Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Channel Details
![Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference](http://media.blackhat.com/bh-usa-06/bh-usa-06-itunes.jpg)
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year annive...
Recent Episodes
86 episodes
Tom Brosch and Maik Morgenstern: Runtime Packers: The Hidden Problem?
Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to the WildList as well as ad- and spyware is packed...
Marco M. Morana: Building Security into the Software Life Cycle, a Business Case
The times of designing security software as a matter of functional design are over. Positive security functional requirements do not make secure softw...
Rob Franco: Case Study: The Secure Development Lifecycle and Internet Explorer 7
Tony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will det...
Philip Trainor: The statue of liberty: Utilizing Active Honeypots for hosting potentially malicious Events.
The premise of the demonstration is there are no secure systems. Traffic that may have malicious intent, but has not yet caused problems in any publis...
Joanna Rutkowska: Rootkits vs Stealth by design Malware
The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta...
David Hulton & Dan Moniz: Faster Pwning Assured: Hardware Hacks and Cracks with FPGA's
This talk will go in-depth into methods for breaking crypto faster using FPGAs. FPGA's are chips that have millions of gates that can be programmed an...
Billy Hoffman: Analysis od Web application worms and Viruses
Worms traditionally propagate by exploiting a vulnerability in an OS or an underlying service. 2005 saw the release in the wild of the first worms tha...
Shawn Moyer: Defending Black Box Web Applications: Building an Open Source Web Security Gateway
Web apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an o...
Daniel Bilar: Automated Malware Classification/Analysis Through Network Theory and Statistics
Automated identification of malicious code and subsequent classification into known malware families can help cut down laborious manual malware analys...
Corey Benninger: Finding Gold in the Browser Cache
Looking for instant gratification from the latest client side attack? Your search may be over when you see the data that can be harvested from popular...
Panel: The Jericho Forum and Challenge
In the first half of this session, Paul Simmonds will present on behalf of the Jericho Forum taking participants through the initial problem statement...
Adrian Marinescu: Windows Vista Heap Management Enhancements - Security, Reliability and Performance
All applications and operating systems have coding errors and we have seen technical advances both in attack and mitigation sophistication as more sec...
Renaud BIDOU: IPS Short comings
Technologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and...
Alexander Tereshkin: Rootkits: Attacking Personal Firewalls
Usually, a personal firewall and an antivirus monitor are the only tools run by a user to protect the system from any malware threat with any level of...
Brendan O'Connor: Vulnerabilities in Not-So Embedded Systems
Printers, scanners, and copiers still have a reputation of being embedded systems or appliances; dumb machines that perform a specific, repetitive fun...
Dan Moniz & HD Moore: Six Degrees of XSSploitation
Social networking sites such as MySpace have recently been the target of XSS attacks, most notably the "samy is my hero" incident in late 2005. XSS af...
Stefan Frei and Dr. Martin May: The Speed of (In)security: Analysis of the Speed of Security vs. Insecurity
To be able to defend against IT security attacks, one has to understand the attack patterns and henceforth the vulnerabilities of the attached devices...
William B Kimball: Code Integration-Based Vulnerability Auditing
There is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. The tools and techniques used to automa...
Franck Veysset and Laurent Butti: Wi-Fi Advanced Stealth
Wireless stealth was somewhat expensive some years ago as we were required to use proprietary radios and so on… Thanks to increasingly flexible low-co...
Panel: Disclosure Discussion
Technology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree that working together rather than apa...
Noel Anderson and Taroon Mandhana: WiFi in Windows Vista: A Peek Inside the Kimono
Windows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who live with a laptop in easy reach, it’s going to have an ef...
Stephano Zanero: Host Based Anomaly Detection on System calls arguments
Traditionally, host-based anomaly detection has dealt with system call sequences, but not with system call arguments. We propose a prototype which is...
Greg Hoglund: Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design
Online games are very popular and represent some of the most complex multi-user applications in the world. World of Warcraft® takes center stage with...
Bruce Potter: Bluetooth Defense kit
In the last 3 years, Bluetooth has gone from geeky protocol to an integral part of our daily life. From cars to phones to laptops to printers, Blueto...
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0
The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technol...
Jonathan Squire: $30, 30 Minutes, 30 Networks
Have you ever walked into your local Global Mega Super Tech Store and wondered how cheaply you could build a device that could play your digital music...
Jeff Waldron: VOIP Security Essentials
The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. The practical uses of VoIP will be discussed...
Himanshu Dwivedi: I’m Going To Shoot The Next Person Who Says VLANs
Assessing and analyzing storage networks are key to protecting sensitive data at rest; however, the tools and procedures to protect such resources are...
Johnny Long: Secrets of the Hollywood Hacker
If you know good tech, you can smell bad tech from a mile away. Bad tech is the stuff that makes you laugh out loud in a theater when all the "normal"...
Abolade Gbadegesin : The NetIO Stack - Reinventing TCP/IP in Windows Vista
TCP/IP is on the front lines in defending against network attacks, from intrusion attempts to denial-of-service. Achieving resilience depends on facto...
Brian Caswell and HD Moore: Thermoptic Camoflauge: Total IDS Evasion
Intrusion detection systems have come a long way since Ptacek and Newsham released their paper on eluding IDS, but the gap between the attackers and t...
Peter Silberman: RAIDE: Rootkit Analysis Identification Elimination v 1.0
In the past couple years there have been major advances in the field of rootkit technology, from Jamie Butler and Sherri Sparks' Shadow Walker, to FU....
Claudio Merloni: The BlueBag: a mobile, covert Bluetooth attack and infection device
How could an attacker steal the phone numbers stored on your mobile, eavesdrop your conversations, see what you're typing on the keyboard, take pictur...
Billy Hoffman: Ajax (in)security
Ajax can mean different things to different people. To a user, Ajax means smooth web applications like Google Maps or Outlook Web Access. To a develop...
Tod Beardsley: Investigating Evil Websites with Monkeyspaw: The Greasemonkey Security Professional's Automated Webthinger
Monkeyspaw is a unified, single-interface set of security-related website evaluation tools. Implemented in Greasemonkey, its purpose is to automate se...
Tom Gallagher: Finding and Preventing Cross-Site Request Forgery
There is an often overlooked security design flaw in many web applications today. Web applications often take user input through HTML forms. When priv...
Chris Eng: Breaking Crypto Without Keys: Analyzing Data in Web Applications
How often have you encountered random-looking cookies or other data in a web application that didn‚t easily decode to human readable text? What did yo...
John Lambert: Security Engineering in Windows Vista
This presenation will offer a technical overview of the security engineering process behind Windows Vista. Windows Vista is the first end-to-end major...
Alexander Sotirov: Hotpatching and the Rise of Third-Party Patches
Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used b...
Dino Dai Zovi: Hardware Virtualization Based Rootkits
Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modificatio...