Skip to main content

Blackhat Vegas 2007

Blackhat

Blackhat is a security conference held yearly in Las Vegas (with other associated events around the world). This is a collection of presentations given at Blackhat 2007.



rss RSS

89
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Blackhat Vegas 2007
by Chris Wysopal and Chris Eng
movies

eye 86

favorite 0

comment 0

Backdoors are a method of bypassing authentication or other security controls in order to access a computer system or the data contained on that system. Backdoors can exist at the system level, in a cryptographic algorithm, or within an application. This video will concentrate on application backdoors which are embedded within the code of a legitimate application.
Topics: backdoors, malware, crypto
Blackhat Vegas 2007
by Ero Carrera
movies

eye 248

favorite 0

comment 0

2007 BlackHat Vegas-V92-Carrera-4x5 Reverse Engineering Automation.mp4
Topics: python, reverse engineering
Blackhat Vegas 2007
by Chris Paget
movies

eye 138

favorite 0

comment 0

If you’re using 125KHz Prox, your doors are highly insecure.
Topics: rfid, security
Blackhat Vegas 2007
by John Heasman
movies

eye 97

favorite 0

comment 0

Thistalkisaboutrootkitpersistence - i.e. how to deploy a rootkit from the BIOS/EFI
Topics: bios, efi, firmware
Blackhat Vegas 2007
movies

eye 34

favorite 0

comment 0

2007 BlackHat Vegas-V22-Byrne-Anti-DNS Pinning.mp4
Blackhat Vegas 2007
by Shawn Moyer
movies

eye 62

favorite 0

comment 0

My first exposure to buffer overflows, like much of my introduction to the security field, was while working for a small ISP and consulting shop in the 90’s. Dave, who was building a security practice, took me under his wing. I was a budding Linux geek, and I confessed an affinity for Bash. After a brief lecture about the finer points of tcsh, Dave borrowed my laptop running Slackware, and showed me the Bash overflow in PS1, found by Razvan Dragomirescu. This was a useful demonstration in...
Topics: overflows, countermeasures, canaries, sanity checks
Blackhat Vegas 2007
by Justin N. Ferguson
movies

eye 383

favorite 0

comment 0

Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This paper examines a flaw that was found in several popular implementations of the GSS-API as a method for elaborating upon the true beauty of data structure exploitation. This paper focuses on the dynamic memory management implementation provided by the GNU C library, particularly ptmalloc2 and...
Topics: heap, metadata, exploitation, memory management
Blackhat Vegas 2007
by Thomas Ptacek & Nate Lawson
movies

eye 98

favorite 0

comment 0

2007 BlackHat Vegas-V18-Ptacek-Ferrie-Lawson-Dont Tell Joanna.mp4
Topic: rootkits
2007 BlackHat Vegas-V59-Granick-Disclosure Intellectual property Law.mp4
Blackhat Vegas 2007
by Joe Stewart
movies

eye 77

favorite 0

comment 0

The Microsoft Windows kernel has included code to allow developers to debug the kernel itself since its inception, although until now, it required use of the freely-available but proprietary windb program to take advantage of it.
Topics: kernel, windb, perl, debug
Blackhat Vegas 2007
movies

eye 21

favorite 0

comment 0

2007 BlackHat Vegas-V29-Hoffman-Terrill-Hybrid Web Worm.mp4
Blackhat Vegas 2007
by David Maynor and Robert Graham
movies

eye 64

favorite 0

comment 0

Instead of reverse engineering vulnerabilities to find 0day, hackers can now reverse security products. More and more companies are buying and commercializing 0day vulnerabilities and exploits. This includes offensive hacking toolkits, and also defensive products like vulnerability assessment appliances, intrusion detection systems, and intrusion-prevention systems. In this paper, we will demonstrate that it’s possible to crack open a defensive product in order to get its 0day information....
Topics: exploits, security
Blackhat Vegas 2007
movies

eye 50

favorite 0

comment 0

2007 BlackHat Vegas-V79-Dempster-VOIP Security.mp4
Blackhat Vegas 2007
movies

eye 25

favorite 0

comment 0

2007 BlackHat Vegas-V6-Schneider-Reflective DNS Poison.mp4
Blackhat Vegas 2007
movies

eye 81

favorite 0

comment 0

Why a hypervisor? * Thin, low level microkernel * Eliminates ring compression * Runs guest operating systems w/o modification Adds defense in depth * Leverage current & future hardware * Scalability
Topics: hypervisor, scalability, microkernel
Blackhat Vegas 2007
by Ariel Waissbein and Damian Saura
movies

eye 71

favorite 0

comment 0

Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where ex- pected, for example, they may allow to add data in a column of the database but not to view the complete contents of this column. We will describe a new...
Topics: dynamic content, database, timing attack
Blackhat Vegas 2007
movies

eye 26

favorite 0

comment 0

2007 BlackHat Vegas-V75-Tsyrklevich-Open ID-SSO.mp4
Blackhat Vegas 2007
movies

eye 40

favorite 0

comment 0

2007 BlackHat Vegas-V27-Feinstein-Peck-CaffeineMonkey.mp4
Blackhat Vegas 2007
by Krishna Kurapati
movies

eye 76

favorite 0

comment 0

Voice over Internet Protocol (VoIP) is successfully driving rapid migration of communications technology from traditional PSTN to IP network. The main reasons behind this success are benefits of VoIP including cost savings, business continuity, and increased productivity. Consequently, several free as well as commercial VoIP products and solutions including complete IP communications solutions commonly known as unified communications are available. Unified communications, as the name suggests,...
Topics: VoIP, security, dual-mode, spoofing
Blackhat Vegas 2007
by Jon Callas, Raven Alder, Riccardo Bettati and Nick Mathewson
movies

eye 48

favorite 0

comment 0

Traffic Analysis - The most powerful and least understood attack methods.
Topics: traffic analysis, attack methods
Blackhat Vegas 2007
by Kevvie Fowler
movies

eye 228

favorite 0

comment 0

Why are databases critical assets? * Databases hold critical information * Industry trends are scaling in versus out * Database servers today hold more sensitive information than ever before * Data security legislations & regulations dictate that security breaches must be reported * Database security breaches are “Front Page” news
2007 BlackHat Vegas-V28-Snyder-Shaver-Building and Breaking Browser.mp4
2007 BlackHat Vegas-V56-Schmiedl-Spindel-Stregths-Weakness ACS.mp4
Blackhat Vegas 2007
movies

eye 37

favorite 0

comment 0

2007 BlackHat Vegas-V4-Del Moral Talabis-Security Analytics.mp4
Blackhat Vegas 2007
by Bryan Sullivan and Billy Hoffman
movies

eye 39

favorite 0

comment 0

In order to make partial page updates more useful, it can be worthwhile to increase the granularity of your server-side functions. It would be pointless to expose a single, lengthy “Do-It” operation that provides no user feedback while it is processing. Providing a more finely-grained server API also helps third party websites to create effective mashups from your application. On the other hand, attackers can easily subvert the intended application workflow and call functions out of order,...
Topics: ajax, server APIs
Blackhat Vegas 2007
movies

eye 23

favorite 0

comment 0

2007 BlackHat Vegas-V51-Christy-Panel-Meet the Fed.mp4
Blackhat Vegas 2007
by HD Moore and Valsmith
movies

eye 45

favorite 0

comment 0

Penetration testing often focuses on individual vulnerabilities and services. This paper describes a tactical approach that does not rely on exploiting known flaws. The first section of this paper covers information gathering and discovery techniques, with a concentration on third-party services and new tools. The second section of this paper combines the information discovery techniques in the first section with various protocol and implementation weaknesses, in order to provide clear steps...
Topics: penetration, information gathering
Blackhat Vegas 2007
by HD Moore and Valsmith
movies

eye 98

favorite 2

comment 0

Penetration testing often focuses on individual vulnerabilities and services. This paper describes a tactical approach that does not rely on exploiting known flaws. The first section of this paper covers information gathering and discovery techniques, with a concentration on third-party services and new tools. The second section of this paper combines the information discovery techniques in the first section with various protocol and implementation weaknesses, in order to provide clear steps...
Topics: penetration, vulnerabilities, services
Blackhat Vegas 2007
movies

eye 101

favorite 1

comment 0

According to the Apple website, “Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.” Of course, the Month of Apple Bugs and the flurry of activity after the release of Safari for Windows showed that Macs are just as susceptible to vulnerabilities as other operating systems. Arguably, two factors keep the number of announced vulnerabilities on Mac OS X low: the lack of researchers interested...
Topics: osx, security, exploits
Blackhat Vegas 2007
by Mark Vincent Yason
movies

eye 223

favorite 0

comment 0

Packers are one of the most interesting puzzles to solve in the Reverse Engineering field. Packers are created to protect legitimate applications, but they are also used by malcode. Over time, new anti-reversing techniques are integrated into packers. Meanwhile, researchers on the other side of the fence find ways to break/bypass these protections... it is a mind game. Anti-reversing techniques are also interesting because a lot of knowledge about Windows internals are gained.
Topics: packers, debugger detection, breakpoint
Blackhat Vegas 2007
movies

eye 39

favorite 0

comment 0

2007 BlackHat Vegas-V34-Meer-Slaviero-All about the Timing.mp4
Blackhat Vegas 2007
by Stephen Patton
movies

eye 61

favorite 0

comment 0

It is hard to deny the booming popularity of social networking sites, the type of sites that facilitate a high degree of user personalization, and user intercommunication. While yearly growth in the largest sites may have started to slow, there is evidence that growth is accelerating in communities that have previously not had a high degree of social networking site use.
Topics: social networks, data mining
Blackhat Vegas 2007
movies

eye 37

favorite 0

comment 0

2007 BlackHat Vegas-V10-Mcdonald-Longhorn Server Foundation.mp4
Blackhat Vegas 2007
by Joanna Rutkowska and Alexander Tereshkin
movies

eye 72

favorite 0

comment 0

Digital signatures for kernel-mode software are an important way to ensure security on computer systems.
Topics: kernel, digital signatures
Blackhat Vegas 2007
movies

eye 33

favorite 0

comment 0

2007 BlackHat Vegas-V71-Dowd-Mcdonald-Mehta-Breaking C.mp4
2007 BlackHat Vegas-V42-Palmer-Newsham-Stamos-Breaking Forensic.mp4
2007 BlackHat Vegas-V44-DeMott-Enbody-Punch-Grey-box Attack Testing.mp4
Blackhat Vegas 2007
movies

eye 42

favorite 0

comment 0

2007 BlackHat Vegas-V9-Wroblewski-Reversing MSRC Updates.mp4
Blackhat Vegas 2007
movies

eye 32

favorite 0

comment 0

2007 BlackHat Vegas-V78-Zimmerman-Z-Phone.mp4
Blackhat Vegas 2007
movies

eye 20

favorite 0

comment 0

2007 BlackHat Vegas-V14-Panel-Meet The VCs.mp4
2007 BlackHat Vegas-V76-Monti-Moniz-Defeating Information Leak Prevention.mp4
Blackhat Vegas 2007
movies

eye 56

favorite 0

comment 0

2007 BlackHat Vegas-V57-DeHaas-Side Channel Attacks-DPA.mp4
Blackhat Vegas 2007
by Luis Miras
movies

eye 44

favorite 0

comment 0

There have been numerous papers and attacks done on mainstream wireless technologies. These technologies would include 802.11, Bluetooth, and Cellular. There are many RF devices that don't operate using the above protocols and standards. These devices are built using cheaper more cost effective chips. Many of the chips can only perform one way communication. These devices include wireless RF presenters, mice, and keyboards. They operate on various bands such as 27 MHz, 900 MHz, and 2.4 GHz.
Topics: wireless, bluetooth, wifi, 802.11, attacks
Blackhat Vegas 2007
movies

eye 27

favorite 0

comment 0

2007 BlackHat Vegas-V47-Chess-Fay-Kureha-West-Iron Chef.mp4
Blackhat Vegas 2007
movies

eye 44

favorite 0

comment 0

2007 BlackHat Vegas-V32-Chenette-Joseph-Defeating Web Browser.mp4
Blackhat Vegas 2007
by Paul Vincent Sabanal
movies

eye 229

favorite 0

comment 0

2007 BlackHat Vegas-V72-Yason-Sabanal-Reversing C.mp4
Blackhat Vegas 2007
by Pedram Amini and Aaron Portnoy
movies

eye 101

favorite 0

comment 0

There are a number of available specialized fuzzing utilities which target many common and documented network protocols and file formats. These fuzzers exhaustively iterate through a designated protocol and can be used across the board to stress test a variety of applications that support that protocol. For instance, the same specialized SMTP fuzzer could be used against a variety of e-mail transfer programs such as Microsoft Exchange, Sendmail, qmail, etc. Other “dumb” fuzzers take a more...
Topics: fuzzing, protocols, stress test
Blackhat Vegas 2007
by Ezequiel D. Gutesman and Ariel Waissbein
movies

eye 54

favorite 0

comment 0

Web application security and privacy became a central concern among the security community. The problems that are faced once an application is compromised necessarily demands special attention. The emerging programming languages, which allow unexperienced users to quickly develop applications, still fail to introduce mechanisms for preventing the aforementioned attacks. We introduce a technique for enhancing the security and privacy for a web-based solution, by augmenting its execution...
Topics: web security, privacy, thwart attack
Blackhat Vegas 2007
movies

eye 30

favorite 0

comment 0

2007 BlackHat Vegas-V7-Morin-Type Conversion Errors.mp4
Blackhat Vegas 2007
movies

eye 33

favorite 0

comment 0

2007 BlackHat Vegas-V62-Belani-Jones-Smoke em Out.mp4
Blackhat Vegas 2007
by Richard Clarke, Tony Sager and Bruce Schneier
movies

eye 79

favorite 0

comment 0

Keynote Presentation - A Story About Digital Security in 2017.
Topics: keynote presentation, blackhat, vegas
Blackhat Vegas 2007
by Jonathan Lindsay
movies

eye 114

favorite 0

comment 0

Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Although a lot of research has been conducted into exploiting bugs in user mode code for privilege escalation within the operating system defined boundaries as well as what can be done if one has arbitrary supervisor access (typically related to modern root kit work), not a great deal of research has...
Topics: kernel, supervisor, APIs, fuzzing
Blackhat Vegas 2007
by David Litchfield
movies

eye 118

favorite 0

comment 0

There are 0 (zero) database-specific forensic analysis and incident response tools on the market – free or commercial.
Topics: database security, forensic analysis
Blackhat Vegas 2007
movies

eye 32

favorite 0

comment 0

2007 BlackHat Vegas-V60-Geers-Greetz from room 101.mp4
2007 BlackHat Vegas-VK2-Keynote-Sager.mp4
Blackhat Vegas 2007
by Dr. Neal Krawetz
movies

eye 160

favorite 0

comment 0

Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is real? Is it computer generated or modified? In a world where pictures are more influencial than words, being able to distinguish fact from fiction in a systematic way is essential. This...
Topics: images, JPEG, digital authentication, wavelet transformations
Blackhat Vegas 2007
movies

eye 97

favorite 0

comment 0

New research has revealed that even if JavaScript has been disabled or restricted, some of the now popular attack techniques — such as Browser Intranet Hacking, Port Scanning, and History Stealing—can still be perpetrated. From an enterprise security perspective, when users are visiting “normal” public websites (including Web mail, blogs, social networks, message boards, news, etc.), there is a growing probability that their browser might be silently hijacked by a hacker and exploited...
Topics: javascript, exploits, port scanning
Blackhat Vegas 2007
movies

eye 64

favorite 0

comment 0

2007 BlackHat Vegas-V50-Evron-Estonia-Information Warfare.mp4
Blackhat Vegas 2007
movies

eye 29

favorite 0

comment 0

2007 BlackHat Vegas-V65-Perry-Securing the Tor Net.mp4
Blackhat Vegas 2007
movies

eye 36

favorite 0

comment 0

2007 BlackHat Vegas-V70-Pierce-PyEmu.mp4
Blackhat Vegas 2007
by Damiano Bolzoni and Emmanuel Zambon
movies

eye 68

favorite 0

comment 0

2007 BlackHat Vegas-V89-Bolzoni-Zambon-Sphinx.mp4
Blackhat Vegas 2007
movies

eye 34

favorite 0

comment 0

2007 BlackHat Vegas-V24-Hill-Message Oriented Madness.mp4
Blackhat Vegas 2007
by Peter Thermos
movies

eye 72

favorite 0

comment 0

How do we secure NGN /VoIP networks and conclusions.
Topics: VoIP, security, transparent weaknesses
Blackhat Vegas 2007
by Dave G. and Jeremy Rauch
movies

eye 50

favorite 0

comment 0

HTTP/HTTPS dominates in the normal world for “general” application use – Finance world is made up of all sorts of weird protocols
Topics: finance protocols, http, https
Blackhat Vegas 2007
movies

eye 36

favorite 0

comment 0

2007 BlackHat Vegas-V41-Butler-Kendall-Blackout.mp4
Blackhat Vegas 2007
movies

eye 49

favorite 0

comment 0

This report examines the security implications of Teredo. Teredo is a platform-independent protocol developed by Microsoft®, which is enabled by default in Windows VistaTM. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some security concerns. Primary concerns include bypassing security controls, reducing defense in depth, and...
Topics: windows, vista, tunneling, ipv4, ipv6
Blackhat Vegas 2007
movies

eye 38

favorite 0

comment 0

2007 BlackHat Vegas-V55-Laurie-RFIDIOTS.mp4
Blackhat Vegas 2007
by Bruce Schneier
movies

eye 62

favorite 0

comment 0

Security is both a feeling and a reality. And they’re not the same. The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures. We can calculate how secure your home is from burglary, based on such factors as the crime rate in the neighborhood you live in and your door-locking habits. We can calculate how likely it is for you to be murdered, either on the streets by a stranger or in your home by a family member. Or...
Topics: security, countermeasures
Blackhat Vegas 2007
movies

eye 26

favorite 0

comment 0

2007 BlackHat Vegas-V73-Kaminsky-Black Ops 2007.mp4
Blackhat Vegas 2007
by Mikko Hypponen
movies

eye 56

favorite 0

comment 0

Smartphones rock. However, smartphones can get infected as well. Mobile phone viruses are not science fiction. As cell phones have evolved into smartphones capable of downloading programs from the internet and sharing software with one another through short-range Bluetooth connections, worldwide multimedia messaging service (MMS) communications and memory card slots, these new capabilities have created a platform for new kinds of viruses as well.
Topics: smartphones, bluetooth, virus
Blackhat Vegas 2007
by Len Sassaman
movies

eye 126

favorite 0

comment 0

Over the last several decades, there have been numerous systems proposed which aim to preserve the anonymity of the recipient of some data. Some have involved trusted third-parties or trusted hardware; others have been constructed on top of link-layer anonymity systems or mix networks. Pseudonymous messaging services allow users to send messages that originate at a pseudonymous address (or “nym”) unlinked to the user, and to receive mes- sages sent to that address, without allowing an...
Blackhat Vegas 2007
by Alexander Sotirov
movies

eye 343

favorite 0

comment 0

The exploitation of heap corruption vulnerabilities on the Windows platform has become increasingly more difficult since the introduction of XP SP2. Heap protection features such as safe unlinking and heap cookies have been successful in stopping most generic heap exploitation techniques. Methods for bypassing the heap protection exist, but they require a great degree of control over the allocation patterns of the vulnerable application. This video introduces a new technique for precise...
Topics: javascript, heap, browser
Blackhat Vegas 2007
by Nick Harbour
movies

eye 74

favorite 0

comment 0

The ability to execute a program directly from memory greatly enhances its stealth. The first such technique was devised by Gary Nebbett in December 2000. It is referred to as Nebbett’s Shuttle. This technique was windows specific and utilizes the Win32 API as well as internal windows functions to accomplish its purpose.
Topics: memory, security
Blackhat Vegas 2007
by Zane Lackey and Alex Garbutt
movies

eye 57

favorite 0

comment 0

2007 BlackHat Vegas-V2-Lackey-Garbutt-Point Click RTPinject.mp4
Topics: RTP, inject
Blackhat Vegas 2007
movies

eye 35

favorite 0

comment 0

2007 BlackHat Vegas-V68-Quist-Valsmith-Covert Debugging.mp4