Podcast Black Hat Briefings terbaik (2024)

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
Jeff Moss and Roger Cumming: Welcome and Keynote. 57:43

17y ago57:43

57:43

Jeff Moss introduces the Keynote and welcomes everyone tthe Amsterdam 2007 conference! Roger will provide an overview of the work of CPNI in reducing vulnerability in information systems that form part of the UK. He will then challenge the community on a number of issues, including the development of the malicious market place, and the role securit…

1
Jeff Moss: Closing Speech ( English) 6:15

17+ y ago6:15

6:15

Closing ceremonies and speech given by Jeff Moss.Oleh Jeff Moss

1
Charl van der Walt: When the Tables Turn (English) 1:32:09

17+ y ago1:32:09

1:32:09

"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…

1
Jeff Moss and Panel: Welcome Speech and Security Panel (English ) 1:13:49

17+ y ago1:13:49

1:13:49

Jeff Moss welcomes delegates of the 2004 BlackHat Japan conference and introduces a panel of security experts for a Q&A.Oleh Jeff Moss and Panel

1
Joe Grand: Understanding the Hardware Security (English) 1:20:35

17+ y ago1:20:35

1:20:35

"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…

1
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English) 1:30:23

17+ y ago1:30:23

1:30:23

"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …

1
Raisuke Miyawaki: Keynote Speech (English) 48:17

17+ y ago48:17

48:17

" * Chairman, Ochanomizu Associates, Tokyo, Japan * Senior Advisor, Commission on Japanese Critical Infrastructure Protection * Research Counselor and Trustee, Institute for International Policy Studies, Tokyo * Vice President, Japan Forum for Strategic Studies Mr. Miyawaki is Japan's leading expert on the role of organized crime in Japan's economy…

1
Daiji Sanai and Hidenobu Seki: Optimized Attack for NTLM2 Session Response (Japanese) 53:03

17+ y ago53:03

53:03

"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…

1
Shunichi Arai: Thinking Techie's Social Responsibility - Lessons From Winny Case (Japanese) 51:46

17+ y ago51:46

51:46

"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…

1
Johnny Long: You Got that with Google?(English) 1:20:35

17+ y ago1:20:35

1:20:35

"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …

1
Chris Hurley: Identifying and Responding to Wireless Attacks (English) 1:04:09

17+ y ago1:04:09

1:04:09

"This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presen…

1
Kenneth Geers: Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) (English) 1:27:12

17+ y ago1:27:12

1:27:12

"Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think …

1
Dan Kaminsky: Black Ops Of TCP/IP 2005 (English) 1:21:18

17+ y ago1:21:18

1:21:18

"Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of techn…

1
Saumil Shah and Dave Cole: Adware/Spyware (English) 1:19:31

17+ y ago1:19:31

1:19:31

"The Business * Timeline?how did we get into this mess? * The players * How their business works * Legislative environment The Technology * Technical overview of different types of programs (taxonomy) * Describe how the programs function * How adware/spyware is installed * Hijacking the system * How it updates itself * Proven techniques to prevent …

1
Jeff Moss: Closing Speech (English ) 8:32

17+ y ago8:32

8:32

Closing ceremonies and speech given by Jeff Moss.Oleh Jeff Moss

1
Hideaki Ihara: Forensics in Japan (Japanese) 1:20:44

17+ y ago1:20:44

1:20:44

"In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character enco…

1
Hisamichi Okamura: Cybercrime Treaty and Legal Environment of Japanese Computer Crime and Laws(Japanese) 47:48

17+ y ago47:48

47:48

Cybercrime Treaty and Legal Environment of Japanese Computer Crime and LawsOleh Hisamichi Okamura

1
Jeff Moss: Closing Speech (Japanese) 6:08

17+ y ago6:08

6:08

Closing ceremonies and speech given by Jeff Moss.Oleh Jeff Moss

1
Michael Sutton and Adam Greene: The Art of File Format Fuzzing (English) 49:04

17+ y ago49:04

49:04

"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern.…

1
Sherri Sparks and Jamie Butler: "Shadow Walker" Raising The Bar For Rootkit Detection (English) 53:33

17+ y ago53:33

53:33

"Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly…

1
Charl van der Walt: When the Tables Turn (Japanese) 1:31:56

17+ y ago1:31:56

1:31:56

"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…

1
Chris Eagle: Attacking Obfuscated Code with IDA Pro-(Partial Japanese) 32:28

17+ y ago32:28

32:28

"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …

1
Katsuya Uchida: Keynote: The Day After... (Japanese) 1:09:15

17+ y ago1:09:15

1:09:15

"ARPANET was established in 1968. In 1971, "creeper"programmed by Bob Thomas moved from computer to computer on ARPANET and displayed on each user's screen "I'm the creeper. Catch me if you can!". Xerox PARC set up the ethernet in 1973 since researchers were interested in the concept of "distributed processing". They were testing programs whose fun…

1
Johnny Long: You Got that With Google? (Japanese) 1:28:17

17+ y ago1:28:17

1:28:17

"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …

1
David Litchfield: Oracle PLSQL Injection ( English ) 54:21

17+ y ago54:21

54:21

"David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software comp…

1
Satoru Koyama: Botnet survey result. "Our security depends on your security." (Japanese) 1:18:14

17+ y ago1:18:14

1:18:14

"Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets.However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found duri…

1
Jeremiah Grossman: Phishing with Super Bait (English) 1:05:44

17+ y ago1:05:44

1:05:44

"The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It?s imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information.This isn't just another presentation about phishing scams or cross-site scripting. We?re all very f…

1
Shunichi Arai: Thinking Techie's Social Responsibility - Lessons From Winny Case (English) 52:21

17+ y ago52:21

52:21

"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…

1
Daiji Sanai and Hidenobu Seki: Optimized Attack for NTLM2 Session Response (English) 51:51

17+ y ago51:51

51:51

"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…

1
Yuji Ukai: Environment Dependencies in Windows Exploitation(Japanese) 41:58

17+ y ago41:58

41:58

"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerab…

1
Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication(English) 2:24:57

17+ y ago2:24:57

2:24:57

"Security professionals see the compromise of networked systems on a day to day basis. It's something they've come to expect. The blatant exploitation of operating systems, applications, and configurations is a common event and is taken into account by most security engineers. But a different type of security compromise threatens to crumble the und…

1
Gerhard Eschelbeck: The Laws of Vulnerabilities (English) 1:22:25

17+ y ago1:22:25

1:22:25

"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, a…

1
Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests (English) 1:24:38

17+ y ago1:24:38

1:24:38

"With the cost of security experts increasing each year, it is expensive to audit critical systems as often as is needed. Worse yet, it is difficult to know how much to trust the reports since the worst consultants give the most positive answers. In order to address this problem, Caezar proposes a system for ranking the merit of security experts al…

1
Dominique Brezinski: A Paranoid Perspective of an Interpreted Language (English) 1:16:22

17+ y ago1:16:22

1:16:22

"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not gua…

1
Ejovi Nuwere: The Art of SIP fuzzing and Vulnerabilities Found in VoIP (English) 50:13

17+ y ago50:13

50:13

"This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors.The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches f…

1
David Maynor: Architecture Flaws in Common Security Tools (English) 1:09:42

17+ y ago1:09:42

1:09:42

"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TC…

1
Joe Grand: Understanding the Hardware Security (Japanese) 1:28:17

17+ y ago1:28:17

1:28:17

"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…

1
Philip R. Zimmermann: The Unveiling of My Next Big Project 50:49

18y ago50:49

50:49

Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any…

1
Alex Wheeler and Neel Mehta: Owning Anti-Virus: Weaknesses in a Critical Security Component 1:05:10

18y ago1:05:10

1:05:10

AV software is becoming extremely popular because of the its percieved protection. Even the average person is aware they want AV on their computer (see AOL, Netscape, Netzero, Earthlink, and other ISP television ads). What if: Instead of protecting ppl from hackers AV software was actually making it easier for hackers? This talk will outline genera…

1
Adam L. Young: Building Robust Backdoors In Secret Symmetric Ciphers 48:55

18y ago48:55

48:55

This talk will present recent advances in the design of robust cryptographic backdoors in secret symmetric ciphers (i.e., classified or proprietary ciphers). The problem directly affects end-users since corporations and governments have in the past produced secret symmetric ciphers for general use (e.g., RC4 and Skipjack, respectively). The problem…

1
Paul Vixie: Preventing Child Neglect in DNSSEC-bis using Lookaside Validation 1:15:01

18y ago1:15:01

1:15:01

Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. Early in his career, he developed and introduced sends, proxynet, rtty, cron and other lesser-known tools. Today, Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name …

1
Andrew van der Stock: World Exclusive - Announcing the OWASP Guide To Securing Web Applications and Services 2.0 53:49

18y ago53:49

53:49

After three years of community development, the Open Web Application Security Project (OWASP) is proud to introduce the next generation of web application security standards at BlackHat USA 2005. The Guide to Securing Web Applications and Services 2.0 is a major new release - written from the ground up, with many new sections covering common and em…

1
Eugene Tsyrklevich: Ozone HIPS: Unbreakable Windows 1:16:57

18y ago1:16:57

1:16:57

Windows is the number one target on the Internet today. It takes less than 5 minutes for an unpatched Windows machine, connected to the Internet, to get owned. Yet the most prevalent security practices still consist of running anti-viruses and constant patching. This presentation introduces a new tool, called Ozone, that is designed to protect agai…

1
Michael Sutton and Adam Greene: The Art of File Format Fuzzing 43:18

18y ago43:18

43:18

In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. …

1
spoonm and skape: Beyond EIP 30:38

18y ago30:38

30:38

When we built Metasploit, our focus was on the exploit development process. We tried to design a system that helped create reliable and robust exploits. While this is obviously very important, it's only the first step in the process. What do you do once you own EIP? Our presentation will concentrate on the recent advancements in shellcode, IDS/fire…

1
Alex Stamos and Scott Stender: Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps 1:12:18

18y ago1:12:18

1:12:18

Web Services represent a new and unexplored set of security-sensitive technologies that have been widely deployed by large companies, governments, financial institutions, and in consumer applications. Unfortunately, the attributes that make web services attractive, such as their ease of use, platform independence, use of HTTP and powerful functiona…

Podcast Layak Disimak

Black Hat Briefings Podcast

Podcast Layak Disimak

Panduan Referensi Cepat