89 episodes

Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference‪.‬ Jeff Moss

    • Technology
    • 1.0 • 1 Rating

Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!

    Gadi Evron: Estonia: Information Warfare and Strategic Lessons

    Gadi Evron: Estonia: Information Warfare and Strategic Lessons

    In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population.

    Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks.

    Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space.

    Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded.

    • 1 hr 13 min
    HD Moore & Valsmith: Tactical Exploitation-Part 2

    HD Moore & Valsmith: Tactical Exploitation-Part 2

    Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework.

    REVIEWER NOTES: This is a monstrous presentation and will absolutely require the 150-minute time slot. For a smaller version of this presentation, please see my other submission (System Cracking with Metasploit 3). The goal of this presentation is to show some of the non-standard ways of breaking into networks, methods that are often ignored by professional pen-testing teams.

    • 1 hr 12 min
    Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)

    Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)

    RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...

    • 1 hr 13 min
    Alexander Sotirov: Heap Feng Shui in JavaScript

    Alexander Sotirov: Heap Feng Shui in JavaScript

    Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.

    This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allows an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities with great reliability and precision.

    This talk will begin with an overview of the current state of browser heap exploitation and the unreliability of many heap exploits. It will continue with a discussion of Internet Explorer heap internals and the techniques for JavaScript heap manipulation. I will present a JavaScript heap exploitation library that exposes an abstract heap manipulation API. Its use will be demonstrated by exploit code for two complex heap corruption vulnerabilities.

    The talk will focus on Internet Explorer exploitation, but the general technique presented is applicable to other browsers as well.

    • 1 hr 14 min
    Alfredo Ortega: OpenBSD Remote Exploit

    Alfredo Ortega: OpenBSD Remote Exploit

    OpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the OS and installs a user-mode process. Several other possible techniques of exploitation are described.

    • 56 min
    Andrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation.

    Andrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation.

    RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems.

    All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course. The system is increasingly being used around Europe and North America.

    The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TMC stream manipulating the information displayed by the satellite navigator.

    We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!).

    In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts.

    • 1 hr 6 min

Customer Reviews

1.0 out of 5
1 Rating

1 Rating

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
Acquired
Ben Gilbert and David Rosenthal
The Gatekeepers
BBC Radio 4
Mission Responsible
RS DesignSpark
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
In Her Ellement
Boston Consulting Group BCG