40
movies
eye 40
favorite 0
comment 0
2007 BlackHat Vegas-V27-Feinstein-Peck-CaffeineMonkey.mp4
75
75
Feb 21, 2014
02/14
by
Krishna Kurapati
movies
eye 75
favorite 0
comment 0
Voice over Internet Protocol (VoIP) is successfully driving rapid migration of communications technology from traditional PSTN to IP network. The main reasons behind this success are benefits of VoIP including cost savings, business continuity, and increased productivity. Consequently, several free as well as commercial VoIP products and solutions including complete IP communications solutions commonly known as unified communications are available. Unified communications, as the name suggests,...
Topics: VoIP, security, dual-mode, spoofing
47
47
Feb 21, 2014
02/14
by
Jon Callas, Raven Alder, Riccardo Bettati and Nick Mathewson
movies
eye 47
favorite 0
comment 0
Traffic Analysis - The most powerful and least understood attack methods.
Topics: traffic analysis, attack methods
134
134
Feb 21, 2014
02/14
by
Chris Paget
movies
eye 134
favorite 0
comment 0
If you’re using 125KHz Prox, your doors are highly insecure.
Topics: rfid, security
98
98
Feb 21, 2014
02/14
by
Charlie Miller
movies
eye 98
favorite 1
comment 0
According to the Apple website, “Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.” Of course, the Month of Apple Bugs and the flurry of activity after the release of Safari for Windows showed that Macs are just as susceptible to vulnerabilities as other operating systems. Arguably, two factors keep the number of announced vulnerabilities on Mac OS X low: the lack of researchers interested...
Topics: osx, security, exploits
39
39
Feb 21, 2014
02/14
by
Bryan Sullivan and Billy Hoffman
movies
eye 39
favorite 0
comment 0
In order to make partial page updates more useful, it can be worthwhile to increase the granularity of your server-side functions. It would be pointless to expose a single, lengthy “Do-It” operation that provides no user feedback while it is processing. Providing a more finely-grained server API also helps third party websites to create effective mashups from your application. On the other hand, attackers can easily subvert the intended application workflow and call functions out of order,...
Topics: ajax, server APIs
23
23
movies
eye 23
favorite 0
comment 0
2007 BlackHat Vegas-V51-Christy-Panel-Meet the Fed.mp4
45
45
Feb 21, 2014
02/14
by
HD Moore and Valsmith
movies
eye 45
favorite 0
comment 0
Penetration testing often focuses on individual vulnerabilities and services. This paper describes a tactical approach that does not rely on exploiting known flaws. The first section of this paper covers information gathering and discovery techniques, with a concentration on third-party services and new tools. The second section of this paper combines the information discovery techniques in the first section with various protocol and implementation weaknesses, in order to provide clear steps...
Topics: penetration, information gathering
219
219
Feb 21, 2014
02/14
by
Mark Vincent Yason
movies
eye 219
favorite 0
comment 0
Packers are one of the most interesting puzzles to solve in the Reverse Engineering field. Packers are created to protect legitimate applications, but they are also used by malcode. Over time, new anti-reversing techniques are integrated into packers. Meanwhile, researchers on the other side of the fence find ways to break/bypass these protections... it is a mind game. Anti-reversing techniques are also interesting because a lot of knowledge about Windows internals are gained.
Topics: packers, debugger detection, breakpoint
32
32
movies
eye 32
favorite 0
comment 0
2007 BlackHat Vegas-V78-Zimmerman-Z-Phone.mp4
39
39
movies
eye 39
favorite 0
comment 0
2007 BlackHat Vegas-V34-Meer-Slaviero-All about the Timing.mp4
37
37
movies
eye 37
favorite 0
comment 0
2007 BlackHat Vegas-V10-Mcdonald-Longhorn Server Foundation.mp4
33
33
movies
eye 33
favorite 0
comment 0
2007 BlackHat Vegas-V76-Monti-Moniz-Defeating Information Leak Prevention.mp4
19
19
movies
eye 19
favorite 0
comment 0
2007 BlackHat Vegas-V14-Panel-Meet The VCs.mp4
33
33
movies
eye 33
favorite 0
comment 0
2007 BlackHat Vegas-V44-DeMott-Enbody-Punch-Grey-box Attack Testing.mp4
223
223
Feb 21, 2014
02/14
by
Paul Vincent Sabanal
movies
eye 223
favorite 0
comment 0
2007 BlackHat Vegas-V72-Yason-Sabanal-Reversing C.mp4
26
26
movies
eye 26
favorite 0
comment 0
2007 BlackHat Vegas-V47-Chess-Fay-Kureha-West-Iron Chef.mp4
42
42
movies
eye 42
favorite 0
comment 0
2007 BlackHat Vegas-V32-Chenette-Joseph-Defeating Web Browser.mp4
35
35
movies
eye 35
favorite 0
comment 0
2007 BlackHat Vegas-V42-Palmer-Newsham-Stamos-Breaking Forensic.mp4
42
42
Feb 21, 2014
02/14
by
Greg Wroblewski
movies
eye 42
favorite 0
comment 0
2007 BlackHat Vegas-V9-Wroblewski-Reversing MSRC Updates.mp4
44
44
Feb 21, 2014
02/14
by
Luis Miras
movies
eye 44
favorite 0
comment 0
There have been numerous papers and attacks done on mainstream wireless technologies. These technologies would include 802.11, Bluetooth, and Cellular. There are many RF devices that don't operate using the above protocols and standards. These devices are built using cheaper more cost effective chips. Many of the chips can only perform one way communication. These devices include wireless RF presenters, mice, and keyboards. They operate on various bands such as 27 MHz, 900 MHz, and 2.4 GHz.
Topics: wireless, bluetooth, wifi, 802.11, attacks
61
61
Feb 21, 2014
02/14
by
Shawn Moyer
movies
eye 61
favorite 0
comment 0
My first exposure to buffer overflows, like much of my introduction to the security field, was while working for a small ISP and consulting shop in the 90’s. Dave, who was building a security practice, took me under his wing. I was a budding Linux geek, and I confessed an affinity for Bash. After a brief lecture about the finer points of tcsh, Dave borrowed my laptop running Slackware, and showed me the Bash overflow in PS1, found by Razvan Dragomirescu. This was a useful demonstration in...
Topics: overflows, countermeasures, canaries, sanity checks
72
72
Feb 21, 2014
02/14
by
Joanna Rutkowska and Alexander Tereshkin
movies
eye 72
favorite 0
comment 0
Digital signatures for kernel-mode software are an important way to ensure security on computer systems.
Topics: kernel, digital signatures
88
88
Feb 21, 2014
02/14
by
John Heasman
movies
eye 88
favorite 0
comment 0
Thistalkisaboutrootkitpersistence - i.e. how to deploy a rootkit from the BIOS/EFI
Topics: bios, efi, firmware
31
31
movies
eye 31
favorite 0
comment 0
2007 BlackHat Vegas-V60-Geers-Greetz from room 101.mp4
79
79
Feb 21, 2014
02/14
by
Richard Clarke, Tony Sager and Bruce Schneier
movies
eye 79
favorite 0
comment 0
Keynote Presentation - A Story About Digital Security in 2017.
Topics: keynote presentation, blackhat, vegas
33
33
movies
eye 33
favorite 0
comment 0
2007 BlackHat Vegas-V62-Belani-Jones-Smoke em Out.mp4
38
38
Feb 21, 2014
02/14
by
Tony Sager
movies
eye 38
favorite 0
comment 0
2007 BlackHat Vegas-VK2-Keynote-Sager.mp4
80
80
Feb 21, 2014
02/14
by
Chris Wysopal and Chris Eng
movies
eye 80
favorite 0
comment 0
Backdoors are a method of bypassing authentication or other security controls in order to access a computer system or the data contained on that system. Backdoors can exist at the system level, in a cryptographic algorithm, or within an application. This video will concentrate on application backdoors which are embedded within the code of a legitimate application.
Topics: backdoors, malware, crypto
159
159
Feb 21, 2014
02/14
by
Dr. Neal Krawetz
movies
eye 159
favorite 0
comment 0
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is real? Is it computer generated or modified? In a world where pictures are more influencial than words, being able to distinguish fact from fiction in a systematic way is essential. This...
Topics: images, JPEG, digital authentication, wavelet transformations
54
54
Feb 21, 2014
02/14
by
Ezequiel D. Gutesman and Ariel Waissbein
movies
eye 54
favorite 0
comment 0
Web application security and privacy became a central concern among the security community. The problems that are faced once an application is compromised necessarily demands special attention. The emerging programming languages, which allow unexperienced users to quickly develop applications, still fail to introduce mechanisms for preventing the aforementioned attacks. We introduce a technique for enhancing the security and privacy for a web-based solution, by augmenting its execution...
Topics: web security, privacy, thwart attack
61
61
Feb 21, 2014
02/14
by
Gadi Evron
movies
eye 61
favorite 0
comment 0
2007 BlackHat Vegas-V50-Evron-Estonia-Information Warfare.mp4
30
30
movies
eye 30
favorite 0
comment 0
2007 BlackHat Vegas-V7-Morin-Type Conversion Errors.mp4
118
118
Feb 21, 2014
02/14
by
David Litchfield
movies
eye 118
favorite 0
comment 0
There are 0 (zero) database-specific forensic analysis and incident response tools on the market – free or commercial.
Topics: database security, forensic analysis
36
36
movies
eye 36
favorite 0
comment 0
2007 BlackHat Vegas-V70-Pierce-PyEmu.mp4
68
68
Feb 21, 2014
02/14
by
Damiano Bolzoni and Emmanuel Zambon
movies
eye 68
favorite 0
comment 0
2007 BlackHat Vegas-V89-Bolzoni-Zambon-Sphinx.mp4
49
49
Feb 21, 2014
02/14
by
Dave G. and Jeremy Rauch
movies
eye 49
favorite 0
comment 0
HTTP/HTTPS dominates in the normal world for “general” application use – Finance world is made up of all sorts of weird protocols
Topics: finance protocols, http, https
34
34
movies
eye 34
favorite 0
comment 0
2007 BlackHat Vegas-V24-Hill-Message Oriented Madness.mp4
36
36
movies
eye 36
favorite 0
comment 0
2007 BlackHat Vegas-V41-Butler-Kendall-Blackout.mp4
26
26
movies
eye 26
favorite 0
comment 0
2007 BlackHat Vegas-V73-Kaminsky-Black Ops 2007.mp4
37
37
movies
eye 37
favorite 0
comment 0
2007 BlackHat Vegas-V83-Bulygin-Remote and Local Exploit.mp4
57
57
Feb 21, 2014
02/14
by
Zane Lackey and Alex Garbutt
movies
eye 57
favorite 0
comment 0
2007 BlackHat Vegas-V2-Lackey-Garbutt-Point Click RTPinject.mp4
Topics: RTP, inject
38
38
movies
eye 38
favorite 0
comment 0
2007 BlackHat Vegas-V55-Laurie-RFIDIOTS.mp4
62
62
Feb 21, 2014
02/14
by
Bruce Schneier
movies
eye 62
favorite 0
comment 0
Security is both a feeling and a reality. And they’re not the same. The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures. We can calculate how secure your home is from burglary, based on such factors as the crime rate in the neighborhood you live in and your door-locking habits. We can calculate how likely it is for you to be murdered, either on the streets by a stranger or in your home by a family member. Or...
Topics: security, countermeasures
29
29
movies
eye 29
favorite 0
comment 0
2007 BlackHat Vegas-V19-Eriksson-Oberg-Nyberg Janmar-Kernel Wars.mp4