Black Hat Announcements Black Hat Digital Self Defense. Black Hat provides cutting edge content in the information and computer security field. Keep up to date with Black Hat presentations, announcements, and free content. https://www.blackhat.com/ Black Hat Briefings and Training News (c)2009 Black Hat en-us Wed, 10 Mar 2010 08:30:14 -0800 [email protected] (Jeff Moss) Wed, 10 Mar 2010 08:27:14 -0800 [email protected] (Jeff Moss) FeedForAll Mac v2.1 (2.1.0.1); http://www.FeedForAll.com/ https://www.blackhat.com/podcast/blackhat-podcast-logo.png Black Hat Announcements https://www.blackhat.com/ Black Hat RSS 16 16 Black Hat USA 2010 Training: Pentesting with Backtrack by Offensive Security This intense four day hands on course is taught by the creators of Backtrack. The course has sold out by June with double digit waitlist every year that we have offered the course. This will be our third year and it is 25% full in the first week of registration. If you are interested in taking the course, register by April 1 to get the best pricing. And a guaranteed seat. https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_OFF-PenTestBackTrack.html 526D4442-6699-421B-A5E2-66DAD1824F18-79998-0002177746B1090D-FFA Wed, 10 Mar 2010 08:30:10 -0800 Black Hat USA 2010 Training: Application Security: For Hackers and Developers By the end of this course, you will be able to: research and develop an exploit from scratch by auditing code or fuzzing an application, reverse engineering the issue, and developing a exploit for the vulnerability you discovered. This knowledge will help developers produce better code, and will help security researchers or malware analysts in their daily tasks https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_cs-as.html 68EB9606-F269-440E-A37E-68B6765DAE66-79998-0001D4C645C216CA-FFA Tue, 09 Mar 2010 12:03:47 -0800 Black Hat USA 2010 Training: Assaulting IPS Learn to be become a skilled and knowledgeable IPS tester. https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_cstb-ips.html DC67DEC4-BF71-4CF2-91A0-A09F752760C1-77936-0001C935B57E5198-FFA Tue, 09 Mar 2010 08:31:11 -0800 Free Black Hat March Webcast - Pen Testing the Web with Firefox by Michael Schearer ("theprez98") To register for this month's webcast visit: <a href="https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html" target="blank">https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html</a><br> https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html%0Attp://www.blackhat.com/html/webcast/webcast-2010_auditassess.html 9C0ECE29-B2BE-477A-AFF4-9B6FE57BC341-21818-000084AB52FDE127-FFA Thu, 04 Mar 2010 14:57:25 -0800 Black Hat USA 2010 Registration Now Open! The Super Early Bird Rate closes on April 1. https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html A87BCE11-2B27-4C8C-B7AF-6B02643860ED-18104-000070C7C774E93D-FFA Wed, 03 Mar 2010 11:24:48 -0800 Black Hat USA 2010 Call for Papers Closes May 1 Call for Papers for US 2010 is now open. Submit early since we had over 400 submissions last year for 90 speaking slots. https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html AAFCB2AC-AA4C-4955-BC06-160FD42FDBD4-18104-000070B5B06FE894-FFA Wed, 03 Mar 2010 11:24:14 -0800 Black Hat Europe 2010 Call for Papers Closes March 1 We have just completed our first round of selections for Europe (to be posted by the end of the week). If you are interested in presenting in Barcelona, best to get those submissions in! https://www.blackhat.com/html/bh-eu-10/registration/bh-eu-10-cfp.html 8E85B1D1-7D42-464C-B9B6-C194078C7DCC-10967-00049BF2DB13E81A-FFA Tue, 16 Feb 2010 10:10:12 -0800 Feb 18 Webcast Sign up for the Feb 18th Webcast, receive EUR 150 off Black Hat Europe 2010 Briefings Registration. http://bit.ly/dpOSf6 1E518AE9-B305-4A27-B6A0-4EBD1D4F2CD6-65545-0004400A76F6196B-FFA Thu, 11 Feb 2010 13:27:07 -0800 Black Hat DC 2010 - News - Security chip that does encryption in PCs hacked Chris Tarnovsky's DC 2010 presentation has been written up by the <a href="http://tiny.cc/rPPwL">Associated Press</a>. https://www.blackhat.com/html/bh-dc-10/bh-dc-10-archives.html#Tarnovsky 366E453F-9EED-4E25-8DE1-E2CF8307791C-65472-00039F8FE3C0613B-FFA Tue, 09 Feb 2010 12:32:08 -0800 Black Hat DC Keynote We would like to announce that Gregory Schaffer, U.S. Department of Homeland Security (DHS) Secretary Janet Napolitano appointed Greg Schaffer as Assistant Secretary for Cybersecurity and Communications https://www.blackhat.com/html/bh-dc-10/bh-dc-10-keynote.html E26F8AB6-8D44-4B01-92C3-ED616A1DC02E-66903-00016D3CE3272F6C-FFA Thu, 21 Jan 2010 07:04:29 -0800 Black Hat Europe 2010 Registration Now Open Registration for Black Hat Europe 2010 Briefings & Training is now open. The Super Early rate closes on February 1. https://www.blackhat.com/html/bh-eu-10/registration/bh-eu-10-registration.html 418B282D-B869-49A6-BADE-7479B8C8A054-75093-00019DC4EF75D396-FFA Wed, 20 Jan 2010 08:20:53 -0800 Black Hat DC Reminder: Regular registration rate ends January 15 Register early to save $500 from the onsite rate. https://www.blackhat.com/html/bh-dc-10/registration/bh-dc-10-registration.html D61D3619-6341-4245-AAA2-E1AD7753DEFA-21155-00009ADA635D1EB2-FFA Thu, 07 Jan 2010 12:03:38 -0800 Black Hat DC 2010 Hotel - Group Rate Extended Black Hat DC 2010 will be held at the Hyatt Regency Crystal City. The Group Rate has been extended to January 18. Last year we sold out. Reserve early and have the convenience of staying at the venue hotel. https://www.blackhat.com/html/dc2010/dc2010-venue.html A5FAE72F-F6F5-419B-8C45-66027B819EC0-21031-00009A4FB0B38047-FFA Thu, 07 Jan 2010 11:52:54 -0800 Official Announcement: Black Hat Abu Dhabi 2010 Black Hat is proud to announce its first ever event in Abu Dhabi. The event will host top-tier public and private sector security professionals from the Middle-East region as well as industry researchers and underground hackers from around the world to dissect the latest in information security. For more information visit <a href="https://www.blackhat.com">www.blackhat.com.</a> https://www.blackhat.com 259E0095-1637-4D7E-BD69-457B97FFC8B2-16359-00006E291FBC3C90-FFA Wed, 16 Dec 2009 12:56:13 -0800 Black Hat DC 2010 Early Bird Registration Save $200 by registering by December 15! https://www.blackhat.com/html/bh-dc-10/registration/bh-dc-10-registration.html 05037A48-BB7E-423E-A241-114A6D9BEB3C-737-00000E2B2B062C20-FFA Mon, 14 Dec 2009 13:50:48 -0800 Visit the Black Hat booth during the Dec 9th virtual event and have access to all 2009 Black Hat event presentations. If you missed a chance to see one of the Black Hat presentations from our 2009 events, visit the Black Hat boot at the Dec 9th virtual event. You will have access to view all of the recorded presentations from DC, EU and USA 2009. <a href="http://tiny.cc/6K8rn " target="blank">Register now!</a> https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001916&K=2MLJ C372ADCB-FADB-4FF0-9254-5BB4564F3207-57267-000190C153A20174-FFA Tue, 08 Dec 2009 15:07:43 -0800 Register for the Dec 9th Virtual Event & Save $250 for Black Hat DC 2010 Briefings Black Hat and Dark Reading are hosting their first-ever joint virtual event, exploring the security landscape for the next ten years – and how you can prepare for what lies ahead - today. In addition, Black Hat will host its annual DC event and as a special offer, if you register for the free upcoming virtual event on Dec 9th you will receive a $250 discount* to Briefings. Visit the <a href="https://www.blackhat.com/html/virtual2009/virtual2009-promo.html">promo page</a> to learn more. https://www.blackhat.com/html/virtual2009/virtual2009-promo.html D9D4A7BE-AE7C-41A2-81A5-D84C2433F135-55038-00018289FE675BAE-FFA Tue, 08 Dec 2009 10:54:09 -0800 Black Hat DC 2010 Hotel - Group Rate Available Black Hat DC 2010 will be held at the Hyatt Regency Crystal City. The Group Rate closes on January 7. Last year we sold out. Reserve early and have the convenience of staying at the venue hotel. https://www.blackhat.com/html/dc2010/dc2010-venue.html B1EC944C-7DA8-4F3C-A81A-C6821A5047B6-54918-000181CB0876682C-FFA Tue, 08 Dec 2009 10:38:51 -0800 Black Hat & Dark Reading Virtual Event December 9th - IT Security The Next Decade InformationWeek’s Dark Reading and Black Hat come together for their first-ever joint security <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&amp;F=1001916&amp;K=2MLJ">virtual event</a>, exploring the security landscape for the next ten years – and how you can prepare for what lies ahead - today.&nbsp; https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001916&K=2MLJ CC7DF448-CE38-4CD6-8212-BBF4BA36EBEA-78733-0001B1CECBDC7C66-FFA Thu, 03 Dec 2009 10:03:58 -0800 Black Hat DC 2010 Briefings Call for Papers - Last Day to Submit Deadline for submissions is today, December 1. https://www.blackhat.com/html/bh-dc-10/bh-dc-10-cfp.html E3BC133E-5726-4471-A065-1D9487B675FC-62315-000157A2454DBD0B-FFA Tue, 01 Dec 2009 11:46:32 -0800 Black Hat DC 2010 Speakers Selected - Round 1 First round of Black Hat DC 2010 speakers have been selected.<br> <br> We have a second round that should be coming through in the next week or so... which leaves very few slots (less than 10) left...<br /> <br /> If you have great research and want a chance to present, please complete the <a href="https://www.blackhat.com/html/dc2010/registration/dc2010-cfp.html" target="blank">Call for Papers application</a> ASAP since that closes on December 1 although it may close earlier if we fill the remaining slots before then. https://www.blackhat.com/html/dc2010/dc2010-briefings.html E4ED2F6A-C255-11DE-9A18-000A95C50A24-37526-0000088B1B4AD1AB-FFA Fri, 13 Nov 2009 11:44:39 -0800 Black Hat Webcast #14 - New Frontiers in Forensics w/Matthieu Suiche Thursday, Oct 29th Time: 1:00 pm PT/4:00 pm ET Register at<br /> http://bit.ly/XXiuG<br /> <br /> Physical memory is definitely a goldmine of information and its analysis is<br /> part of several practices including troubleshooting, incident response,<br /> forensics investigation, etc. This webcast aims at explaining one major<br /> point and step: Why using Microsoft Crash Dump file format is way more<br /> efficient than a common raw dump under a Windows machine for forensics<br /> analysis.<br /> http://bit.ly/XXiuG 9212D222-BCF1-11DE-AEF7-000A95C50A24-6877-0000049176CA93D8-FFA Mon, 19 Oct 2009 13:57:09 -0700 Black Hat Webcast No. 13 - Privacy/Anonymity The September webcast will focus on Privacy/Anonymity featuring Matt Wood's work on Veiled: a browser-based darknet project. Veiled is a proof of concept that allows anyone to join from any platform which has a web browser whether a PC or an iPhone. This presentation will discuss and demonstrate the Veiled darknet and look at the technical implementation and challenges of such features, we also explore some interesting properties of browser-based darknets.<br /><br /> Wednesday, September 30, 2009, 1:00 pm Pacific/4:00 pm Eastern<br /> <br /> http://bit.ly/4dL39t EB838DCC-A47F-11DE-91CC-000A95C50A24-20394-00000268694A8D72-FFA Fri, 18 Sep 2009 11:27:44 -0700 Black Hat DC 2010 Briefings Call for Papers Now Open The Call for Papers for DC 2010 is now open. Deadline for submissions is December 1. https://www.blackhat.com/html/bh-dc-10/bh-dc-10-cfp.html 70F8AAE0-97DE-11DE-A07E-000A95C50A24-782-000000574B332083-FFA Wed, 02 Sep 2009 09:35:11 -0700 Black Hat Webcast #12: USA 2009 Wrap-Up - Today - Thursday, Aug 27 <![CDATA[Get one on one access with some of the hottest presenters from the most daring security event in the world.

Black Hat Webcast #12 is Thursday, August 27 at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.

Webcast participants: 
Zane Lackey and Luis Miras: Attacking SMS
David Dewey: The Language of Trust, Exploiting Trust Relationships in Active Content
Moxie Marlinspike: More Tricks For Defeating SSL
Alex Stamos: Cloud Computing Models and Vulnerabilities, Raining on the Trendy New Parade


]]>
https://www.blackhat.com/html/webinars/usa09-wrapup.html FDA01EB4-931B-11DE-BB21-000A95C50A24-4128-0000019A5DB31FEF-FFA Thu, 27 Aug 2009 08:15:13 -0700
Black Hat Webcast #12: USA 2009 Wrap-Up - Thursday, Aug 27 <![CDATA[There is still time to register for our free webcast. Black Hat Webcast #12 is Thursday, August 27th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.

Webcast participants: 
Zane Lackey and Luis Miras: Attacking SMS
David Dewey: The Language of Trust, Exploiting Trust Relationships in Active Content
Moxie Marlinspike: More Tricks For Defeating SSL
Alex Stamos: Cloud Computing Models and Vulnerabilities, Raining on the Trendy New Parade


]]>
https://www.blackhat.com/html/webinars/usa09-wrapup.html CFFDF974-9274-11DE-948A-000A95C50A24-3456-0000015E4DB15263-FFA Wed, 26 Aug 2009 12:17:38 -0700
Black Hat Webcast #12: USA 2009 Wrap-Up - Rescheduled The August Webcast has been rescheduled to Thursday, August 27th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.<br /> <br /> https://www.blackhat.com/html/webinars/usa09-wrapup.html 64337660-8CE8-11DE-A56D-000A95C50A24-18326-000004197C3438BD-FFA Wed, 19 Aug 2009 10:48:34 -0700 Black Hat Webcast #12: USA 2009 Wrap-Up The August Webcast is Thursday, August 20th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.<br /> <br /> https://www.blackhat.com/html/webinars/usa09-wrapup.html 8C9B17BA-8CDF-11DE-A09A-000A95C50A24-18167-00000409300780F4-FFA Tue, 18 Aug 2009 10:03:56 -0700 Black Hat USA 2009 Speaker Presentation Materials - Alexander Tereshkin and Rafal Wojtczuk <![CDATA[The following speakers have submitted updated presentation materials:

Introducing Ring -3 Rootkits by Alexander Tereshkin and Rafal Wojtczuk
Attacking Intel® Bios by Alexander Tereshkin and Rafal Wojtczuk
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html 80E58492-8B3A-11DE-A8A5-000A95C50A24-15382-0000032D3ADAD1F9-FFA Mon, 17 Aug 2009 14:51:02 -0700
Black Hat USA 2009 Speaker Presentation Materials - Aug 12 - Added and Updated <![CDATA[The following speakers have submitted updated presentation materials:

Exploratory Android by Jesse Burns
Reversing and Exploiting an Apple® Firmware Update by K. Chen
How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession by Peter Guerra
Veiled: A Browser-based Darknet by Billy Hoffman and Matt Wood
The Conficker Mystery by Mikko Hypponen
Attacking SMS by Zane Lackey and Luis Miras
Keynote: Cyberspace, A Fragile Ecosystem by Robert Lentz
Recoverable Advanced Metering Infrastructure by Mike Davis
Managed Code Rootkits: Hooking into the Runtime Environments by Erez Metula
Fuzzing the Phone in your Phone by Charlie Miller & Collin Mulliner
Breaking the security myths of Extended Validation SSL Certificates by Alexander Sotirov and Mike Zusman
Our Favorite XSS Filters and How to Attack Them by Eduardo Vela Nava and David Lindsay

]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html AE2461DC-86BF-11DE-86FE-000A95C50A24-6142-000001954BE95D34-FFA Wed, 12 Aug 2009 13:43:18 -0700
Black Hat USA 2009 Speaker Presentation Materials - Aug 11 - Added and Updated <![CDATA[The following speakers have submitted updated presentation materials:
Embedded Management Interfaces: Emerging Massive Insecurity by Hristo Bojinov
Advanced Mac OS X Rootkits by Dino Dai Zovi
Lockpicking Forensics by Datagram
A 16 bit Rootkit and Second Generation Zigbee Chips by Travis Goodspeed
Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way by Jeremiah Grossman and Trey Ford
More Tricks For Defeating SSL by Moxie Marlinspike

]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html 89C2C424-86B4-11DE-812D-000A95C50A24-5375-00000180C281F3FA-FFA Tue, 11 Aug 2009 13:38:39 -0700
Black Hat USA 2009 Speaker Audio and Video - Aug 11 - Added and Updated <![CDATA[Video from the following presentations are available to see:
The Language of Trust: Exploiting Trust Relationships in Active Content by Mark Dowd, Ryan Smith and David Dewey
"Smart" Parking Meter Implementations, Globalism, and You by Joe Grand, Jacob Appelbaum and Chris Tarnovsky
Gizmo: A Lightweight Open Source Web Proxy by Rachel Engel
Something about Network Security by Dan Kaminsky
Cloudburst: Hacking 3D (and Breaking Out of VMware) by Kostya Kortchinsky
More Tricks For Defeating SSL by Moxie Marlinspike
Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade by Alex Stamos, Andrew Becherer and Nathan Wilcox

Audio from the following presentations are available to hear:
"Smart" Parking Meter Implementations, Globalism, and You by Joe Grand, Jacob Appelbaum and Chris Tarnovsky
Cloudburst: Hacking 3D (and Breaking Out of VMware) by Kostya Kortchinsky
Re-conceptualizing Security by Bruce Schneier
Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade by Alex Stamos, Andrew Becherer and Nathan Wilcox

]]> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html 8BF1CC82-86A4-11DE-9DE8-000A95C50A24-4590-0000016AEC0BD869-FFA Tue, 11 Aug 2009 13:38:51 -0700 Black Hat USA 2009 Speaker Materials Now Online Speaker materials - slides, whitepapers and tools are now available for download. <br /> Content will be updated as we will posted as we receive them. https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html 2F6C0416-7C70-11DE-A1D1-000A95C50A24-15684-0000053CA87E5C63-FFA Wed, 29 Jul 2009 11:58:58 -0700 Black Hat USA 2009 Onsite Registration Now Open Onsite Registration now open. https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html 7C0DF066-7970-11DE-B8F9-000A95C50A24-6883-00000302178E3523-FFA Sat, 25 Jul 2009 16:12:09 -0700 Black Hat Online Registration Closes in 24 hours Reminder! Online Registration closes on July 22 and turns over to Onsite Rates thereafter. https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html 514E8B96-7606-11DE-B907-000A95C50A24-50678-0000056B8F7A89C5-FFA Tue, 21 Jul 2009 07:54:09 -0700 Black Hat Online Registration Closes on July 22 Reminder! Online Registration closes on July 22 and turns over to Onsite Rates thereafter. https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html 76732526-7309-11DE-AAEE-000A95C50A24-23850-000002A82C5AD3F4-FFA Fri, 17 Jul 2009 12:40:28 -0700 Black Hat Breakouts Schedule <![CDATA[The Black Hat Breakout Schedule is now online! 

We still have a few slots available for delegates who would like to hold a session.

Working on an open source project? Want to hash out your latest research with other like-minded researchers? Want to get other people in the community interested and participating in your project?

This year, we are pleased to offer those who are working on collaborative projects a chance to have a meet-up at Black Hat USA 2009. We can provide a room set up with a projector and screen so that people who are already attending the Black Hat Briefings can gather to discuss projects in depth. This space is set aside for those who are looking for a quiet, informal space for an hour to present and discuss their in-progress research topics.

Please email [email protected] if you are interested in hosting a breakout session.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 0BB59B7A-7268-11DE-8951-000A95C50A24-19538-000002358DA3182F-FFA Thu, 16 Jul 2009 17:26:45 -0700
Academic Pass Applications Closes Today Selected https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html FB41D004-709D-11DE-A637-000A95C50A24-689-0000001E8F140CEE-FFA Thu, 16 Jul 2009 17:22:48 -0700 Black Hat Breakouts Working on an open source project? Want to hash out your latest research with other like-minded researchers? Want to get other people in the community interested and participating in your project?<br> <br> This year, we are pleased to offer those who are working on collaborative projects a chance to have a meet-up at Black Hat USA 2009. We can provide a room set up with a projector and screen so that people who are already attending the Black Hat Briefings can gather to discuss projects in depth. This space is set aside for those who are looking for a quiet, informal space for an hour to present and discuss their in-progress research topics.<br> For more information, email <a href="mailto:cfp.blackhat.com">[email protected]</a> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 682A33AA-6D2E-11DE-9DE1-000A95C50A24-29096-0000033D89DCBA59-FFA Fri, 10 Jul 2009 01:50:33 -0700 Regular Registration Ends Tomorrow! <p>The Regular Registration Deadline is July 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training.</p><br> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 5CC3C2FE-6583-11DE-A466-000A95C50A24-1518-00000027C71B6E96-FFA Tue, 30 Jun 2009 07:36:52 -0700 USA 2009 Presentation Update: A 16 bit Rootkit and Second Generation Zigbee Chips by Travis Goodspeed Travis Goodspeed promises a live demo and new vulnerability release for his presentation at USA 2009. https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Goodspeed 0E5B2B58-64F6-11DE-A2B2-000A95C50A24-9471-0000010CFC271675-FFA Mon, 29 Jun 2009 14:47:03 -0700 USA 2009 Day 2 Keynote Announced Robert F. Lentz, Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (CI&IA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer, will be the Day 2 Keynote at the USA 2009 Briefings. <br /> <br /> Mr. Lentz, as a Deputy Assistant Secretary of Defense in both the Bush and Obama administrations and the first Senior Information Assurance Official for the Department of Defense serving since Nov 2000 will provide his perspective and lessons learned over several decades working in the cyber security field. Mr. Lentz will outline his future vision and goals and those critical policy, technical and operational challenges facing us in this race to leverage the power of the internet. https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Lentz D6C37904-647B-11DE-B281-000A95C50A24-6171-000000B58E8793E8-FFA Mon, 29 Jun 2009 00:31:59 -0700 Regular Registration Deadline Fast Approaching <p>The Regular Registration Deadline is July 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training.</p><br> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 3F21423E-6471-11DE-ACF1-000A95C50A24-5471-000000A2088ABACA-FFA Sun, 28 Jun 2009 22:54:52 -0700 USA 2009 Briefings Track: Metasploit <![CDATA[Newly announced tracke for Day 1, July 29:

Four Turbos, 20 minutes each:
Dino Dai Zovi: Macsploitation with Metasploit
Mike Kershaw: Kismet and MSF
Chris Gates: Breaking the "Unbreakable" Oracle with Metasploit
Dustin "I)ruid" Trammell: MSF & Telephony

Two 75 minute presentations:
Peter Silberman & Steve Davis: Metasploit Autopsy - Reconstructing the Crime Scene
Egypt: Using Guided Missiles in Drive-Bys - Automatic Browser Fingerprinting

One 120 minute presentation:
Val Smith, Colin Ames & David Kerb: MetaPhish
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html 3D094064-5F62-11DE-A9A0-000A95C50A24-9044-000001B0AEF01BBD-FFA Mon, 22 Jun 2009 12:32:20 -0700
USA 2009 - Black Hat Post Webcast #11 Press <![CDATA[From SC Magazine - Friday, 19 June 2009

Black Hat topics include hacking parking meters, social networks

On the agenda this year at the 2009 Black Hat conference are topics ranging from the psychology of social networking to hacking parking meters.

Eager attendees got a taste of what's to come at the conference, to be held July 25 to 30 in Las Vegas, during a webcast Thursday in which selected speakers gave a preview of their talks.

Read the complete article.
]]>
https://www.blackhat.com/html/press/press.html 23B27F04-5F49-11DE-A6FA-000A95C50A24-8032-000001826BFDB374-FFA Mon, 22 Jun 2009 09:31:54 -0700
USA 2009 Sneak Peek - Webcast #11 - Today <![CDATA[
Every registrant for today's June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!

Participating USA 2009 Speakers for Webcast #11 will be:
Dino Dai Zovi: Advanced Mac OS X Rootkits
Nitesh Dhanjani: Psychotronica: Exposure, Control, and Deceit
Joe Grand, Jacob Appelbaum, Chris Tarnovsky: "Smart" Parking Meter Implementations, Globalism, and You
Nathan Hamiel, Shawn Moyer: Weaponizing the Web: More Attacks on User-Generated Content 

The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST.

*Note that the discount is applicable for new registrations only. 


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html A77CE878-5BDF-11DE-87C1-000A95C50A24-404-0000001C1703E10A-FFA Thu, 18 Jun 2009 01:12:59 -0700
Webcast #11 - USA 2009 Sneak Peek - Register Now! <![CDATA[
Every registrant for the June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!

Participating USA 2009 Speakers for Webcast #11 will be:
Dino Dai Zovi: Advanced Mac OS X Rootkits
Nitesh Dhanjani: Psychotronica: Exposure, Control, and Deceit
Joe Grand, Jacob Appelbaum, Chris Tarnovsky: "Smart" Parking Meter Implementations, Globalism, and You
Nathan Hamiel, Shawn Moyer: Weaponizing the Web: More Attacks on User-Generated Content 

The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST.

*Note that the discount is applicable for new registrations only. 


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 8B28EE7C-5AC4-11DE-A60F-000A95C50A24-186-0000000332E8B501-FFA Tue, 16 Jun 2009 15:28:24 -0700
Third Annual Pwnie Awards <![CDATA[The Pwnie Awards will return for the third consecutive year to the Black Hat USA
conference in Las Vegas. The award ceremony will take place during the Black Hat
reception on July 29, 2009 and the Pwnie organizers promise an extravagant show.

The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. Nominations are currently accepted in nine award categories:

* Best Server-Side Bug
* Best Client-Side Bug
* Mass 0wnage
* Most Innovative Research
* Lamest Vendor Response
* Most Overhyped Bug
* Best Song
* Most Epic FAIL
* Lifetime Achievement award for hackers over 30

The deadline for nominations is Wed, July 15. To submit a nomination,
visit the Pwnie Awards site at http://pwnie-awards.org/

For the latest updates, follow the Pwnie Awards on Twitter:
http://twitter.com/PwnieAwards]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html 3A898B94-5A8C-11DE-91BC-000A95C50A24-10939-00000233B09B3B28-FFA Tue, 16 Jun 2009 08:45:41 -0700
USA 2009 Hotel Group Rate Extended The Black Hat USA 2009 discounted <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html" target="blank">group rate</a> at Caesars Palace has been extended until July 3. Have the convenience of staying at the venue hotel, just an elevator ride away from the show floor. <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html" target="blank">Reserve now!</a> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html 7B79166E-56AA-11DE-8E61-000A95C50A24-2786-000000EB4E5F29C7-FFA Thu, 11 Jun 2009 10:12:55 -0700 Webcast #11 - USA 2009 Sneak Peek - Presenters Finalized <![CDATA[We have opened registration. for the upcoming Webcast. The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presentations for Black Hat USA 2009. 

Participating USA 2009 Speakers for Webcast #11 will be:
Dino Dai Zovi: Advanced Mac OS X Rootkits
Nitesh Dhanjani: Psychotronica: Exposure, Control, and Deceit
Joe Grand, Jacob Appelbaum, Chris Tarnovsky: "Smart" Parking Meter Implementations, Globalism, and You
Nathan Hamiel, Shawn Moyer: Weaponizing the Web: More Attacks on User-Generated Content 

If you like what you see, you'll like another incentive we're attaching to this webcast even more: Every registrant for the June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!

*Note that the discount is applicable for new registrations only. 


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html CFDF8770-55DC-11DE-A013-000A95C50A24-1578-0000008C0D726019-FFA Wed, 10 Jun 2009 09:36:13 -0700
USA 2009 Briefings Track: Testing/Exploitation <![CDATA[

USA 2009 Briefings schedule is now online. 

The Testing/Exploitation Track will feature: 
Ruby for Pentesters  by Michael Tracy, Chris Rohlf & Eric Monti
Demystifying Fuzzers Michael Eddington
Our Favorite XSS Filters and How to Attack Them by Eduardo Vela Nava & David Lindsay
State of the Art Post Exploitation in Hardened PHP Environments by Stefan Esser
Exploiting Rich Content by Riley Hassell
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html 4FFE3280-55C4-11DE-AC96-000A95C50A24-1142-0000005EE55965FB-FFA Wed, 10 Jun 2009 06:46:00 -0700
USA 2009 Briefings Track: Legal/Management <![CDATA[

USA 2009 Briefings schedule is now online. 

The Legal / Management Track will feature: 
Computer Crime Year In Review: MySpace, MBTA, Boston College and More by Jennifer Granick
Fighting Russian Cybercrime Mobsters: Report from the Trenches Dmitri Alperovitch
Your Mind: Legal Status, Rights and Securing Yourself by Tiffany Rad & James Arien
Economics and the Underground Economy by Cormac Herley & Dinei Florencio
Beckstrom's Law: A Model for Valuing Networks and Security by Rod Beckstrom
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html 48504AD2-54F7-11DE-A095-000A95C50A24-947-0000003B32D4737E-FFA Tue, 09 Jun 2009 06:31:31 -0700
Homeland Security Secretary Appoints Jeff Moss, Founder of Black Hat and DEFCON, to the Homeland Security Advisory Council. Jeff Moss to provide recommendations directly to Secretary Napolitano on Homeland Security issues. The complete <a href="https://www.blackhat.com/html/bh-about/press.html" target="blank">press release</a> is available for review from the <a href="https://www.blackhat.com/html/bh-about/press.html">Black Hat website</a>. https://www.blackhat.com/html/bh-about/press.html 4A765CE4-5451-11DE-A7B8-000A95C50A24-6953-000001DDB1663DDA-FFA Mon, 08 Jun 2009 20:48:07 -0700 USA 2009 Briefings Track: Cloud/Virtualization <![CDATA[

USA 2009 Briefings schedule is now online. 

The Cloud/Virtualization Track will feature:
Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure by Christofer Hoff & Enno Rey
SADE - Injecting agents in to VM guest OS by Matt Conover
Clobbering the Cloud! by Haroon Meer, Marco Slaviero & Nick Arvanitis
Cloudburst: Hacking 3D (and Breaking Out of VMware) by Kostya Kortchinsky
Re-conceptualizing Security by Bruce Schneier
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html 02F3C77A-544D-11DE-A7B8-000A95C50A24-6953-000001D5CE3219B8-FFA Mon, 08 Jun 2009 06:28:24 -0700
USA 2009 Briefings Schedule Now Online <p>USA 2009 Briefings <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html">schedule</a> is now online. </p><br> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html 91458856-53F3-11DE-A7B8-000A95C50A24-6953-000001A40C3E8F44-FFA Sun, 07 Jun 2009 23:17:10 -0700 Webcast #10 - Mobility & Security - Audio Now Available <p>The audio for the May 21 Webcast on Mobility &amp; Security is now <a href="https://www.blackhat.com/html/webinars/mobility_security.html">available.</a></p> https://www.blackhat.com/html/webinars/mobility_security.html 0A4FE520-520F-11DE-906E-000A95C50A24-1489-000000E5E5DD1BEF-FFA Fri, 05 Jun 2009 13:26:18 -0700 Final USA 2009 Briefings Speakers Selected <p >USA 2009 <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html"> speaker</a> selections has been finalized. The schedule will be published on Monday, June 8. </p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFR Fri, 05 Jun 2009 12:42:57 -0700 Webcast #11 - USA 2009 Sneak Peek - Registration Now Open <![CDATA[We have opened registration. for the upcoming Webcast. The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presentations for Black Hat USA 2009. Current participating speakers include Dino Dai Zovi who will be presenting on "Advanced Mac OS X Rootkits" and Nitesh Dhanjani who will be speaking on "Psychotronica: Exposure, Control, and Deceit".

If you like what you see, you'll like another incentive we're attaching to this webcast even more: Every registrant for the June 18 webcast that attends the session will receive a code that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas.
Register Now!


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFN Fri, 05 Jun 2009 12:44:35 -0700
Early Bird Registration Rate Ends Today - June 1 - at 11:59PM PST <p >The Early Bird Registration Rate ends today! <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register today</a> to take advantage of discounted rates for both Briefings and Training </p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFP Mon, 01 Jun 2009 8:27:23 -0700 Academic Pass <![CDATA[

Black Hat is pleased to offer to qualifying members of the academic community a discounted registration rate to Black Hat USA 2009. The Academic Pass includes gratis entry to DEFCON 17, held at the Riviera Hotel in the weekend immediately following Black Hat USA.


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFM Fri, 29 May 2009 12:18:03 -0700
Webcast #11 - USA 2009 Sneak Peek <![CDATA[

The upcoming Webcast is Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presenations for Black Hat USA 2009. Several of the speakers will discuss their work and give you a taste of the live event. If you like what you see, you'll like another incentive we're attaching to this webcast even more: Every registrant for the June 18 webcast that attends the session will receive a code that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Registration for the Webcast will open June 1.


]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFK Fri, 29 May 2009 10:01:53 -0700
Early Bird Registration Deadline Fast Approaching <p >The Early Bird Registration Deadline is June 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training </p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFJ Thu, 28 May 2009 8:11:17 -0700 Stay at the Official Venue Hotel <p >Hotel guest rooms are still available at <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html">Caesars Palace</a>, the official venue hotel. In the past, the Black Hat block has sold out 6 weeks in advance. </p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFH Thu, 28 May 2009 06:50:29 -0700 Hacker Court Returns For Its Eigth Appearance <p > <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#panel3">Hacker Court 2009: Pwning the economy in 138 chars or less</a> demonstrates legal issues in cyberspace. The Hacker Court mock trial series has always received rave reviews for its lively presentation. Not to be missed.</p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFG Wed, 27 May 2009 09:45:48 -0700 Hack Like You Mean It! <p >SensePost has added a new course to their stable of offerings: <a href="https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-sp-PCI.html">Hacking by Numbers: PCI Edition</a>. This is a practical, technical course aimed at beginner penetration testers, that teaches method-based hacker thinking, skills and techniques, specifically focusing on the approach and priorities for penetration testing required by the PCI DSS standard. Register by June 1 to get the Early Bird pricing. </p><br /> https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFF Tue, 26 May 2009 13:33:17 -0700 Three New and Unique Class Offerings <![CDATA[

We have three new course offerings: Intercepting Secure Communications by Moxie Marlinspike, Mac Hacking Class by Vincenzo Iozzo, and Attacking Hardware: Unsecuring [once] Secure Devices by Christopher Tarnovsky. Register by June 1 to get the best pricing. A complete listing of all our course offerings is available on our USA 2009 Training page.


]]>
https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-complete.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFE Tue, 26 May 2009 11:43:02 -0700
Second Round of USA Speakers Online Now <p >We've selected the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html">second round of Briefings Speakers for Black Hat USA 2009</a>. This year we'll be announcing them as selections are made, so it's a good idea to check back periodically. The list will grow until June 15, when we expect to have the final list compiled.</p><br /> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFD Sat, 23 May 2009 00:00:01 -0700 Black Hat USA 2009 Training Course Update - New Hacking by Numbers Cadet Online Edition <p>This year Black Hat is offering for the first time, a <a href="https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-sp-cadet.html"> Hacking by Numbers Cadet Online Edition</a> hosted by SensePost. This is a self-paced introductory course for technical people with no previous experience in the world of hacking. To learn more courses offered by all our training partners at Black Hat USA visit us at <a href="https://www.blackhat.com/"> https://www.blackhat.com/.</a> https://www.blackhat.com/. 9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFC Fri, 22 May 2009 22:58:45 -0700 Last chance - Register for Webcast #10: Mobility and Security. Win a Free Conference Pass to Black Hat USA 09 <p>Our webcast on the topic of mobile security is this Thursday at 1pm PDT. There's still time to register and get yourself in the running for a free conference pass to Black Hat Briefings USA 2009. If you're interested, make sure to sign up for this free webcast. http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D 9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFB Wed, 20 May 2009 18:19:12 -0700 First Round of USA Speakers Online Now <p >We've selected the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html">first round of Briefings Speakers for Black Hat USA 2009</a>. This year we'll be announcing them as selections are made, so it's a good idea to check back periodically. The list will grow until June 15, when we expect to have the final list compiled.</p><br /> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFA Fri, 08 May 2009 10:28:49 -0700 Follow Black Hat on Twitter and Win a Black Hat Track Jacket <p>The response was great the first time we did this, so we'll be giving away another Black Hat Track Jacket to a randomly selected Twitter follower on Monday. (Here's a <a href="html/images/blackhattrackjacket.jpg"> picture of the jacket</a>) If you're not already following us, join us at <a href="https://twitter.com/blackhatevents">https://twitter.com/blackhatevents</a><br /> <br /> We'll announce the winner on Twitter Monday at 3pm PDT. If you've got friends you think would like a Black Hat Track Jacket, spread the word.</p> https://twitter.com/blackhatevents EDDEEE06-0053-4F6A-8F44-C36FB8880A18-29793-0001F9779B4585A3-FFA Thu, 07 May 2009 14:31:10 -0700 Win a Free Conference Pass to Black Hat USA 09 <p>Our webcast on May 21 will be a round table examining the present and future of security as it relates to the booming world of mobile computing devices. The new format is designed to be more interactive, so please join us and bring your best questions. We'll have some panelists from the research sphere and some from the vendor space and it should all make for a very lively and informative conversation.</p><br /> <p>We're going to be giving away a free conference pass to Black Hat Briefings USA 2009 to a randomly selected registrant to the May 21 webcast. If you're interested, make sure to <a href="http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D">sign up for this free webcast</a>. </p> http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D 9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFA Thu, 30 Apr 2009 17:42:45 -0700 USA 2009 Update: Early Registration Rate Extended to June 1 The Early registration deadline for Black Hat USA 2009 has been extended from May 1 to June 1, giving interested registrants an extra month to avoid the 200 dollar price increase to our Regular rate. You can find out more about <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">Black Hat's registration rates, dates and information</a> on our website. https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html B4A85574-9C6E-453F-845B-279F8631390B-12646-000182A563E9188B-FFA Thu, 30 Apr 2009 14:38:31 -0700 USA 2009 CFP Updated: CFP Deadline Extended to May 5 <![CDATA[

Good news for anyone struggling to get a submission into the Black Hat CFP system before the door closes -we've extended the deadline from May 1 to Tuesday May 5. If you've got the goods for a great Black Hat presentation, make sure to let us know before then. We're looking forward to your submissions.

For all the rules and regulations, you can visit our CFP FAQ section.

]]>
https://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html BB28A3A7-893E-452A-9809-114AF51A6532-12646-00017932ACE82F41-FFA Thu, 30 Apr 2009 12:11:27 -0700
Registered for Black Hat USA 2009? Help us select this year's talks! <p>All paid registrants for Black Hat events get the opportunity to review and rate the submissions from the Black Hat CFP. It's a great way to take the pulse of the security research community and to help create the kind of Black Hat you want to attend. To learn more about our process, you can check out the<a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html"> Black Hat USA 2009 Call For Papers Crowdsourcing FAQ</a>. We hope you'll take a little time and help us out - your feedback is very important to us.</p> http://blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html 83BDCDE3-D67A-4453-A42A-FF588AC04FE7-12646-0001406AA6F2F1EF-FFA Tue, 28 Apr 2009 13:34:57 -0700 USA 2009 CFP Reminder: CFP Closes May 1 <p>If you're thinking about submitting to the Black Hat USA 2009 Call for Papers, please bear in mind that the CFP closes on May 1 - only a few days away. If you have something great to share with the broader security community, get your idea in to us at <a href="https://cfp.blackhat.com">the Black Hat CFP site</a> right away. For all the rules and regulations, you can visit our <a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html">CFP FAQ section.</a></p> http://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html 251875C3-8D09-4017-9A00-5527A045E354-12646-00014059E5912398-FFA Tue, 28 Apr 2009 13:29:18 -0700 Black Hat Europe Video-Charlie Miller and Vincenzo Iozzo: Fun and Games with Mac OSX and iPhone Payloads <p>Charlie Miller and Vincenzo Iozzo's <a href="https://media.blackhat.com/bh-europe-09/video/black-hat-europe-09-miller-iozzo-osx-iphone.m4v">presentation on Mac and iPhone payloads</a> was one of the most remarked-upon presentations at last week's Black Hat Europe event, and now it's available online for anyone who missed it. </p><br /> https://media.blackhat.com/bh-europe-09/video/black-hat-europe-09-miller-iozzo-osx-iphone.m4v F64FF4B2-C7B4-4B23-AE55-23288146C45A-1356-0000383B512932A4-FFA Mon, 20 Apr 2009 13:06:43 -0700 Black Hat Webcast 10- Mobility and Security - May 21 1pm PDT <p class="black">Our next webcast will be a round table examining the present and future of security as it relates to the booming world of mobile computing devices, from traditional laptops and smartphones to the exploding world of netbooks. We'll have participation from both researchers and vendors and we're expecting a lively and valuable conversation. The new format is designed to be more interactive, so please join us and bring your best questions. You can <a href="http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D">register for this May 21 Webcast</a> online now.</p> http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D 75B80358-3313-4287-B865-39918CB15466-1356-0000382EE4A77F28-FFA Mon, 20 Apr 2009 13:05:55 -0700 Black Hat Europe Update: Keynote Speaker Lord Erroll <![CDATA[

We're pleased to announce the addition of Lord Erroll as Keynote speaker for Black Hat Europe 2009. Lord Erroll, 60, is a cross-bench member of the British House of Lords and takes pride in “voting against stupid Government ideas whoever is in power.”

The topic of his keynote presentation will be “Privacy Protecting People or People Protecting Privacy”


You can read his full biography on our Black Hat Europe 09 speaker page.


This addition has changed the Briefings schedule a bit, so if you're attending please take a look at our Briefings schedule page for the latest updates


]]>
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Erroll AEE2CBF6-A7A9-4E4C-A5E9-446A03EDD658-4971-000068F75B9C5F1E-FFA Fri, 10 Apr 2009 15:34:18 -0700
Follow Black Hat on Twitter, Win a Black Hat Track Jacket We're trying something new to get people following our Twitter feed - we'll be giving away a Black Hat Track Jacket to a randomly selected Twitter follower on Monday. If you're not already following us, join us at https://twitter.com/blackhatevents<br /> <br /> We'll announce the winner on Twitter Monday at 3pm PDT. If you've got friends you think would like a Black Hat Track Jacket, spread the word. https://twitter.com/blackhatevents 8F663571-295B-4026-8CBC-8CE4782C949F-2337-000335B37C7B2F5C-FFA Fri, 03 Apr 2009 14:30:29 -0700 Black Hat Webcast 9 Audio Now Online <![CDATA[

We've posted the audio to this month's Black Hat Webcast previewing some of the exciting presentations from Black Hat Europe 2009.

You can download the audio or you can watch the WebSync version.

]]>
https://media.blackhat.com/webinars/black-hat-webcast-9-march-2009-eupreview.m4b A1E0E180-FD67-42E8-8C58-3EC67B009884-2337-0000FE352A50D0A2-FFA Tue, 24 Mar 2009 17:02:07 -0700
Black Hat Speakers in the News: Prajakta Jagdale <![CDATA[In her talk at Black Hat DC 2009, HP's Prajakta Jagdale spoke of a new free tool for analyzing Adobe Flash applications for vulnerabilities The tool wasn't ready at that time, but it's been released today. To learn more about it, you can check out the slides or video from her presentation entitled “Blinded by Flash: Widespread Security Risks Flash Developers Don't See ” ]]> http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx 073F4194-C5B1-45FB-B03D-14DE35B83804-2337-0000FC9B8EC7D26F-FFA Tue, 24 Mar 2009 16:32:04 -0700 Black Hat Speakers in the News: Joanna Rutkowska and Rafal Wojtczuk <p>Joanna Rutkowska and Rafal Wojtcuk <a href="http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html">released a paper and exploit code </a>on a privilege escalation attack on Intel CPUs that we're finding very interesting. You can find the details on the <a href="http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html">Invisble Things Blog. </p> http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html 31BF957A-0928-4F58-A120-182989E5BE1E-2337-0000185B58D39CE3-FFA Fri, 20 Mar 2009 11:27:57 -0700 Video Update: Black Hat USA 2008 You can <a href="https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html">check out a full lineup of presentations from Black Hat USA 2008</a> by visiting our archive page now. Audio and slides-only video to follow shortly. You can also <a href="http://blackhat.com/Black_Hat_USA_2008_Hi-res_.m4v_Feed.xml">subscribe to the Black Hat USA 08 hi-res .m4v feed</a> here. https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html BF4DB54F-BB55-4B09-B085-9F08B05D47E1-51585-000367B7958DF89F-FFA Tue, 17 Mar 2009 16:57:01 -0700 Black Hat Webcast Reminder: Thursday, Mar 19 at 1pm PDT Our next webcast, which features a variety of hot topics from the Black Hat Europe roster, including Attacking Backbone Technology and In-Memory Execution on Mac OS X and iPhone is coming up this Thursday - you can <a href="http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9">register for the webcast online now</a>. http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9 414F5CBE-620B-4F1C-B197-4DB4B4AF7CA5-51585-00035B15E7E27C77-FFA Tue, 17 Mar 2009 12:55:17 -0700 Black Hat USA Registration Reminder: Super Early Bird Rate Ends March 15 <p>You can <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">save $100 on the registration price of Black Hat USA 2009</a> by registering before Monday - the Super Early Bird rate expires midnight March 15. </p> https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html 5F19D84C-9551-4747-BA45-B4E32E54D18D-22589-0001E12E30439A35-FFA Thu, 12 Mar 2009 17:41:54 -0700 Black Hat Webcast 8 Audio Online <![CDATA[

We've posted the audio to last month's Black Hat webcast on Rich Internet Application Security with Billy Hoffman from HP, Alex Stamos from iSec and Peleus Uhley from Adobe.

You can download the audio or you can watch the WebSync version.

]]>
https://media.blackhat.com/webinars/black-hat-webcast-8-february-2009-ria.m4b 661F8909-D5CD-46A3-B713-B7BDD5F05BA5-5894-000140E75EF98759-FFA Tue, 10 Mar 2009 16:32:37 -0700
Jeff Moss Interviews Dan Kaminsky: Part 2 of 2 <p>Dan Kaminsky has been all over the news since his disclosure of a major DNS flaw at Black Hat USA 2008. At Black Hat DC, he talked about the state of DNS today and gave a strong endorsement to DNSSEC. This is part two of a two-part interview.</p><br /> <p>You can <a href="https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview2.m4v">download the video now</a> or you can <a href="http://www.youtube.com/watch?v=REwmyb7qebM">watch it on YouTube</a>. https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview2.m4v ADF561E2-E17B-41A0-A625-AA9FE392EA9E-5894-0000FCF6212AB6A6-FFA Tue, 10 Mar 2009 10:58:24 -0700 Black Hat Free Webcast #9 - Black Hat Europe Preview <![CDATA[

Black Hat Europe is right around the corner - we'll be returning to Amsterdam April 14-17. We're very excited about the lineup of speakers we've put together, and this webcast will be a sort of sneak preview of what kind of presentations attendees will get to see at the live event.



Please join Black Hat Founder Jeff Moss for what we are sure will be an eye-opening look under the hood of Black Hat Europe 2009. You can register for the Black Hat webcast for free here.



Speakers confirmed thus far:

Enno Rey and Daniel Mende
All Your Packets Are Belong to Us - Attacking Backbone Technologies

Charlie Miller and Vincenzo Iozzo
Fun and Games Using In-Memory Execution on Mac OS X and iPhone

Stefano Zanero
Masibty: a Web Application Firewall Based on Anomaly Detection


Roberto Gassira' and Roberto Piccirillo
Hijacking Mobile Data Connections ]]>
http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9 607624E6-49EE-4445-9E1B-AE72BA3337C8-5894-0000E1FB0C194A24-FFA Mon, 09 Mar 2009 12:00:04 -0700
Black Hat Speakers in the News: Rod Beckstrom Leaves DHS Black Hat USA 2008 Keynote speaker and head of the DHS National Cybersecurity Center resigned his post in the midst of widespread concern about national cybersecurity responsibility being transferred to the National Security Agency. You can read the <a href="http://blog.wired.com/defense/2009/03/breaking-cyber.html"> Danger Room blog posting from Wired Blogs</a> here. http://blog.wired.com/defense/2009/03/breaking-cyber.html 8524DB96-055C-4467-BF82-6CB9E3B07BF1-2915-00021ED5958369E2-FFA Fri, 06 Mar 2009 12:36:55 -0800 Europe 09 Briefings Schedule Online Now We now have the full <a href="https://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html">Briefings Schedule for Black Hat Europe 2009</a> online now. Please take a look. https://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html 1B2918B7-7B3C-47A5-8F24-F3619A5639E7-2915-00021EC7D73BBCFA-FFA Fri, 06 Mar 2009 12:35:45 -0800 Jeff Moss Interviews Dan Kaminsky <p>Dan Kaminsky has been all over the news since his disclosure of a major DNS flaw at Black Hat USA 2008. At Black Hat DC, he talked about the state of DNS today and gave a strong endorsement to DNSSEC. This is part one of a two-part interview.</p><br /> <p>You can <a href="https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview.m4v">download the video now</a> or you can <a href="http://www.youtube.com/watch?v=-awuAm7moS8">watch it on YouTube</a>. https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview.m4v FA961C7E-94CE-4DB9-8DE0-0E9C602E3577-2915-00002C5A0757B6FC-FFA Fri, 27 Feb 2009 12:02:10 -0800 Jeff Moss interviews Duc Nguyen Duc Nguyen gave a very impressive presentation on the weaknesses of the current facial recognition option in some very popular laptops, defeating the protection in a live demo. Black Hat founder Jeff Moss interviewed him</a> about the discovery and his the future of that technology and his firm's research.<br /> <br /> You can <a href="https://media.blackhat.com/bh-dc-09/video/Nguyen/moss-nguyen-interview.m4v">download the video right away</a> or in the next few hours you can <a href="http://www.youtube.com/watch?v=2pI0wl_YLww">watch it on YouTube</a>. https://media.blackhat.com/bh-dc-09/video/Nguyen/moss-nguyen-interview.m4v 45807485-23F0-4E7A-B9D8-F84541418A5E-457-00001E3ACA8207F8-FFA Mon, 23 Feb 2009 20:38:49 -0800 New Blackpage Update from Vincenzo Iozzo Vincenzo Iozzo, who gave a popular OS X anti-forensics presentation at Black Hat DC 2009, contributed a <a href="html/blackpages/blackpages.html">Blackpage entry to clear up some issues with his presentation and his demo</a>. The <a href="https://media.blackhat.com/bh-dc-09/Iozzo/demo.avi">demo video he's created</a> is available online now.<br /> https://www.blackhat.com/html/blackpages/blackpages.html E4BB2700-4466-49F9-9EF9-F4CE1BFE9EF2-457-00001E269BC35139-FFA Thu, 26 Feb 2009 20:23:33 -0800 Reminder - Last Chance to Register for Black Hat Free Webcast #8: Rich Internet Application Security Rich Internet Application (RIA) frameworks are seeing an enormous growth in popularity - technologies like Ajax and Flash create nearly unlimited opportunities to expand and improve the web user experience. They also bring with them a host of new security risks. The popularity of these frameworks among application developers insures that we'll see more attacks and issues in the months and years ahead.</p><br /> <br /> Join Black Hat Founder and Director Jeff Moss and his guests Billy Hoffman of HP, Alex Stamos of iSec and Peleus Uhley of Adobe <span>1pm PST on February 26 </span>for a lively discussion of new issues and security implications in the world of Rich Internet Applications. You can <a href="http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4">register for the webcast online</a> now. http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4 A02BB3CF-D302-4004-97FE-4D2C923A1454-457-000014DCAFAC1778-FFA Mon, 23 Feb 2009 17:17:00 -0800 Black Hat DC 2009 Video DVD Set Available from Source of Knowledge For those who weren't able to attend the event live, the videos of every session at Black Hat DC 2009 are available in several formats <a href="http://twosense.com/bhb-dc09/index.html">on Source of Knowledge's website</a>. http://twosense.com/bhb-dc09/index.html 355C598F-5221-4CE6-96E8-F2638C7162A3-457-000014447773D614-FFA Mon, 23 Feb 2009 17:04:56 -0800 Winners announced in Jeremiah Grossman's Top 10 Web Hacks These new and innovative techniques were analyzed and ranked based upon their novelty, impact, and pervasiveness. To find out more about who the panel of judges (Rich Mogull, Chris Hoff, H D Moore, and Jeff Forristal) selected, you can check out <a href="http://bit.ly/IRrGV">Jeremiah Grossman's Blog</a>. http://bit.ly/IRrGV 173D540C-2E34-4078-856C-E18E1DE3EF9E-457-0000052AB0D7189D-FFA Mon, 23 Feb 2009 12:33:38 -0800 Black Hat DC Press Coverage Black Hat DC 2009 is drawing to a close, and we had a wealth of excellent talks. For those that couldn't be here with us, we've assembled a partial list of <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-press.html">Black Hat DC 2009 press coverage</a> to give you the flavor of the event. The page will grow as more stories roll in, so feel free to check back.<br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-press.html E9644F4C-6884-48FE-8F1F-8B2869BFA7B2-830-00005A5BE8934851-FFA Thu, 19 Feb 2009 19:46:49 -0500 Paul B. Kurtz: DC 09 Keynote: The Move from Strategic Indecision to Leadership in Cyberspace The <a href="https://media.blackhat.com/bh-dc-09/video/Kurtz/blackhat-dc-09-kurtz-keynote-slide.mov">keynote for Black Hat DC 2009</a> is available online now. https://media.blackhat.com/bh-dc-09/video/Kurtz/blackhat-dc-09-kurtz-keynote-slide.mov 90258682-C138-4C00-AC74-0CFA19D53FB2-830-00005A8A394705AB-FFA Mon, 23 Feb 2009 20:37:03 -0800 Rafal Wojtczuk and Joanna Rutkowska's presentation: Attacking Intel® Trusted Execution Technology The <a href="http://invisiblethingslab.com">Invisible Things Lab team </a> returned to Black Hat with brand new research on weaknesses in current TXT implementations and how they can be practically exploited. The <a href="https://media.blackhat.com/bh-dc-09/video/Wojtczuk_Rutkowska/blackhat-dc-09-Wojtczuk_Rukowska_Intel-TXT.mov">video is online</a> now.<br /> https://media.blackhat.com/bh-dc-09/video/Wojtczuk_Rutkowska/blackhat-dc-09-Wojtczuk_Rukowska_Intel-TXT.mov 45BE661A-492E-449D-B135-5A1D344AA58B-830-00004758DEE96412-FFA Thu, 19 Feb 2009 19:47:54 -0500 Moxie Marlinspike's Black Hat 2009 Presentation: New Techniques for Defeating SSL in Practice One of the best-received talks at Black Hat DC 2009 so far, Moxie Marlinspike's frankly disconcerting presentation regarding practical ways to beat the SSL underpinnings of "Secure" web commerce will definitely spark a lot of conversation. You can <a href="https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov">see the presentation</a> yourself online now. https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov 3BC3736D-ED04-4791-B3B9-4407CF25D9CE-830-00003F7BFD581D37-FFA Thu, 19 Feb 2009 11:33:16 -0500 Interview with Black Hat DC speaker Moxie Marlinspike Black Hat founder Jeff Moss interviews Moxie Marlinspike, who showed his new tool SSLStrip and a host of new ways to beat the SSL protection that web commerce relies on this morning at Black Hat. You can <a href="https://media.blackhat.com/bh-dc-09/blackhat-dc-09-marlinspike-interview.m4v">download the video</a> or <a href="http://www.youtube.com/watch?v=Rvp0oPluuLE">watch it on YouTube </a>. https://media.blackhat.com/bh-dc-09/blackhat-dc-09-marlinspike-interview.m4v 0810596D-4650-4ABD-8527-4335B93A7247-830-00003176BCE5DC03-FFA Wed, 18 Feb 2009 23:10:39 -0500 Presentations from DC 2009 Now Online You can <a href="html/bh-dc-09/bh-dc-09-archives.html">see the powerpoints and whitepapers for DC 2009</a> online now. https://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html 71CBFCAD-FF44-4CD8-8FDD-6A0BE57DFC06-830-0000157AC658E40E-FFA Wed, 18 Feb 2009 12:35:33 -0500 Adobe Researcher Joins Black Hat RIA Webcast <![CDATA[Peleus Uhley is a senior security researcher within the Secure Software Engineering team at Adobe, and he's joining our February 26th Webcast on the topic of Rich Internet Applications. If you have RIA security questions related to AIR and Flash, this will be a great place to get them answered. He'll be joining Billy Hoffman of HP and ALex Stamos of iSec for what promises to be a very interesting conversation. You can register for the webcast online now.
]]>
https://www.blackhat.com/html/webinars/ria.html 86D97FC2-3901-4BF5-9D5C-C285EDB4C4C4-1081-0000BE3BC5C04024-FFA Mon, 16 Feb 2009 12:22:04 -0500
Black Hat Europe Speaker Selection Continued:More Speakers Added to Europe Lineup We've added several more <a href="https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html">accepted BH Europe 09 speakers</a> to the website - please take a look at the lineup. We'll announce here when it's final. https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html 26C4B347-CB51-40D3-8BEB-13FE68525A1F-1081-0000BD439363C6C5-FFA Mon, 16 Feb 2009 12:07:15 -0500 Black Hat Europe Speaker Selection: First Group of Accepted Speakers Online Now that the Black Hat Europe CFP is closed, we have begun the speaker selection process. You can find the first group of <a href="html/bh-europe-09/bh-eu-09-speakers.html">accepted BH Europe 09 speakers</a> online now. Please keep an eye on that page, as we'll have some more speakers to announce very soon. https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html BFB71335-35A0-479D-A00A-00E8BBAAA97B-1081-00001851ACC906F9-FFA Fri, 06 Feb 2009 19:05:28 -0800 Black Hat USA 2009 CFP Open The Black Hat <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html">USA 2009 Call for Papers</a> is now open. We've also posted the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html">track listing for USA 2009</a> to help guide your submissions. If you have an infosec presentation the world needs to see, this is the opportunity to get it seen - please remember to submit early because the CFP will close once we have all the slots filled.<br /> https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfp.htm 80B52FD3-B51A-434B-955F-DB4FDDAC35E1-27605-000233CFD986C804-FFA Tue, 03 Feb 2009 15:14:42 -0800 Black Hat Webcast #8: Rich Internet Application Security Rich Internet Application (RIA) frameworks are seeing an enormous growth in popularity - technologies like Ajax and Flash create nearly unlimited opportunities to expand and improve the web user experience. They also bring with them a host of new security risks. The popularity of these frameworks among application developers insures that we'll see more attacks and issues in the months and years ahead.<br /> <br /> Join Black Hat Founder and Director Jeff Moss and his guests Billy Hoffman of HP and Alex Stamos of iSec for a lively discussion of new issues and security implications in the world of Rich Internet Applications. You can <a href="http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4">register for the webcast online now. http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4 BBE735FD-41A1-4642-99A4-A6ED9C601530-27605-000222E7325A1FFA-FFA Mon, 02 Feb 2009 18:45:52 -0800 Black Hat USA 2009 Registration Open now - Super Early Bird rate in Effect. Black Hat USA will be returning to Caesars Palace in Las Vegas again this summer. The training sessions will be July 25-28 and the Briefings will be July 29-30. The <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">super early bird registration rate of $1295</a> US is available now, and it's a savings of $100 US off the early bird rate that begins March 16. https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html 8EBE57BB-64E3-42D4-B195-3690E8B75C2A-27605-00021600465A810D-FFA Tue, 03 Feb 2009 15:14:22 -0800 Hyatt Regency Crystal City Sold out February 13 and 14 Just a note for all those planning to arrive early for Black Hat DC, Rooms are still available from the 15th to the 20th, but Friday, February 13 and Saturday, February 14 are sold out at the <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html">Hyatt Regency Crystal City</a>. Please make your plans accordingly. https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html A6A4F85A-9C35-42F4-B158-647CE575EB87-27605-00018DDA4CA18D39-FFA Thu, 29 Jan 2009 10:54:49 -0800 Black Hat DC Keynote: Paul B. Kurtz on "The Move from Strategic Indecision to Leadership in Cyberspace " We're very excited about DC Keynote speaker Paul B. Kurtz's selected topic. He will be speaking on the topic of "The Move from Strategic Indecision to Leadership in Cyberspace." Kurtz is a veteran of the NSC, the Home land Security Council, and the Cyber Security Industry Alliance, among others, and his presentation comes at a time when the incoming American administration has declared the cyber infrastructure a strategic asset and wants to give cybersecurity a Cabinet-level profile. Mr. Kurtz's full bio is on our <a href="http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Kurtz">DC 09 speakers page</a>. http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Kurtz 94FEEFAA-C82F-4D6D-B222-BB00B32985EB-20937-0001783B7E85C916-FFA Wed, 28 Jan 2009 12:56:59 -0800 Win a Free Pass to Black Hat Vegas: Jeremiah Grossman's 3rd Annual Top 10 Web Hacking Techniques Contest <![CDATA[From Jeremiah Grossman's Blog..."It's time once again to create the Top Ten Web Hacking Techniques of the past year. Every year Web security produces a plethora of new and extremely clever hacking techniques (loosely defined, not specific incidents) ...

This year is special, because the researcher who places #1 will not only receive praise amongst his peers, but also receive one free pass to attend the BlackHat USA Briefings 2009! Over $1,000 (US) value. Generously sponsored by Black Hat. Winners will be chosen by a panel of judges (Rich Mogull, Chris Hoff, HD Moore, Jeff Forristal) on the basis of novelty, impact, and pervasiveness."

There are already over 40 candidates, so to enter a candidate or just check out the current field, you can visit Jeremiah's blog post. ]]>
http://bit.ly/k5gB 720F19E9-3791-42D8-BA0B-928E8FA5B84E-20937-000123F459C1E76B-FFA Tue, 27 Jan 2009 11:52:10 -0800
Black Hat DC Group Rate Extended : Now Valid Until February 2 <![CDATA[The Hyatt Regency Crystal City - home to Black Hat DC 2009 - has added a week to our group rate. This means you have an additional seven days to save on rooms at the hotel.

The simplest and most convenient way to reserve your room is to
register online.


You may also call the hotel directly:
+703-418-1234 or
1-800-233-1234 and use the Group Code: BLACK HAT, Tech Web or UBM
]]>
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html C647E261-B8D5-4ADD-904C-45EE14EB54D4-15457-0000DDF38AABD960-FFA Mon, 26 Jan 2009 13:44:23 -0800
Audio Online for Black Hat Webcast 7 - OS X Security Black Hat <a href="http://bit.ly/webcast7a">Webcast 7</a> on OS X Security with Jesse D'Aguanno and Tiller Beauchamp is online and available for download now. You can also watch the <a href="http://bit.ly/webcast">Web Sync version</a> that shows the slides along with the audio. <a href="mailto:[email protected]?subject=Webcast Feedback">Let us know what you think</a> about the webcasts and suggest new topics - we're always looking for good suggestions. http://bit.ly/webcast7a AA972A27-F146-47FE-8795-7CDC5FCDA313-1613-0000CDC0BA4392BC-FFA Fri, 23 Jan 2009 18:05:36 -0800 Black Hat Speakers in the News : Vincenzo Iozzo Reveals Stealthier Mac Attacks Researcher <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Iozzo">Vincenzo Iozzo</a> will be revealing a new way to inject hostile code into OS X machines at next month's <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html">Black Hat DC</a> event. <a href="http://bit.ly/TRyk">The Register</a> has a very interesting article to get you ready for his presentation. http://bit.ly/TRyk 54B768FC-0713-4DFF-A079-269F88050AF2-1613-000054723FE82CDF-FFA Wed, 21 Jan 2009 14:40:22 -0800 Black Hat Speakers in the News: Jesse D'Aguanno and Tiller Beauchamp <![CDATA[

Black Hat webcast #7 on OS X security was covered in internetnews.com and the author has a pretty good synopsis of the events. If you want to revisit the presentations, you can check out the websync version of the webcast
or you can watch this space for the audio version that will be up next week.

]]>
http://bit.ly/YMF 0D72DC65-9557-4AD2-961B-F3DB2076C492-1613-000026693130F12E-FFA Sat, 17 Jan 2009 19:25:18 -0800
Black Hat DC Rate Reminder Black Hat DC's regular registration rate will end February 1, so register soon to save $200. You can register online here:<br /> <br /> https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.htm<br /> <br /> or learn more about the event here:<br /> <br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html 3AF57944-D0D1-41FF-AC72-577FD098E9F9-345-000001CF16B48F09-FFA Tue, 13 Jan 2009 02:05:45 -0800 Reminder: Black Hat Webcast #7 - Mac OS X Security Don't forget to sign up for our free webcast with Jesse D'Aguanno and Tiller Beauchamp on OS X Security. The event is Thursday, January 15 at 1pm PST/4pm EST. To register now, go to http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660<br /> <br /> It promises to be a very interesting presentation, and we're looking forward to your questions. We hope you'll join us. http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660 ABFFC640-B42D-446C-A04F-7D9FF98EB986-345-0000010CE2AAD5E0-FFA Tue, 13 Jan 2009 01:43:32 -0800 Black Hat Speakers in the News: Rafal Wojtczuk, Joanna Rutkowska and Intel Trusted Execution Technology Rafal Wojtczuk and Joanna Rutkowska will be presenting the software they've created to compromise Intel's Trusted Exectuion Technology (formerly LaGrande) at Black Hat DC 2009. The announcement has made some big waves already, as evidenced by this piece in InfoWorld.<br /> <br /> http://www.infoworld.com/article/09/01/06/Researchers_hack_into_Intels_vPro_1.html<br /> <br /> You can read the abstract for their Black Hat presenation here.<br /> <br /> http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk http://www.infoworld.com/article/09/01/06/Researchers_hack_into_Intels_vPro_1.html F0DD2F23-561F-4162-8CC5-7B01DAE6B7D8-4669-000033D022EBCF40-FFA Mon, 12 Jan 2009 23:54:03 -0800 Black Hat Speakers in the News: DC Keynote Speaker Paul Kurtz There's an interesting article in Forbes online about the top candidates for the incoming administration's "Cyber Czar." Choice quote: "Paul Kurtz, currently a security consultant with Arlington, Va.-based Good Harbor Consulting, is the new administration's top choice for the post, according to several sources within Washington's cybersecurity community..." You can read the entire article here:<br /> <br /> http://www.forbes.com/technology/2008/12/18/cybersecurity-czar-obama-tech-security-cx_ag_1219cyberczar.html http://www.forbes.com/technology/2008/12/18/cybersecurity-czar-obama-tech-security-cx_ag_1219cyberczar.html 7C35B71F-DE95-4085-AA44-AA87F73DFC0F-804-0000051152647B13-FFA Fri, 09 Jan 2009 14:43:51 -0800 Black Hat Free Webcast #7: OS X Security Our seventh installment of the Black Hat Webcast Series arrives next week with an in-depth and fascinating look into the world of Mac Security. As the Mac platform grows in popularity both with the general public and the enterprise, we’ve seen an increase both in attacks and reasearcher interest in the topic of OS X Security. <br /><br /> Black Hat Speaker Jesse D’Aguanno will be presenting on the topic of “Crafting OS X Kernel Rootkits – Fundamentals.” We’ll also have a presentation by Tiller Beauchamp of IOActive will be talking about Applied Reverse Engineering on OS X. It's sure to be a fascinating conversation. Bring your questions - the last 30 minutes or so will be a question-and-answer session. You can register online here:<br /><br /> http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660<br /> <br /> For more information about Black Hat's webcast series, including an archive of our previous webcasts in audio format you can go to https://www.blackhat.com/html/webinars/webinars-index.html<br /><br /> http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660 96B1F7DC-DF2D-463C-9E5D-A1CB17AF6749-6770-00041E899F6CA412-FFA Thu, 08 Jan 2009 19:04:26 -0800 Black Hat DC Speaker List Complete We have our speaker lineup for the Briefings almost entirely hammered out, just about a week ahead of schedule and we’re very pleased with the way it’s shaped up. You can take a look here:<br /> <br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html E02B456E-53E0-402A-A0F8-1132AE633FA3-6770-00041E3E9C561ECD-FFA Tue, 13 Jan 2009 01:40:15 -0800 Black Hat Speakers in the News: Alexander Sotirov on Creating Rogue CA Certs Today, Alexander Sotirov and Jacob Applebaum presented a proof of concept showing an attacker can subvert browser certificate validation and read or alter data sent to secure websites. Read more about their MD5 collision presentation here on Sotirov's blog. http://www.phreedom.org/research/rogue-c 36408651-90CF-4AF4-A7EF-4682BCD4D4EA-58183-0001E23F01F2363B-FFA Tue, 30 Dec 2008 10:06:25 -0800 Black Hat Webcast #6 Audio Now Online You can now listen David Litchfield's webcast presentation about his new Oracle database forensics tool orablock online here:<br /> <br /><br /> Bookmarkable audio version:<br /> https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b<br /> <br /> Web Sync Version<br /> <br /> http://w.on24.com/r.htm?e=122240&amp;s=1&amp;k=57F93C9128D5D1BBC64B8AE7177FB981 https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b 84D8DF37-DCA6-4869-BB38-C4154DAE8C91-6274-0001A9AD92E63637-FFA Tue, 23 Dec 2008 13:49:25 -0800 https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b A Few Early DC Speaker Announcements We usually wait until the CFP is closed before we start posting speakers, but we've accepted some speakers for our DC event early. We're pretty excited about how things are shaping up, so we're publishing the speakers page a little early. There will be a lot of changes to this page in the next few weeks, so keep checking back with us.<br /> <br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html F21056EB-B8D7-4224-8A37-76A24D6FF955-6274-0001A6F4EB9D4667-FFA Tue, 23 Dec 2008 12:21:17 -0800 Black Hat Facebook Fan Page Looking for another way to connect with Black Hat? We're experimenting with a Facebook Fan Page. We'd love to see your check it out, and maybe share something - photos, ideas, links to interesting information. Hope to see you there.<br /> <br /> http://www.facebook.com/pages/Black-Hat-Briefings/107691635153 http://www.facebook.com/pages/Black-Hat-Briefings/107691635153 FD8E3436-F716-48B0-BFD7-0FAEDC5DC6DB-6274-0001542F576C14D0-FFA Mon, 22 Dec 2008 18:42:53 -0800 Black Hat DC rate reminder Black Hat DC's earlybird registration rate will end January 1, 2009. so consider registering soon for the best rate. You can register online here:<br /> <br /> https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html<br /> <br /> or learn more about the event here:<br /> <br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html 71B47291-FBB8-47B8-A1DF-F81B6A992102-2019-00001478BE7780CC-FFA Tue, 16 Dec 2008 13:21:19 -0800 Reminder - Black Hat Free Webcast #6: Database Forensics with David Litchfield Don't forget to sign up for your webcast with David Litchfield and his brand new Oracle database forensic tool, orablock. To register for free, follow this link:<br /> <br /> http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981<br /> <br /> It promises to be a very interesting presentation, and we're looking forward to your questions. We hope you'll join us. http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981 78E5D9D3-54D5-4899-AFE3-2D9BAB8A39F1-2019-000013D887B08A2C-FFA Tue, 16 Dec 2008 13:06:29 -0800 Black Hat Japan 2008 Audio Now Online Bookmarkable audio for all talks is now available in the Japan 08 archive. Lots of good stuff there - please enjoy. The archive link is <br /> <br /> https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html<br /> <br /> The Keynote is enclosed with this entry, but there are lots of great presentations to check out. https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html D09EC2A7-F443-4635-B129-DCEDC1ACD591-6306-0000698B45D0AF68-FFA Tue, 09 Dec 2008 21:10:02 -0800 https://media.blackhat.com/bh-japan-08/audio/BlackHat-Japan-08-KeyNote-Dan-Kaminsky-End-of-Cache-en.m4b New Blackpage Entry from Jeff Moss: General Black Hat Update <![CDATA[Black Hat Japan was a big success. We had a strong field of presenters and the audience response was excellent. If you'd like to hear any of the talks you might have missed, the audio is available online now (in bookmarkable m4b format) here.

Now we're gearing up for Black Hat DC, February 16-19 at the Hyatt Regency Crystal City in Arlington Virginia. The event is divided into two sections, with two days of intense, hands-on Training Sessions followed by a two-day, four-track Briefings portion with a wide variety of exciting speakers and presentations. Black Hat DC is a unique information security event that places a special emphasis on the needs of security professionals who work in government service and infrastructure. We think this one will be our best DC event yet. We've got a large number of brand new trainings and even though the Black Hat DC Call for Papers doesn't close until January 1, but we've already confirmed some exciting Briefings presentations.

Crowd favorite Adam Laurie will return with a satellite-hacking presentation entitled "Satellite Hacking for Fun and Profit."
Database guru David Litchfield will present a powerful new database forensics tool in a presentation he's calling "The Forensic Investigation of a Compromised Oracle Database Server."
Andrew Lindell's contribution is entitled "Making Privacy-Preserving data Mining Practical with Smartcards."
In the hardware hacking area we have a very interesting presentation from Travis Goodspeed on reverse engineering and exploiting wireless sensors.
Our lineup of brand new training sessions includes a physical security training by Zac Franken and Adam Laurie entitled "RFID, Access Control and Biometric Systems", a Metasploit course called "Tactical Exploitation" by Metasploit creator HD Moore and a course on "Understanding and Deploying DNNSEC" by Paul Wouters and Patrick Nauber.

Another reminder is that Black Hat is still considering Briefings speaker applications for both Black Hat DC and Black Hat Europe, so if you have a strong, compelling and technical presentation to share, please let us know! To be considered for Black Hat DC, you'll need to have your work in our system by January 1. The deadline is February 1 for the Black Hat Europe CFP, the details for potential presenters are available online at https://cfp.blackhat.com.

As always, it's best to register early for the training of your choice to make sure there's a place for you - seats are limited. To learn more about all of our training courses, the training index is now live at https://www.blackhat.com/html/bh-dc-09/train-bh-dc-09-index.html

NEW FREE WEBCAST - Oracle Database Forensics
We're always looking for new ways to share with the community of Black Hat attendees. One result of these efforts is the Black Hat Webcast series. We started in July with a preview of the Black Hat USA event, but we've since had five of these monthly free web events and we're very pleased with the results. From Dan Kamisnky's DNS vuln to Jeremiah Grossman on clickjacking, we've brought researchers and experts together for valuable discussions and in-depth understanding of some of today's most interesting security issues.

Black Hat's webcast series continues with another powerful presentation from a popular Black Hat speaker. This month's presenter is David Litchfield of NGS software, speaking on Oracle database forensics, and he will be releasing a new tool called orablock which he describes this way:

"Orablock allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box."

Please join us to learn about Oracle DB forensics from one of the innovators of the field, as well as learn about his new tool and to get your questions answered. The webcast will be held on December 18 at 1pm PST. Registration is free and online at this link:

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
For more information about Black Hat's webcast series, including an archive of our previous webcasts in audio format you can vist our webcast index page.

https://www.blackat.com/html/webinars/webianr-index.html
You can also sign up to the webcast mailing list by sending an email to [email protected].


Thank you for supporting all of our 2008 events. It's been a great year for Black Hat and we're expecting even bigger things in 2009. Please keep sending in your comments and suggestions to us - it's great to have such an interested and vital community around our events and we truly value your feedback. Happy Holidays to all of you and we hope to see you in DC just few short months from now.

Jeff Moss]]>
https://www.blackhat.com/html/blackpages/blackpages.html 27FFEF52-DE6E-444A-83A4-20FDF9B025D3-6306-0000690313966A13-FFA Tue, 09 Dec 2008 21:04:42 -0800
Black Hat Webcast #6: Database Forensics with David Litchfield Database Security expert David Litchfield will join us to discuss his new paper "Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Examinations" and his new database forensics tool, orablock.<br /> <br /> You can learn more here:<br /> <br /> https://www.blackhat.com/html/webinars/orablock.html<br /> <br /> And you can register by following this link:<br /> <br /> http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981 http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981 ADCFEE3A-F152-4AF8-AE39-D13E1C72B219-278-00006D2B851324C2-FFA Wed, 26 Nov 2008 12:52:25 -0800 Black Hat Webcast #5 Now Online in case you missed Black Hat Webcast #5 : Clickjacking and Browser Security with Jeremiah Grossman, the archived version is now online in two formats. <br /> You can listen to the audio here:<br /><br /> https://media.blackhat.com/webinars/black-hat-webcast-5-november-08-clickjacking.m4b <br /> Or follow the slides in the live websync by following this link:<br /> <br /> http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 00093704-E7E5-49E1-A5E8-D6F7B7CEC52D-278-0000686CBAADA89A-FFA Wed, 26 Nov 2008 12:17:43 -0800 Black Hat Speakers in the News: IETF Ponders DNS Threat Techworld.com has an interesting article about the IETF and their deliberations over the DNS vuln that dan Kaminsky presented at Black Hat USA 2008. <br /> <br /> http://www.techworld.com/security/news/index.cfm?RSS&NewsID=107430 <br /> <br /> Choice Quote:"The DNS is a really old protocol and it is fundamental to the Internet. We're not talking about patching software. We're talking about patching a protocol. We want to make sure that whatever we do doesn't break the Internet."<br /> <br /> You can see Dan's presentation here:<br /> <br /> https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v http://www.techworld.com/security/news/index.cfm?RSS&NewsID=107430 6D19BC69-4813-4DEC-868E-8A9114BB3A6C-278-00000144D0C6254F-FFA Mon, 24 Nov 2008 12:39:26 -0800 Black Hat Speakers in the News: Wysopal on Clickjacking Black Hat speaker Chris Wysopal has some interesting comments on SecurityFocus about clickjacking - the subject of our most recent webcast. You can read his posting at this link:<br /> <br /> http://www.securityfocus.com/columnists/483<br /> <br /> Choice quote: “Clickjacking isn’t going to go away any time soon. Every browser or plug-in that can display a flexible user interface will need to be made more restrictive.” http://www.securityfocus.com/columnists/483?ref=rss 6EDF6342-32C3-4DD1-B5D4-C505003FDDCD-18295-0002CB8D8DCF1953-FFA Sun, 23 Nov 2008 18:40:00 -0800 Last chance to sign up for Black Hat Free Webcast #5: Clickjacking and Browser Security Don't miss your chance to get registered for the Black Hat Webcast #5: Clickjacking and Browser Security. The webcast will be tomorrow, November 20 at 1pm PST/4pm EST and will feature Jeremiah Grossman, co-discoverer of Clickjacking and CTO/Founder of WhiteHat Security and MIcrosoft's Eric Lawrence, Security Program Manager on the Internet Explorer 8.<br /> <br /> You can register for the webcast at <br /> <br /> http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2<br /> <br /> We hope to see you there.<br /> http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 310EADA3-A34B-4B7F-9681-C63252B943AE-18295-000141180B3FAFC1-FFA Wed, 19 Nov 2008 12:26:51 -0800 CFPs open for Black Hat DC and Black Hat Europe If you're interested in submitting for Black Hat DC, please go to:<br /><br /> https://www.blackhat.com/html/bh-dc-09/bh-dc-09-cfp.html<br /> <br /> To learn the rules and get your paper into our system. If you're interested in Black Hat Europe, the link is<br /> <br /> https://www.blackhat.com/html/bh-europe-09/bh-eu-09-cfp.html https://www.blackhat.com 92052A61-E592-4236-8B23-F7976833972A-11295-0000B543CFE1DE65-FFA Wed, 12 Nov 2008 14:03:02 -0800 Black Hat Webcast #5 Scheduled Black Hat Webcast #5 will be on the subject of Clickjacking with co-discoverer of the issue Jeremiah Grossman. The free event will take place on Thursday, November 20 at 1pm PT/ 4pm ET. You can register here:<br /> <br /> http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2 DFA0514C-FDC3-445F-936D-78F4776B6CD5-12250-00008868719E7867-FFA Fri, 31 Oct 2008 11:42:44 -0700 Black Hat Webcast 4 Available Online Now If you missed this webcast, now is your chance to listen to this very informative, technical event. The event featured great audience questions and a stellar main presentation by Tony Kapela. If you want to view the web sync version, the link is here:<br /> <br /> http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277<br /> <br /> To listen to this webcast in mp3 format, the link is here:<br /> <br /> https://media.blackhat.com/webinars/blackhat-webcast-4-october-08-kapela.mp3 http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277 467763D9-B5A0-410F-A533-BE2C411D446C-70498-00066B431A4E3479-FFA Tue, 21 Oct 2008 11:27:38 -0700 Black Hat Japan Presentations and Whitepapers Online You can view them here <br /> <br /> https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html 22FDFE1B-4C5C-4409-8522-26CAE0A5DCA1-38447-00031D14D6FD7CA9-FFA Fri, 10 Oct 2008 17:02:14 -0700 Black Hat Free Webcast #4 Thursday, Oct. 16 1pm PST: Trust Doesn't Scale: Practical Hijacking on the World's Largest Network In this webcast, we take the amazing Kapela/Pilosov BGP hijacking presentation at DEFCON 16 as a starting point and look into the issues that relate to securing a world-wide trust-based network. If you missed it, they did a lot more than just present a talk - they actually intercepted and rerouted all the traffic from the notorioulsy hostile DEFCON network as a proof of the concept. Not only did it work, but it was almost completely invisible to congoers. Anton Kapela presents, with Jeff Moss and a couple of special guests. To learn more, click here:<br /> <br /> https://www.blackhat.com/html/webinars/practicalhijacking.html<br /> <br /> We hope to see you there. http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277 F256C6A6-5445-4E84-8057-DF5F95087A54-38447-0002C899A1F5701A-FFA Thu, 09 Oct 2008 15:19:13 -0700 Black Hat Japan 08 Online Registration Closes September 30 <![CDATA[BH Japan 2008 Online Regsitration closes September 30th. If you wish to regsiter after that time you will need the Onsite Registration Form which can be found at this link:

https://www.blackhat.com/html/bh-japan-08/bh-jp-08-reg-forms/OnsiteRegForm_BR.pdf

.
The Onsite Reg Form can be presented in person at the Venue, emailed to Black Hat Registration

[email protected]


Black Hat Registration
or faxed to Black Hat at +1 206 219 4143]]>
https://www.blackhat.com/html/bh-japan-08/bh-jp-08-reg-forms/OnsiteRegForm_BR.pdf D26A3AFF-577B-4225-A989-007A747A4D98-9142-00013E84D64D341A-FFA Mon, 29 Sep 2008 14:27:40 -0700
Black Hat Free Webcast #3 - "How to Impress Girls with Browser Memory Protection Bypasses" Black Hat Webcast #3 is scheduled for 1pm PT on Thursday, September 18 and we're trying something new this time. We're bringing back one of our most popular talks for a live reprise. We'll have Alexander Sotirov and Mark Dowd to give their Vista security presentation and answer audience questions. Whether you missed it because you were in another talk, or because you weren't in Vegas at all, this is a great time to get up close and personal with our speakers and get some cutting-edge info about Vista.<br /> <br /> If you're interested in registering for this free webcast event, follow this link:<br /> <br /> http://w.on24.com/r.htm?e=117307&s=1&k=77CB8EE0B5BC4EC5AB070B8AB487B085 http://w.on24.com/r.htm?e=117307&s=1&k=77CB8EE0B5BC4EC5AB070B8AB487B085 B637148E-E972-4303-9B40-482116831884-997-0000499428A85CA9-FFA Wed, 10 Sep 2008 14:53:17 -0700 Black Hat Japan Briefings Schedule and Speakers Online You can view the current speakers and schedule for BH Japan 08 by following these links:<br /> <br /> Speakers:<br />https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-speakers.html <br /> <br /> Schedule:<br /> https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-index.html#brisch01 <br /> <br /> Please continue checking the Black Hat Japan USA speakers and schedule pages for ongoing updates as the conference lineup is finalized. https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-speakers.html 781009F9-696F-4183-B465-1C75C662B48A-997-00000C33A3255B5F-FFA Tue, 09 Sep 2008 20:16:44 -0700 Beyond Document.Cookie - Another Presentation From BHUSA08 Now Online <![CDATA[Nathan McFeters, Jon Heasman and Rob Carter gave a very popular and heavily covered presentation this year that introduced the world to the term "gifar." It's fascinating information, and well presented. We hope that those of you who couldn't make it to the Vegas event will get a taste of the kind of presentations attendees get to see and attendees who weren't able to make it to the Beyond Document.Cookie will get their chance to see the presentation in full.

Standard Video
Full Video
mp3 Audio]]>
http://media.blackhat.com/bh-usa-08/audio/bh-us-08-McFeters/bh-us-08-McFeters.m4b E993CA83-E935-436D-8369-13FA8EA35019-18467-00020AC161CDA0D5-FFA Tue, 23 Dec 2008 13:53:24 -0800 https://media.blackhat.com/bh-usa-08/audio/bh-us-08-McFeters.m4b
AV Tokyo Following Black Hat Japan AV Tokyo, which used to be the "drinking party that follows Black Hat Japan" has grown into a one-day conference of its own. It's close, inexpensive and should be good fun. If you're interested in learning more, go to<br /> <br /><br /> http://en.avtokyo.org/ <br /> <br /> We hope to see you there. http://en.avtokyo.org/ B7BE2316-786A-462F-8E5D-8C6A3DB0602F-2585-00004D6D87CED40E-FFA Wed, 03 Sep 2008 20:13:52 -0700 Dan Kaminsky's Black Hat Presentation Video and Audio Now Online <![CDATA[Dan Kaminsky's talk about the DNS flaw he discovered was probably enormously popular at BH USA 08 - we now make it available online for the benefit of the wider security community.

To download the audio, follow the link below.

https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v

To download the audio with slides, follow the link below.

https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2.mp3
Watch this space for more conference video and audio as it becomes available.

]]>
https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v 8138196C-6394-4FFD-A60C-706505F4565B-2618-0001647082E22F60-FFA Sun, 24 Aug 2008 23:38:27 -0700
Black Hat USA 2008 Presentations Now Online We've put the majority of the Black Hat USA 2008 slide presentations and White Papers online at <br /> <br /><br /> <a href="https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html">https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html</a><br /> <br /><br /> Keep your eye on this page for the rest of the presentations and video and audio. https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html 2EC3C21F-65D2-45FE-9AE6-A1EFE81CE618-2618-000028F2974CFBEA-FFA Wed, 20 Aug 2008 23:09:50 -0700 Black Hat USA 2008 Flickr Feed You can take a look at our official Flickr feed for USA 2008 here:<br /> <br /> <br /> http://flickr.com/photos/adunne/sets/72157606583937690/ http://flickr.com/photos/adunne/sets/72157606583937690/ 2751D606-E8E3-464E-B186-06B1C9BD4371-11573-0000DEBFE188717C-FFA Thu, 07 Aug 2008 12:08:56 -0700 EFF Launches Coders' Rights Project at Black Hat Conference <![CDATA[The Electronic Frontier Foundation (EFF) today
launches its Coders' Rights Project -- a new initiative to
protect programmers and developers from legal threats
hampering their cutting-edge research.

In conjunction with the project's launch, EFF is staffing
an "EFF Is In" booth at Black Hat USA 2008 in Las Vegas on
August 6 and 7. At the booth, EFF attorneys will provide
legal information on reverse engineering, vulnerability
reporting, and copyright law, as well as patent, trade
secret, and free speech issues.

The rest of the release is here:

http://www.eff.org/press/archives/2008/08/05-0
]]>
http://www.eff.org/press/archives/2008/08/05-0%0Dhttp://www.eff.org/press/archives/2008/08/05-0 36300A47-A73D-43F7-B3A1-B6FD5AA749BD-6871-00009D58E99B1F5E-FFA Wed, 06 Aug 2008 09:48:45 -0700
Sign up to Black Hat USA 2008's Twitter Feed for Breaking News If you're planning on attending Black Hat USA 2008, please consider signing up for the Twitter Feed. We'll use it (sparingly, of course) to bring you updates and breaking information as the show goes on. It can also be useful to meet other attendees and to twitter about whatever you're doing when the talks are done for the night. To sign up, go to <br /> <br /> https://twitter.com/BlackHatUSA2008 https://twitter.com/BlackHatUSA2008 10FAA3A1-1249-4460-BD42-20CDE0717C8A-491-0000586CBAD888FB-FFA Mon, 04 Aug 2008 07:55:59 -0700 Black Hat Speakers in the News: Nate McFeters, John Heasman and Rob Carter in InfoWorld Here's a link to a story in InfoWorld that deals with the subject of McFeters, Heasman and Carter's BH USA 2008 presentation, entitled The Internet is Broken. The researchers will demo software they've created that makes it possible to create files that look to a server like a standard graphic file but to a browser appear to be a Java Applet. This could enable attackers to run malicious Java code in the victim's browser. If you're in Vegas for Black Hat, they are speaking on August 7 at 3:15pm in the Florentine Ballroom. You can also hear their preview of this talk on <br /> Black Hat Webcast #1 here:<br /> <br /> <br /> http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=4CI http://www.infoworld.com/article/08/08/01/A_photo_that_can_steal_your_online_credentials_1.html FDF7154F-9066-41E1-A7BC-7F82ECC02F72-49400-0002E1339049F517-FFA Fri, 01 Aug 2008 19:27:32 -0700 Black Hat Webcast #2 with Dan Kaminsky is Now Online Our second webcast was very well attended and full of great information from Kaminsky about the DNS Vulnerability that's all over the news these days. If you weren't able to make it to the live event, you can catch up now online.<br /> <br /> To view a synced online replay, follow this link<br /><br /> https://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=114268<br /> <br /> To download the mp3, follow this link<br /><br /> https://www.blackhat.com/webinars/html/blackhat-webcast-2-july-08.mp3 https://www.blackhat.com/html/webinars/kaminsky-DNS.html CA1D5F57-AC84-4E65-A537-FED68AF52F29-1730-00014D752A9D1ED5-FFA Fri, 25 Jul 2008 20:45:03 -0700 EFF Is IN at Black Hat 2008! The EFF Is IN Booth is a public service provided at Black Hat USA 2008 in Las Vegas, Nevada from August 6 to August 8. At the EFF Is IN Booth, attorneys from the Electronic Frontier Foundation will be available to provide legal information on reverse engineering, vulnerability reporting, copyright law, patent, trade secret, free speech and other issues related to security research and reporting. We'll also be available to consult with individuals or companies who want more information about how the law might affect their current research and upcoming presentations.<br /> <br /><br /> The EFF Is IN Booth is a service of EFF's Coders' Rights Project. To make an appointment for a consultation, please email Alyssa Ralston, Development Assistant, at [email protected], or drop by the table at the conference. <br /> <br /> To learn more about the Electronic Frontier Foundation: http://www.eff.org http://www.eff.org A5982B80-73C8-4993-BBC7-A69AC949B33C-1730-000068196B1842C5-FFA Tue, 22 Jul 2008 19:29:43 -0700 Pwnie Award Nominations Are Out After 134 submissions and what we assume were heavy and spirited deliberations, the list of Pwnie nominees is up. Take a look here<br /> <br /> http://pwnie-awards.org/2008/awards.html http://pwnie-awards.org/2008/awards.html 6D2C723E-9A62-4205-A814-B6D01AFAF09B-1730-00001674112761C1-FFA Mon, 21 Jul 2008 19:33:10 -0700 Registration Now Open for BH Webcast number 2 With Dan Kaminsky It's all over the news: Dan Kaminsky found a major, fundamental flaw in DNS that renders practically any name server vulnerable. He'll be speaking in depth on this discovery in August at BH USA, but he's agreed to discuss it a few weeks early. Get your best questions ready - the webcast will be live Thursday, July 24 at 1pm PT/4pm ET.<br /> <br /> Join Dan Kaminsky, director of penetration testing for IOactive; Jerry Dixon, former director of the National Cyber Security Division at DHS; and other experts to discuss the largest synchronized security update in the history of the Internet. Dan will tell the story behind the discovery, and the process of creating and deploying the fix.<br /> <br /> Reserve your place by registering now at http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02 http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02 740FB1BA-21F5-42FF-B7C0-86F9EFE034B7-78980-0001D833C05E3AC6-FFA Tue, 15 Jul 2008 14:10:57 -0700 Black Hat Speakers in the News: Dan Kaminsky Announces Massive, Multi-vendor DNS Issue <![CDATA[Dan Kaminsky announced today a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. Kaminsky also announced that he had been working for months with a large number of major vendors to create and coordinate today's release of a patch to deal with the vulnerability.

Dan will be elaborating much further on the discovery and the solution at Black Hat USA 2008 and in our second Black Hat webcast on June 24, 2008 at 1pm PT. To get on the subscription list for free registration information for Black Hat webcasts please send a mail to

[email protected]
To find out if you are vulnerable to this issue, you can use the DNS checker link on the top of Kaminsky's webpage at :

http://www.doxpara.com

To read the executive summary to the CERT advisory, you can go to

http://www.securosis.com/publications/DNS-Executive-Overview.pdf


To hear the audio of today's press conference in full, go to

https://media.blackhat.com/webinars/blackhat-kaminsky-dns-press-conference.mp3

To get webcast and other breaking information from Black Hat on twitter, go to

http://www.twitter.com/BlackHatUSA 2008

]]>
https://media.blackhat.com/webinars/blackhat-kaminsky-dns-press-conference.mp3 D3EA75AA-2B50-44A7-8912-0C425F3DAC4D-15829-000B80FC1EF8BC98-FFA Tue, 08 Jul 2008 16:33:40 -0700
Pwnie Awards Nominations Close July 14! <![CDATA[The Pwnie Awards ceremony will return to the BlackHat USA 2008 conference in Las Vegas. Last year's inagural event was a lot of fun, and we hope it will only get better. What should you expect from this year's ceremony? Exciting new categories, an inspirational acceptance speech by the winner of the Lamest Vendor Award and a special sing-along led by HD Moore!

The Pwnie Awards is an annual awards ceremony celebrating the achivements and failures of security researchers and the wider security community. We're currently accepting nominations in nine award categories, including two new ones for this year:

* Best Server-Side Bug
* Best Client-Side Bug
* Mass 0wnage
* Most Innovative Research
* Lamest Vendor Response
* Most Overhyped Bug
* Best Song
* Most Epic FAIL (new for 2008)
* Lifetime Achievement award for hackers over 30 (new for 2008)

The deadline for nominations is Monday, July 14. To submit a nomination,
visit the Pwnie Awards site at http://pwnie-awards.org/]]>
http://pwnie-awards.org/ CEE1B7CA-74B4-45A6-9B6F-40DCF0B6D519-15829-000B77E9967A5D6F-FFA Tue, 08 Jul 2008 11:20:57 -0700
Black Hat Japan 2008 Call for Papers Now Open The Black Hat Japan 2008 Call for Papers is now open. <br /> <br /> https://cfp.blackhat.com/<br /> <br /> Early submissions allow more time for review. Please note that the Black Hat Japan 2008 Call for Papers will close on September 1. https://cfp.blackhat.com/ 6CD44BE2-E7FF-43C6-83E2-26AD2E42F5D8-15829-000B3964781F4EE2-FFA Mon, 07 Jul 2008 16:14:59 -0700 Listen to Black Hat Webinar No. 1 Now Our first webcast is now online. If you couldn't be there live, this is your opportunity to preview some of the presentations going on at Black Hat USA 2008. <br /> <br /> The webcast audio is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3<br /> <br /> The powerpoint presentation is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3t<br /> <br /> If you'd like to be alerted about our next webcast, please sign up to our notification list at<br /> <br /> [email protected] https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3 FFD47D55-2542-420A-AC65-2BB8385BB449-15829-0009B9E0902CA8F0-FFA Wed, 02 Jul 2008 19:47:26 -0700 Black Hat Webcast Mailing List Our first webcast went very well - over 500 of you joined us. We're going to try to do these at least monthly from now on, so if you want to know when the next Black Hat webcast is happening, you can subscribe to our Webcast Mailing List by sending an email to [email protected].<br /> <br /> Another way to keep in touch with us is to join the Black hat Twitter feed - we'll announce all upcoming events and activities there. To subscribe, head on over to <br /> <br /> http://www.twitter.com/blackhatusa2008<br /> <br /> mailto:[email protected] 8B3A6480-2A98-4C40-9446-D5413AB54937-15829-0009256EA0BD377B-FFA Mon, 30 Jun 2008 21:55:41 -0700 Black Hat Speakers in the News: Mark Dowd 'Obliterates" Vista Security The headline is pretty sensationalistic, but we're always happy to see the tech press recognizing the importance of upcoming Black Hat talks. In an online article for ZDNet.com.au, Mark's talk is referenced and although Mark doesn't say anything nearly as inflammatory as the title, we encourage you to check out his talk at BH USA 2008, since obliteration of a major OS is bound to make some news.<br /> <br /><br /> http://www.zdnet.com.au/news/security/soa/Vista-security-to-be-obliterated-at-Black-Hat/0,130061744,339290040,00.htm http://www.zdnet.com.au/news/security/soa/Vista-security-to-be-obliterated-at-Black-Hat/0,130061744,339290040,00.htm 08C3A9FB-5A13-43A5-AE04-4BC6023576CF-15829-000781BABBA3057E-FFA Wed, 25 Jun 2008 13:57:22 -0700 Regular Registration Rates Close July 1 All prospective Black Hat attendees should keep in mind that the regular rates in place now will be ending on July 1. To take advantage of current prices, consider registering soon. https://www.blackhat.com/html/bh-registration/bh-registration.html 59037A20-4473-46D2-8E57-D31936418680-15829-00076CD05D98B807-FFA Tue, 24 Jun 2008 17:13:51 -0700 Last Chance to Register for Black Hat's First Webcast Black Hat presents its first webcast on June 26 at 1pm pacific/ 4pm eastern. The subject is "The Forbidden Sneak Peek - Black Hat USA 2008" and we'll have some great speakers on hand to give you a look into some of the subjects they'll be presenting in August. We're planning to turn this into a regular event, so your participation and feedback are encouraged. It's free of charge - you can sign up at <br /> <br /> http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1<br /> <br /> if you'd like to subscribe to a mailing list that will alert you to upcoming Black Hat Webcast events, send an email to <br /> [email protected] http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1 9CAA43AB-A91F-4769-A69F-A2C6E0356F76-15829-00076CD00E119D90-FFA Tue, 24 Jun 2008 17:06:14 -0700 More Pwnie Awards News The fine folks who bring you the Pwnie awards are currently accepting nominations in 9 award categories, including the ever-popular Pwnie for Most Overhyped Bug and Pwnie for Mass Ownage. Two of the categories for this year are new: Pwnie for Most Epic FAIL and a Lifetime Achievement Award for hackers over 30. <br /> The nominations will be open until July 14 and the list of nominees will be published shortly thereafter<br /> <br /> The Pwnie awards will be held at BH USA 08 - to learn more about their plans or to nominate someone yourself, head over to <br /> <br /> http://pwnie-awards.org/ http://pwnie-awards.org/ 6A6BD584-76E0-4576-B649-68FB8CB4A94C-15829-0005F43A057E6E55-FFA Thu, 19 Jun 2008 19:40:08 -0700 Black Hat Webcast No. 1 Makes the O'Reilly Radar Blog <![CDATA[Jim Stodgill of the O'Reilly Radar Blog

http://radar.oreilly.com/archives/2008/06/satan-is-on-my-friends-list.html

has checked in with an exceptionally funny piece on the difference the Black Hat style and the style of other tech conferences. We're sure you'll get a chuckle of recognition out of the piece. A choice quote:

"Maybe I'm reading too much into this, but for what its worth, I've attended both Black Hat and O'Reilly conferences and can't recall Satan making a single appearance in an O'Reilly conference program."

At Black Hat HQ we loved the piece and we look forward to seeing him at the webcast.

]]>
http://radar.oreilly.com/archives/2008/06/satan-is-on-my-friends-list.html C952F782-0B30-4111-9C02-F6A4F4F95461-35515-000419807A64EBE2-FFA Fri, 13 Jun 2008 18:24:24 -0700
Wall of Sheep Coming to Black Hat Every year at DEFCON, Riverside runs the Wall of Sheep - exposing the shame of attendees who log into the conference network as root. But in addition to embarrassment, Riverside's crew offers enlightenment - they're available in person to show you the setup that's sniffing out your mistakes and to educate you on the fine points of hardening your box for the rigors of public computing.<br /> <br /> This year, Black Hat attendees will have the same learning/shaming opportunities as the Wall makes its way to Black Hat for the first time. Compute accordingly.<br /> <br /> Here's a link to an old article in MAKE that lays it out for you.<br /> <br /> http://blog.makezine.com/archive/2005/07/_defcon_the_wall_of_sheep.html http://blog.makezine.com/archive/2005/07/_defcon_the_wall_of_sheep.html 62912C42-5F9D-4CB6-B50A-CF32BC066E9B-7434-000320AB47AD006A-FFA Thu, 12 Jun 2008 18:34:47 -0700 Black Hat's First Webcast - Free Sneak Peek at BH USA 2008 <![CDATA[Black Hat is presenting its very first webcast on June 26, 2008 at 1pm PST/4PM EST. It's scheduled for one hour followed by a Q and A period. The webcast will be presented free of charge and it will focus on previewing the BH USA 2008 event.

The event will be introduced and facilitated by BH Founder and Director Jeff Moss and will feature "teaser talks" - shortened versions of the full presentations lined up for Vegas - by several confirmed speakers who will each provide a brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in August. Here's a small glimpse into the future:
Topic:Malware Detection through Network Flow Analysis
Presenter: Bruce Potter, Founder, Shmoo Group.
Mr. Potter has co-authored several books including "802.11 Security" and
"Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X
Security" by New Riders.

Topic:Nmap - Scanning the Internet
Presenter: Fyodor Vaskovich, founding member of the Honeynet projectand
co-author of the books "Know Your Enemy: Honeynets" and "Stealing the
Network: How to Own a Continent"

Topic: Satan is on My Friends List: Attacking Social Networks
Presenters: Shawn Moyer, CISO of Agura Digital Security and Nathan Hamiel,
Senior Consultant for Idea Information Security and founder of the Hexagon
Security Group.

To learn more, please visit

https://www.blackhat.com/html/webinars/usa2008preview.html

To register directly, please visit

http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1


We plan for this Webcast to be the first in a year-round series of online presentations that allow our speakers to present breaking research between shows and provide the Black Hat community with another stream of fresh, relevant, and usable security knowledge. We hope you'll join us for our first foray into webcasting and let us know what you think.]]>
https://www.blackhat.com/html/webinars/usa2008preview.html F7D50E5D-71BE-4415-8F06-EF1A26C6CB0E-49910-0001A345F42FF2E5-FFA Thu, 05 Jun 2008 17:48:50 -0700
Black Hat USA Speaker Selection is Now Complete The BH USA 2208 speaker selection is finally complete. We're very pleased with the depth and variety of presentations we'll be able to bring to attendees this year and we hope you'll take a moment to check it out. This is the first event where we've had delegate input in the selection process and we think it's been a huge success. You can see the schedule for yourself at<br /> <br /> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html<br /> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html 8374115C-35CE-4B45-AD2D-0016B24BDD69-2905-000050BB65F1ACAD-FFA Thu, 29 May 2008 18:51:00 -0700 Certified Ethical Hacker (C|EH) Version 6 and ECSA/LPT Certification Preparation Open for Registration <![CDATA[The EC Council will be offering two classes at this year's Black Hat USA Training and both are available for online registration now. The classes are:

ECSA/LPT Certification Preparation - The ECSA course equips one with the knowledge and know-hows to become an EC-Council Licensed Penetration Tester.

and

Certified Ethical Hacker (C|EH) Version 6 -This course deals with Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.



If certification in either of these areas interests you, please click on the course name to read further. ]]>
https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-index.html#Certification 780C8170-F186-4F3C-B1B2-A395C02FAE46-86466-0003B090FD326E8E-FFA Tue, 27 May 2008 18:22:08 -0700
Black Hat Twitter Feed We've set up a <a href="http://www.twitter.com/BlackHatUSA2008">Twitter feed for Black Hat USA 2008</a> and we hope you'll take the time to follow us. As the show draws closer, we think it will be a great way to learn about new developments in the event, to schedule off-site meetups with other delegates and to stay connected with BH headquarters. Clicking the link in this post or on the main page at <a href="https://www.blackhat.com/index.html#twitter"> blackhat.com </a> will get you to the signup page. It takes only a minute, and will keep you in the loop as we round the corner to Black Hat. http://www.twitter.com/BlackHatUSA2008 13C11826-70F9-4616-BBA9-86735CCF3753-35242-00021A1D3037C5F6-FFA Thu, 22 May 2008 14:11:47 -0700 Black Hat Briefings USA 2008 Schedule Filling Up! We've been working hard to get the schedule for this year's talks finalized and online, and several tracks are now filled. We're excited about the lineup - this is the first year that delegates have helped to shape the roster and we think the results are impressive. To take a look for yourself, go to:<br /> <br /> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html 844B8F92-964C-4B26-8DE3-E22A9BC73F25-48717-000198D3C298E031-FFA Wed, 14 May 2008 18:22:01 -0700 Black Hat Speakers in the News: Sherri Sparks and Shawn Shawn Embleton <![CDATA[Black Hat USA 2008 is still months away, but some of the presentation topics are already beginning to make news. Sherri Sparks and Shawn Embleton are scheduled to demonstrate a new type of rootkit that hides itself in System Management Mode, currently out of reach of the AV products.


The presentation is already sparking interest in places like
Slashdot and
PC World.

To read their abstract go to the Black Hat USA 2008 Speakers Page.

]]>
http://blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#Sparks D2D6687C-C091-42FA-AEFC-633A3CC4DA48-22933-0000F81812DA6A39-FFA Mon, 12 May 2008 16:18:16 -0700
Black Hat USA 2008 Early Bird Registration Closes May 1 If you want to take advantage of the Early Bird registration rates for Black Hat USA 2008, be sure to get registered before May 1. You can register online at <a href="https://commerce.blackhat.com/bh_usa_2008"> https://commerce.blackhat.com/bh_usa_2008 https://commerce.blackhat.com/bh_usa_2008 F53FC993-11F2-4C03-BB96-7F5E76DDA05F-50588-0001833D19A9A3A7-FFA Tue, 22 Apr 2008 13:21:54 -0700 Black Hat USA CFP Closes May 1 The Black Hat USA Call For Papers closes May 1, so be sure to get your submissions in on time. We are looking forward to a great roster of presentations, and we'll begin posting the accepted presentations as the submitters are notified. Please submit online at <a href="https://cfp.blackhat.com"> https://cfp.blackhat.com.</a><br /> <br /> For a tentative track listing to help guide submissions please visit <a href="https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html"> https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html</a> https://cfp.blackhat.com 653BC136-9EBF-4DDD-9A32-7030119498BB-50588-0001805B673055DF-FFA Tue, 22 Apr 2008 13:24:19 -0700 The Pwnie awards return to Black Hat USA <br /> The Pwnie Awards ceremony will return to the Black Hat reception with an all new roster of "winners." The awards exist to celebrate/humiliate the creators of the most infamous pwnage events of the previous 12 months. Categories have included Best Server-side Bug, Mass 0wnage, Lamest Vendor Response and Most Overhyped Bug. The awards are independent of Black Hat, but we're pleased to provide a venue for them where so much of the security community is gathered. Last year's inaugural event was a lot of fun, and we hope it will grow in 2008. We hope to see you thereat what Linux.com is already calling "Black Hat's Oscars."<br /> <br /> Links: <br /> <br /> http://pwnie-awards.org/<br /> http://www.linux.com/feature/118378<br /> www.blackhat.com http://pwnie-awards.org/ 805925C5-DA7B-4DF5-B6D6-E03116BD6B9D-12450-00006714D20745B4-FFA Fri, 11 Apr 2008 15:48:39 -0700 Black Hat Speakers In the News: Matthew Lewis - "Biologger - A Biometric Keylogger" Black Hat Europe 2008 Speaker Matthew Lewis is getting a lot of media attention for his BH presentation entitled "Biologger - A Biometric Keylogger." The presentation included a demo showing how state-of-the-art biometric security systems can be compromised. To read his whitepaper, download his tool or see his presentation.<br /> <br /> https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis 80547767-EDFA-44F2-B856-18819776E4B0-7867-00005CBEE4B2CE8F-FFA Fri, 04 Apr 2008 17:52:22 -0700 Presenations From Black Hat Europe 2008 Now Online This year's Europe event has come to a successful close and we've put the presentations online for everyone who missed a briefing presentation or two, and everyone who couldn't make it to Amsterdam for the show. Watch this space for video and audio presentations when they go live.<br /> <br /> <br /> https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html 11007BFC-790D-4495-A270-E6595ABD519C-35722-000120794A11A28F-FFA Sat, 29 Mar 2008 03:48:35 -0700 New BlackPage Entry: CrowdSourcing the Black Hat CFP Beginning with Black Hat USA 2008, paid delegates will be able to view and rate CFP submissions. Register and help us create the Black Hat of your dreams. Learn more about how it will work in this BlackPage entry from Black Hat Director Jeff Moss.<br /> <br /> https://www.blackhat.com/html/blackpages/blackpages.html https://www.blackhat.com/html/blackpages/blackpages.html EFFADD49-62EE-4412-BC09-721334FC6020-51082-00019D20D241C1B7-FFA Thu, 13 Mar 2008 21:26:20 -0700 Black Hat Europe 08 Keynote Speaker Selected <![CDATA[The Black Hat Europe 08 has been finalized and we're proud to announce our Keynote Speaker, Ian Angell. Ian is Professor of Information Systems at the London School of Economics and he will present a talk entitled "The Complexity in Computer Security."

This presentation will be a theoretical talk on the complexity of computer security. He will discuss how a lack of understanding of the limitations of, and distinctions made by, computerization leads to systemic risk.


To read the abstract and bio for Ian's keynote, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Angell


To see our full schedule of Briefings Speakers, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

]]>
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Angell 8224B58D-3B5E-423E-8AE4-418A5A17E6E7-1479-00000EB396D6419C-FFA Fri, 07 Mar 2008 17:12:26 -0800
Black Hat Speakers in the News: Johhny Long on Forbes.com Past Black Hat speaker Johnny Long has been profiled on Forbes.com on the subject of No-Tech Hacking. The article is an interesting read and even contains some quotes from BH Director Jeff Moss. <br /><br /> <br /> The article is here:<br /> <br /> http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html <br /> To learn more about Johnny Long, you can check out his site at<br /> <br /> http://johnny.ihackstuff.com/ http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html 300DE1CE-E464-4A76-8360-9AF2E23EB25E-21132-0000E4C36ED820D6-FFA Fri, 29 Feb 2008 15:50:49 -0800 Black Hat Speakers in the News: David Hulton, Steve and "Cracking GSM" <![CDATA[This year's Black Hat DC was full of newsworthy talks, but one that has gotten a lot of media attention was "Cracking GSM" by David Hulton and Steve.


They demonstrated that they could capture and decrypt GSM traffic (the most popular type of cellphone traffic) with astonishing speed. Their presentation is eye-opening and very worthy of your attention.


To see their slides, click here:

https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
To see their whitepaper, click here:

https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Whitepaper/bh-dc-08-steve-dhulton-WP.pdf
To see the actual talk, click here.

https://www.blackhat.com/html/featured_media/bh08-002-Stream-1.mov
]]>
https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf 00C877B9-3915-459D-8594-49FA08778F48-14178-0000B534F3F1EB0D-FFA Thu, 28 Feb 2008 20:04:14 -0800
Presentations from Black Hat DC 2008 Online We're freshly back from the success of the Black Hat DC event, and we've begun the process of putting the presentations and white papers online. Check the link to get yourself up to date on the stellar lineup of presentations or to catch up on a talk you missed in DC. Keep your eyes on this space for audio and video very soon. <br /> <br /> <br /> https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html 360F8052-C561-4AB9-B180-18781BD27F5F-6129-00007D1ED580916B-FFA Thu, 28 Feb 2008 12:53:52 -0800 Black Hat USA 2008 CFP Now Open! <br /> Papers and presentations are now being accepted for the Black Hat USA 2008 Briefings. <br /> <br /> This year's conference will be focused on deep technical information rather than policy and we're looking for groundbreaking work in a wide variety of topics. We've made the list of presentation tracks available online at https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html - please take a look and consider submitting your work. <br /> Submit proposals by completing the submissions form on the CFP server at <br /> https://cfp.blackhat.com/.<br /> <br /> <br /> https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html 2C1ED248-730B-4635-8A77-EAB40F82D1C3-16028-00007AB9D3A41035-FFA Wed, 06 Feb 2008 19:12:21 -0800 Black Hat DC 08 Keynote Announced! <![CDATA[Black Hat DC 2008 is pleased to announce the selection of a keynote speaker. Please join us at the Westin DC City Center to hear Jerry Dixon, Infragard's National Member Alliance's Vice President for
Government Relations, Director of Analysis for Team Cymru, and former
Executive Director of the National Cyber Security Division (NCSD) & US-CERT,
of the Department of Homeland Security.

Jerry's Keynote is entitled "Quest for the Holy Grail" and the abstract follows:

"Online fraud has become pervasive and increasing at an alarming rate
affecting all organizations, private and public. This talk will provide
an overview of current trends affecting both government and private
sector companies, what enables online fraud, what are some of the
barriers, and suggestions for what organizations should be doing to
combat the problem.]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html DDBF4D0E-979E-4887-9DD8-E4230D5E512F-6431-000032A8DC571652-FFA Tue, 05 Feb 2008 14:35:08 -0800
Black Hat DC Speaker List Finalized. <![CDATA[
We have finished selecting speakers and our schedule is now full

Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.

We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you didn't get selected for this show don't be discouraged, please consider submitting again. Our USA CFP opens February 5. Submit here: https://cfp.blackhat.com/

]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html 42E7A35B-2597-4F3F-9549-7B45CC46E4CE-6431-00003274E3BC4975-FFA Tue, 05 Feb 2008 14:26:22 -0800
Black Hat DC 2008 Group rate extended. <![CDATA[Group room rates are now valid until February 1, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

]]>
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE 0637C742-D52D-4196-B39B-909404EF7389-4695-0000814A6B89C309-FFA Mon, 28 Jan 2008 18:53:40 -0800
Black Hat Europe 08, Moevenpick group rate ends soon. <![CDATA[Reserve your room now at the Moevenpick Hotel Amsterdam City Centre, group
rates will end February 19. The new Moevenpick Hotel Amsterdam City Centre
is located on the waters edge yet within walking distance from the old
center of Amsterdam and the Central Station.

All guestrooms, conference facilities and public areas are non-smoking,
including the Restaurant and Bar. Kindly note that there are no designated
smoking areas on site.

Excellent rooms: larger than average, with top of the bill facilities
(wired/free wireless LAN highspeed internet, breathtaking view over the
harbour or city) and other five star facilities.

The excellent location makes the hotel an exciting place to be. The
combination between the adjacent Passenger Terminal Amsterdam and
Muziekgebouw is unique and unsurpassed by anyone in Amsterdam. The area is
upcoming, trendy and holds a high cultural and creative allure.


To learn more about the venue please visit our venue page:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-venue.html

Moevenpick Hotel Amsterdam City Centre
Address: Piet Heinkade 11; 1019 BR Amsterdam; Netherlands
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239
email: [email protected]

Group Reservations:
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239

Rates (Vaild for bookings made by February 19, 2008):

Business single/double:
EUR 155 per night (inclusive of 6% VAT and service charge and exclusive of
5% city tax). DOES NOT include the breakfast. Free Wireless is available
throughout the hotel. Rates are good for stays from 23-29 March 2008.]]>
https://www.trustinternational.com/mBooker/moevenpick/2B?LANGUAGE=en&i=Black%0DHat&property=TXL-MK-HKAMSHH 88379D93-7596-4F45-B6F6-FC2D46485B15-1877-00000CA7F4BB4AC9-FFA Thu, 24 Jan 2008 19:51:31 -0800
Black Hat DC Group Registration Rate Closing SOON! <![CDATA[Group room rates are valid until January 25, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

]]>
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE 29C9806D-848F-4499-BF49-4772C0897F00-8696-00005C7A3757DBF0-FFA Fri, 25 Jan 2008 20:17:52 -0800
Black Hat Europe 08,First round of speakers selected! <![CDATA[
We have made our first round of talk selections for our Black Hat Europe
2008 conference.

Our initial schedule is online now at:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

Here is just a short list of some of the great presentations we have
scheduled:

Cracking GSM - David Hulton, Steve Hulton
Developments in Cisco IOS Forensics - Felix "FX" Lindner
CrackStation - Nick Breese
The Fundamentals of Physical Security- Deviant Ollam
Exposing Vulnerabilities in Media Software - David Thiel
Biologger - A Biometric Keylogger - Matthew Lewis
Malware on the Net - Behind the Scenes- Iftach Ian Amit
LDAP Injection & Blind LDAP Injection - Chema Alonso, Jose Parada Gimeno
Mobile phone spying tools - Jarno Niemela
TBD - David Litchfield
Hacking Second Life - Michael Thumann

Many more to come! Please check out our speakers page for a complete
list of speakers and for updates. There you will find abstracts for the
upcoming presentations and get some background information on the speakers.
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html


If you don't get selected for this show don't be discouraged, please
consider submitting again. Our Black Hat USA CFP will open February 1,
Submit now as we may close the cfp early if we receive enough quality talks.
Submit here: https://cfp.blackhat.com/

]]>
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html F805B26E-5B88-461C-A731-917C716B3994-8696-00005C2ACD736A10-FFA Thu, 24 Jan 2008 01:03:33 -0800
Black Hat DC - Group Rate Ending Soon! <![CDATA[The Black Hat DC 2008 Group Rate at the Westin DC City Center will
close on Friday, January 25. The group rate is $219 and the hotel is
smoke-free.

To reserve your room, you may register online at:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

You may also call the hotel directly: +202-429-1700 or 1-800-westin1
and use the Group Code: BLACK HAT

]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-venue.html 880AD221-1A04-4DE3-A766-EE4D3E46769C-500-000019779041F27B-FFA Wed, 09 Jan 2008 14:27:27 -0800
Black Hat Attendee LinkedIn group Black Hat has created a LinkedIn group for past attendees. For those of you unfamiliar with LinkedIn, it's a business-oriented social networking site located at www.linkedin.com. They're best known as a good way to get your resume into the right hands, but their functionality seems well-suited to finding the right person for a tough question or just keeping in touch as well. <br /> <br /> <br /> If you're interested in trying out this group please use the following link. Please note that if you are not already a member of LinkedIN it will ask you to join the site.<br /> <br /> We are always looking for ways to encourage the building of communities around Black Hat - it's our hope that our events can be the starting point for all kinds of new collaborations and conversations that last all through the year. If you have a favorite way of keeping connected that you think we should explore, please let us know. http://www.linkedin.com/e/gis/37658/744A566F2D9D 3C96488E-5332-4C76-8A60-59D73C546205-5389-000031B2FB043F23-FFA Sat, 05 Jan 2008 16:52:43 -0800 Black Hat USA 2007 Audio Podcast now live Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer audio of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.<br /> <br /> Registration info is available at www.blackhat.com. https://www.blackhat.com/podcast/bh-usa-07-audio.rss 43D03AED-C650-4BF4-A60D-5C0D537BF213-26239-0000CC445A549F1D-FFA Thu, 27 Dec 2007 20:56:44 -0800 Black Hat USA 2007 Video Podcast now live Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer video of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.<br /> <br /> Registration info is available at www.blackhat.com. https://www.blackhat.com/podcast/bh-usa-07-video.rss EE1D0E3C-3D99-4264-A9A6-66B8D606AC7A-26239-0000CB97BBA2DB57-FFA Thu, 27 Dec 2007 20:55:40 -0800 'Electronic Jihad' Nothing hit our Radar. <![CDATA[ From the article at Security Focus:
Link: http://www.securityfocus.com/brief/625

"A Web site's call for a massive religious-fueled denial-of-service attack -- an "Electronic Jihad" -- failed to create even a blip of activity on Sunday.

Two weeks ago, a group sympathetic to the goals of militant Muslims reportedly called for support in attacking financial Web sites and services on Sunday, November 11, but the day came and went with no noticeable traffic spikes, security experts stated. Antivirus firm F-Secure and the Internet Storm Center, a network monitoring group, both reported that their analysis failed to detect any attack.

"Well, so far we haven't seen any activity," said Mikko Hyppönen, director of research for F-Secure, said on the company's blog. "And we're not holding our breath either."


This recent attention to Cyber warfare brings to mind a presentation delivered by Gadi Evron at our recent Black Hat Las Vegas talk."Estonia: Information Warfare and Strategic Lessons" The talk was focused on discussing "The first Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. The talk is compelling and provides useful insight into the impacts of a cyber war as well as preventative measures. It seems increasingly relevant information to know when our ever expanding online lives are threatend with a 'Electronic Jihad'.

View his Abstract and Bio Here: https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Evron

Stay tuned to watch and listen to his presentation!
Article Link: http://www.securityfocus.com/brief/625 ]]>
http://www.securityfocus.com/brief/625 [email protected] (Black Hat Announcements) Black Hat in the news 114FCE39-1AE0-4B13-99AC-C43B66EDFBEA Fri, 30 Nov 2007 13:33:02 -0800
Black Hat Speakers: What are they up to now.... <![CDATA[ A few of our Black Hat speakers have their own blogs we enjoy reading from time to time. We thought you might like hearing what they are up to all year round as well!

David Maynor a Veteran Black Hat speaker has his blog over at ERRATA SECURITY.
Lots of cool stuff in there, recent news updates, commentary and even polls on favorite hacker movies.
Check it out: http://erratasec.blogspot.com/

Jeremiah Grossman has an interesting blog and has according to him generated quite a following, putting it number one on Google search results for him! That's quite an accomplishment considering that the press is just as equally excited to interview him as we are to have him speak for us. There are a lot of cool articles in his blog, he's been busy.
Check it out: http://jeremiahgrossman.blogspot.com/

Also, Mikko Hypponen and the rest of the team at F-SECURE have their blog full of interesting commentary, updates and DEMOS!
Check it out: http://www.f-secure.com/weblog/
]]>
http://erratasec.blogspot.com/ [email protected] (Black Hat Announcements) Black Hat in the news F6B090AA-4511-417D-AB6F-28167CCD6916 Mon, 19 Nov 2007 09:40:07 -0800
David Litchfield : Nearly half a million Database Servers unprotected! <![CDATA[ NGSSoftware has been busy this year between receiving multiple enterprise and tech awards, speaking at Black Hat, writing "The Web Application Hacker’s Handbook" and now announcing 492,000 database servers are online without firewall protection! We sometimes wonder between all the research and security advisories where do they fit in time to sleep?

>From the article by Ryan Naraine at ZDNet:
Link: http://blogs.zdnet.com/security/?p=663

"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.

Litchfield also spoke recently on Database Forensics at Black Hat USA 2007.
>From the Abstract:

"By delving into the guts of an Oracle database's data files and redo logs, this talk will examine where the evidence can be found in the event of a database compromise and show how to extract this information to show who did what, when. The presentation will begin with a demonstration of a complete compromise via a SQL injection attack in an Oracle web application server and then performing an autopsy. The talk will finish by introducing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.)."

Read the Full Bio and Abstract here:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Litchfield


Audio and Video coming soon:
https://www.blackhat.com/html/bh-multimedia-archives-index.html
Download his materials here:
https://www.blackhat.com/presentations/bh-usa-07/Litchfield/Presentation/bh-usa-07-litchfield.pdf

The Web Application Hacker’s Handbook: http://www.ngssoftware.com/press-releases/the-web-application-hackers-handbook-published/
]]>
http://blogs.zdnet.com/security/?p=663 [email protected] (Black Hat Announcements) Black Hat in the news FA88D914-6B16-4358-B37B-E4EC00DFF181 Mon, 19 Nov 2007 09:39:27 -0800
Black Hat Europe 2008, CFP and Registration OPEN! Black Hat Europe 2008 Online Registration is now open. Follow the link to take advantage of the early bird rate and register on the web. You must complete the on-line registration form regardless of your payment method. Europe 2008 Briefings and Training will be held March 25-28, at the Möevenpick Hotel Amsterdam City Centre, the Netherlands. Online Registration early rates will close on January 1.<br /> <br /> Register here: https://www.blackhat.com/html/bh-registration/bh-registration.html#EU<br /> More Info Here: https://www.blackhat.com/html/bh-europe-08/bh-eu-08-main.html<br /> <br /> Submit your presentations to us at https://cfp.blackhat.com/ Call for Papers for both DC and Europe 2008 are now open. Call for Papers for Europe 2008 will close February 1.<br /> <br /> Also don't forget our next USA event is DC 2008 Briefings and Training. DC 2008 will be held February 18-21, at the Westin Washington DC City Center. Online Registration early rates will close January 1, Call for will close January 4. <br /> More Info: https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html<br /> https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Black Hat announcements 86217605-6FFC-48F4-BA99-7A7BC47569C7 Mon, 19 Nov 2007 09:34:59 -0800 More Common Sense from Bruce Schneier <![CDATA[ Frequent Black Hat speaker and security guru Bruce Schneier spoke Monday, November to the CIPS (Canadian Information Processing Society)



>From a speech that seems to have contained a fair amount of pessimism about the state of information security comes this concise and cogent analysis of the way forward in credit card and ATM security


Summarized in the Edmonton Journal entitled "Criminal hackers gaining advantage":
Some of the biggest improvements have come from government regulations forcing companies to make more disclosures to their customers, and make their data safer, Schneier said.

Credit card and ATM security improved in the U.S. when the onus was put on the companies to be responsible for money lost through fraud. In the U.K, the courts ruled customers had to prove they were not at fault, and so security did not improve. The U.K. has since reversed that stand.

"This is going to be a much bigger trend in future years as governments get more involved."


To learn more about Bruce Schneier, you can look here to read his bio and his talk abstract from this Black Hat USA 2007:

https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Schneier

To read Bruce's informative and entertaining blog, follow this link:

http://www.schneier.com/blog/ ]]>
http://www.canada.com/edmontonjournal/news/business/story.html?id=5fbafbaa-e7f2-484d-a2f1-7b5cbbbe9af4 [email protected] (Black Hat Announcements) Black Hat USA 2007 B765F700-79D1-4921-9ED1-6E6264DCB10B-15773-000084FBB97ED944-FFA Fri, 9 Nov 2007 14:52:35 -0800
Black Hat DC 2008 Registration Now Open! Online registration for Black Hat DC 2008 is now open. Follow the link to take advantage of the early bird rate and register on the web.<br /> <br /> The Briefings and Trainings will be held February 18-21 at the Westin Washington DC City Center. More about the venue is available here: <br /> http://blackhat.com/html/bh-dc-08/bh-dc-08-venue.html<br /> <br /> <br />You must complete the on-line registration form regardless of your payment method.<br /> Forms submitted via fax, email, telephone or snail mail will not be accepted. Early Bird Rate closes January 1, 2008.<br /> <br /> https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Black Hat DC 2008 B6001702-824C-4224-965E-9554288A9FE8 Mon, 22 Oct 2007 14:58:39 -0700 Black Hat 2007 Japan Keynote, Suguru Yamaguchi ! <![CDATA[ We are very pleased to announce that our Keynote for Japan 2007 will be Mr. Suguru Yamaguchi, of Nara Institute of Science and Technology. Mr. Yamaguchi will be speaking on "Emerging New Technologies for Information Security Management"

>From the Abstract:
Information systems are now taking the important role to support core competence components of businesses in various industries so that they requires more dependability and sustainability. New technologies for improvement to make information systems more dependable are emerging from R&D field to the actual operational environment, however still more development are expected. In this keynote session, the speaker presents new risk on information security coming up with information systems, then express his views and directions on technical solutions and technologies required.

Suguru Yamaguchi, Bio:
Suguru Yamaguchi was born in Shizuoka, Japan in 1964. He received the M.E. and D.E. degrees in computer science from Osaka University, Osaka, Japan, in 1988 and 1991, respectively. From 1990 to 1992 he was an Assistant Professor in Education Center for Information Processing, Osaka University. In 1992, he was moved to Information Technology Center, Nara Institute of Science and Technology, Nara, Japan, and served as an Associate Professor till 1993. From 1993 to 2000, he was with Graduate School of Information Science, Nara Institute of Sc ience and Technology, Nara, Japan, as an Associate Professor. In 2000, he was promoted to a Professor with the Graduate School of Information Science, Nara Institute of Science and Technology, Nara, Japan. During his work in Nara Institute of Science and Technology, he has been working very aggressively on research, education and management. Especially from 2002 to 2004, he served as Director of University Library, and devoted himself to i mprove and enhance the digital library system, which was the nation's first digital library system available for national universities, initially funded in 1995.His research interests include technologies for information sharing, multimedia communication over high-speed communication channels, large-scale distributed computing systems, network security and network management for the Internet. Since mid 1980's, he has been working very hard on development the Internet in Japan and Asia and Pacific region. He has been also a member of WIDE project, which is one of pioneer projects for the Internet development, since its creation in 1988. In the project, he has been conducting research on network security system, especially PKI infrastructure for wide area distributed computing environment.

In 2004, he was appointed to Advisor on Information Security, Cabinet Secretariat, Government of Japan. He has been deeply involved to design and implementation of basis of national policy on information security and establishment of National Information Security Center (NISC) in Cabinet Secretariat in 2005. Even though he is still working for his university, he didn't spare himself for this important task in the government. Because of tight relationship with government's information security policy, he was also appointed to Advisor for Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan.

With his contribution for Internet development and network security, he is involved and working with several organizations. Since 1992, he was working for JPCERT/CC, which is a first national CSIRT in Japan, and now serving as a member of its board of trustee. Since 2002, he has been a member of board of trustee of Japan Network Information Center (JPNIC), which is national Internet registry managing IP address and AS number allocations and registrations. For the Internet development in Asia and Pacific region, he is working so long for Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

link:https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi ]]>
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi [email protected] (Black Hat Announcements) Black Hat Japan 2007 D00C0E21-024D-4DDE-A456-078D6D758344 Wed, 3 Oct 2007 16:35:55 -0700
Black Hat 2007 Japan Final Line-up! <![CDATA[ The final roster of speakers for Black Hat Japan 2007 is now available online.We're proud of the variety and depth represented by this lineup and look forward to seeing many of you in Tokyo later this month. Please keep in mind that Japan Registration closes on October 15th, and make your arrangements accordingly.

The final roster of speakers for Black Hat Japan 2007 is now available online. View the detailed abstracts and bios here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html

Presentations Black Hat Japan 2007:

Brandon, Baker, Kick Ass Hypervisor
Billy Hoffman, The Little Hybrid Web Worm that Could
Halvar Flake, Automated Unpacking and Malware Classification
Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless Device Drivers in an Emulated Enviroment
Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework
Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)
David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP
Kanatoko, DNS Pinning and Socket API
Nguyen Anh Quynh, HiJacking Virtual Machine Execution
Jacob West, Secure Programming with Static Analysis
Nate McFeters, Billy K Rios, and Rob Carter, URI Use and Abuse

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo
To see the schedule for this year's briefings, check our website here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html


Link: https://www.blackhat.com/html/bh-link/briefings.html
]]>
https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Black HatJapan 2007 F1CC1829-1952-4121-ABF1-5DF529A3DEEB Wed, 3 Oct 2007 16:22:31 -0700
Black Hat Japan Registration Closing soon! The Black Hat Japan Registration is closing soon!<br /> <br /> Japan Registration will close on October 15th. Register now to avoid waiting in the onsite registration line! <br /> <br />https://commerce.blackhat.com/japan-reg-07<br /> The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.<br /> More about the venue is available here: <br /> https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html<br /> <br /> You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21. <br /> https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html [email protected] (Black Hat Announcements) Black Hat Japan 2007 DACFD513-1B6F-4D9F-9BE8-4A181DED0847 Fri, 28 Sep 2007 18:48:03 -0700 De-Anonymizing Tor De-Anonymizing Tor TOR has been all over the news lately - from embassy private data being pulled from an exit node, to an arrest of a node hoster. This blog post from the ha.ckers.org blog offers code that its creators say can be used to de-anonymize TOR users. The possibilities implied by this code were mentioned at Jeremiah Grossman and Robert Hansen's presentation at this year's Black Hat USA in Las Vegas.<br /> <br /> To see their presentation on JavaScript malware from this year's Black Hat USA:<br /> https://www.blackhat.com/presentation/bh-usa-07/Grossman/Presentation/bh-usa-07-grossman.pdf<br /> To read their whitepaper:<br /> https://www.blackhat.com/presentation/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman.pdf<br /> http://ha.ckers.org/blog/20070926/de-anonymizing-tor-and-detecting-proxies/ [email protected] (Black Hat Announcements) Black Hat in the news 33B1F02D-5130-496C-BC13-336E1C2A8F33 Fri, 28 Sep 2007 18:25:50 -0700 Black Hat Speaker HD Moore Weighs In on the iPhone <![CDATA[ Black Hat Speaker HD Moore Weighs In on the iPhone

On the Metasploit blog, HD Moore breaks down the security researcher potential of the iPhone and gives a very insightful pro-and-con review of the phone's possibilities as " a root shell in my pocket."
Read his blog here: http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html

>From the article:
"Compare the iPhone (400Mhz*) with the Nokia n770 (233mhz) or the Nokia n800 (320Mhz) and the choice of a handheld hacking device is a no-brainer. The (mostly) working toolchain, large amounts of storage (8Gb), and ease of use make this a great candidate for almost any security researcher "on-the-go".

To see the presentation HD Moore made at this year's Black Hat USA:
https://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Whitepaper/bh-usa-07-moore_and_valsmith.pdf

To see the whitepaper from HD Moore's presentation at this year's Black Hat USA:
https://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Presentation/bh-usa-07-moore_and_valsmith-WP.pdf
]]>
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html [email protected] (Black Hat Announcements) Black Hat in the news DFD2A446-0769-49E6-819E-7CE9716620A1 Fri, 28 Sep 2007 18:15:07 -0700
David Maynor Publishes Details of Apple Wi-Fi Attack <![CDATA[ At Black Hat USA 2006, David Maynor and Jon Ellch spoke on "Device Drivers"
and some may remember it caused a lot of speculation and conspiracy
theories. Now David Maynor has published details of the controversial Apple
Wi-Fi hack he disclosed last year.

>From Computerworld:
"By going public with the information, Maynor hopes to help other Apple
researchers with new documentation on things like Wi-Fi debugging and the
Mac OS X kernel core dumping facility. "There's a lot of interesting
information in the paper that, if you're doing vulnerability research on
Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how to
write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late,
Maynor says he just doesn't care what they think. "Let them tear me apart
all they want but at the end of the day the technical merit of the paper
will stand on its own."


Read the full article here:
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16

Read the original Abstract here:
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch

Read the Details published by David Maynor here:
http://uninformed.org/?v=8&a=4

Video Presentation here:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp4

Audio Presentation here:
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp3 ]]>
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16 [email protected] (Black Hat Announcements) Black Hat in the news 3A73FB31-2C74-4F07-8F62-17D703E210DD-1115-000007590ABAC3F5-FFA Wed, 19 Sep 2007 18:42:48 -0700
Black Hat USA 2007 speaker Pedram Amini intereviewed about the Sulley Fuzzing framework SearchSecurity interviews Pedram Amini about the next-level fuzzing framework he unveiled at Black Hat USA 2007. To read the presentation from Black Hat and the whitepaper, follow the included links. Video available soon.<br /> <br /> https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/Amini-Portnoy-BHUS07.pdf<br /> <br /> https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/<br /> <br /> <br /> October 23-26, at Keio Plaza Hotel, Tokyo http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1270939,00.html [email protected] (Black Hat Announcements) Black Hat in the news 1B9A7056-31E1-4E4C-A2C7-7CC426672C34-573-0000121469448DF9-FFA Fri, 7 Sep 2007 16:49:41 -0700 Black Hat Speaker Thomas Ptacek profiled on Dark Reading Interesting article about Thomas that references the controversy between Thomas and fellow Black Hat USA 2007 Speaker Joanna Rutkowska. To read his Black Hat presentation, go to:<br /> <br /> https://www.blackhat.com/html/presentations/bh-usa-07/Ptacek_Goldsmith_and_Lawson/Presentation/bh-usa-07-ptacek_goldsmith_and_lawson.pdf<br /> <br /> In the interest of equal time, you can find Joanna's presentation at :<br /> <br /> htpp://www.blackhat.com/html/presentations/bh-usa-07/Rutkowska/Presentation/bh-usa-07-rutkowska.pdf<br /> <br /> http://www.darkreading.com/document.asp?doc_id=133243&WT.svl=news1_4 [email protected] (Black Hat Announcements) Black Hat in the news DAF0501C-BF8F-4816-8058-E9B41527CFF2-573-0000117AA4656CF8-FFA Fri, 7 Sep 2007 16:39:25 -0700 Black Hat 2007 Japan Speakers have been selected <![CDATA[ We are proud to announce our speakers for Black Hat Japan!

Brandon, Baker, Kick Ass Hypervisor

Billy Hoffman, The Little Hybrid Web Worm that Could

Halvar Flake, Automated Unpacking and Malware Classification

Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless
Device Drivers in an Emulated Enviroment

Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework

Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)

David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP

Kanatoko, DNS Pinning and Socket API

Kenneth Geers, Greetz from room 101

Nguyen Anh Quynh, HiJacking Virtual Machine Execution

Jacob West, Secure Programming with Static Analysis

Greg Hartrell, Security Lessons from Xbox Live

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo ]]>
https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Japan 2007 2AC57711-9C9A-43BC-831D-117FF0BB9895-573-000010E0DE1BA71D-FFA Fri, 7 Sep 2007 16:57:07 -0700
Black Hat USA 2007 Media Updates Presentation Files and White Papers from Black Hat Briefings 2007 are live now on the Black Hat website. Please take a look. Stay tuned to the BH USA 2007 Archives page for the audio and video from the Briefings, available in the coming months. https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html [email protected] (Black Hat Announcements) Black Hat USA 2007 1492F89A-7FA8-4327-A3CE-09DFDA6EDEC4-7441-00005631C918830A-FFA Mon, 27 Aug 2007 15:07:38 -0700 New Trainings Added for Black Hat Japan <![CDATA[ The training lineup for Black Hat Japan has been updated to include four additional classes. The classes are:

Reverse Engineering with IDA Pro, taught by Chris Eagle
Analyzing Software for Security for Security Vulnerabilities, taught by Halvar Flake
Hacking by Numbers: Bootcamp, taught by Sensepost
Exploits 101, taught by Allen Harper



Also, the class entitled "Web Application (In)Security" by NGS Software has been removed from the lineup.
Detailed information on all classes can be found at our website. ]]>
https://www.blackhat.com/html/bh-japan-07/train-bh-jp-07-en-index.html [email protected] (Black Hat Announcements) Black Hat Japan 2007 B2B25CBF-9D3D-4EDE-824A-D435CC53267E-6064-00004AF67AD4DCE4-FFA Fri, 24 Aug 2007 13:31:23 -0700
Imitation is the sincerest form of flattery! <![CDATA[A fellow Info Sec colleague, Nat Mokry, sent us these photos recently and we got such a kick out of it we decided to pass it on. If you are ever in Beijing check this place out.

The "B'05" Bar in Beijing.
Picture1:
https://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg
Picture 2:
https://www.blackhat.com/images/bh-usa-07/BlackHatBar2.jpg

If you have some more info on this Black Hat Bar please pass it on, I for one am interested. If Jeff and I are ever in town we will surely be patrons!

]]>
https://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg [email protected] (Black Hat Announcements) Black Hat USA Announcements 1A96FA87-6DB3-42E2-BF83-42EA8DD021B8 Wed, 15 Aug 2007 19:12:39 -0700
Charlie Miller, attacking OS X and the iPhone. <![CDATA[ From an article in Guardian Unlimited about a vulnerability announced by Charlie Miller of Independent Security Evaluators:

"...just weeks after Apple's iPhone was unleashed on American shoppers, researchers say they have discovered how to hack into it and steal personal information.

Experts at Independent Security Evaluators, a computer protection consultancy, claim to have found a way to gain complete access to the phone..."

Charlie Miller will be presenting his findings in a Black Hat Turbo Talk titled "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X. " Charlie's talk will be on August 2nd at 4:45 pm.

To learn more about Charlie Miller, you can look here to read his bio and his talk abstract:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Miller
To learn more about the controversy that's generated so much media attention, see Charlie's presentation live at Black Hat or later on Blackhat.com in our media archives.

]]>
http://www.guardian.co.uk/international/story/0,,2133154,00.html [email protected] (Black Hat Announcements) Black Hat USA 2007 A162CF38-13B8-4CD8-82A2-254D37867CF7 Wed, 25 Jul 2007 16:01:54 -0700
Black Hat Japan 2007 Registration OPEN! <![CDATA[ Japan 2007 Briefings and Training Registration is now OPEN!

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

Online Registration is currently open!
You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.
Call for Papers will close August 15, submit your papers now speaking slots are limited!
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html

Black Hat Japan 2007:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html ]]>
https://commerce.blackhat.com/japan-reg-07 [email protected] (Black Hat Announcements) Black Hat Japan 2007 BC86EFAC-47B7-47F2-91A0-40EA55EF61EC Wed, 25 Jul 2007 16:09:47 -0700
Black Hat Japan 2007 Training courses! <![CDATA[ Japan 2007 Briefings and Training Registration is now OPEN!Register now to assure a seat in the class of your choice!
https://www.blackhat.com/html/bh-registration/bh-registration.html#JP

Here is a list of current training classes available:

Infrastructure Attacktecs and Defentecs: Hacking Cisco Networks
Steve Dugan

Live Digital Investigation : Investigating the EnterpriseWetStone Technologies
You will need this course before you can take the IEM course. Earn NSA Certification.

NSA InfoSec Assessment Methodology Course (IAM) - Level 1
Security Horizon

Reverse Engineering on Windows: Application in Malicious Code Analysis
Pedram Amini and Ero Carrera

Reverse Engineering with IDA Pro
Chris Eagle

New for 2007
If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
Web Application (In)security
NGS Software

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html


]]>
https://commerce.blackhat.com/japan-reg-07 [email protected] (Black Hat Announcements) Black Hat Japan 2007 87891533-2950-4100-A3A1-A4839A2ECD19 Wed, 25 Jul 2007 16:16:31 -0700
Black Hat Japan 2007 Call for Papers! <br /> Papers and presentations are now being accepted for the Black Hat Japan 2007 Briefings. Papers and requests to speak will be received and reviewed from now until August 15, 2007.<br /><br /> Submit proposals by completing the submissions form on the CFP server at <br /> https://cfp.blackhat.com/. <br /><br /> We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots. https://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html [email protected] (Black Hat Announcements) Black Hat Japan 2007 AC03DD91-FEB8-4420-8B63-AEB2DE8AE449 Wed, 25 Jul 2007 18:54:34 -0700 C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For by Thomas Ptacek, Matasano A piece on Security Focus by Thomas talking about what talks at Black Hat you need to see:<br /><br /> >From the article:<br />http://www.securityfocus.com/blogs/238<br /> <br /> C++ gives you a resizeable string, so you won‚Äôt write splitvt. But in 2007, code vulnerabilities don‚Äôt look like splitvt anymore, ever. We‚Äôve moved on, through off-by-one errors into integer overflows and now uninitialized variables. On balance, the bug classes C++ introduces are way scarier than the ones it takes off the table.<br /> <br /> So, to kick off our series of posts about which Black Hat talks you should be going to this year, I‚Äôm going to recommend this one. Mark Dowd and John McDonald, on stage, talking about the ways C++ screws software security that you hadn't thought of before. "Recommend" is an understatement. If you get paid to find vulnerabilities in code, this is the most valuable talk at the conference this year. http://www.securityfocus.com/blogs/238 [email protected] (Black Hat Announcements) Black Hat USA 2007 06864E65-D23C-4FC0-81A2-1DFEE8F4730D Tue, 17 Jul 2007 13:16:49 -0700 Black Page Update: Reverse Engineering <![CDATA[ From the Black Hat Black Page

Reverse engineering has become a staple of security research. Only a few years ago an arcane specialty, many factors such as the increase in malware and common dependence on closed-source software has increased the value and need for reverse engineering. If a newbie came to me for advice about preparing for future work in the security field, I would tell them to concentrate on reversing as a core skill.

For a couple years we have been focusing on reverse engineering content and trying to bring information for the newly initiated and expert. For a good dive into the realm of unpacking, Mark Vincent Yason brings "The Art of Unpacking." Mark's presentation will bring you up to date with the state of packers and their defenses and arm you with techniques and tools to strip away the defenses. For a deeper look at some techniques and tools to defeat many packers and other armoring techniques, we have Danny Quist and Valsmith presenting "Covert Debugging: Circumventing Software Armoring Techniques" and Cody Pierce releasing and discussing "PyEmu: A multi-purpose scriptable x86 emulator." This should be some cool and useful content for anyone interested in reversing.

Link with: "Covert Debugging: Circumventing Software Armoring Techniques" by Danny Quist and Valsmith

"The Art of Unpacking" by Mark Vincent Yason

"PyEmu: A multi-purpose scriptable x86 emulator" by Cody Pierce.html


https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html ]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html [email protected] (Black Hat Announcements) Black Hat USA 2007 C6FBCA7C-D16F-4DB7-96CE-A3F201688CC2 Fri, 6 Jul 2007 17:16:33 -0700
Las Vegas concerts for Black Hat and DEFCON time frame <![CDATA[ From IrishMASMS on the DEF CON forums comes this helpful post:

Las Vegas concerts for Black Hat & DEFCON time frame
Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring.

Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino
Fri 07/27/07 Jonny Lang House Of Blues
Sat 07/28/07 Tesla House Of Blues
Sat 07/28/07 Rush MGM Grand Garden Arena
Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino
Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino
Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms
Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms
Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues
Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues
Sat 08/11/07 The Fixx The Club @ Cannery Casino

As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be shitty in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference.

HTH! ]]>
https://forum.defcon.org/showthread.php?t=8590 [email protected] (Black Hat Announcements) Black Hat USA 2007 F5284589-BF4D-4706-AF10-22A69B122102 Thu, 5 Jul 2007 17:18:36 -0700
Black Hat USA pricing reminder Just a reminder to everyone of the upcoming late pricing changes:<br /> <br /> Registration: <br /> - Only credit card payments are accepted after July 1, 2007.<br /> - Online registration closes on July 20, 2007.<br /> - Onsite Registration rates apply after July 20, 2007. <br /><br /> https://commerce.blackhat.com/usa-reg-07 https://commerce.blackhat.com/usa-reg-07 [email protected] (Black Hat Announcements) Black Hat USA 2007 7D1B5288-0FC5-43FA-A396-4E6385E7C628 Thu, 5 Jul 2007 15:32:52 -0700 Black Page update: TPMKit redux From the Black Page:<br /> <br /> Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" This talk was removed from the schedule at the request of the presenters. The topic generated quite a great deal of interest and its removal from the schedule without comment has generated some confusion and controversy.<br /> <br /><br /> Full article at<br /> https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html [email protected] (Black Hat Announcements) Black Hat USA 2007 33A5AEB9-0534-4460-8AD8-03177A85E1AD Thu, 5 Jul 2007 15:30:29 -0700 Hacking by Numbers Combat Training adds a weekend session. If you can't make it to Sensepost's Hacking by Numbers: Combat class on the week day of Black Hat USA you now have the option of attending a newly announced weekend class!<br /> <br /> https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html [email protected] (Black Hat Announcements) Black Hat USA 2007 43FE1249-B11E-456E-A784-92584E9DF091 Thu, 5 Jul 2007 15:27:58 -0700 Joe Grand's Hardware Hacking class now expanded Joe Grand's Hardware Hacking course has additional seats available! Previously sold out, Joe purchased more equipment to expand his training offerings. Swoop in now whaile there is more room.<br /> <br /> https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html [email protected] (Black Hat Announcements) Black Hat USA 2007 59A35ADE-0F0D-4984-A5A5-3A3580DAF786 Thu, 5 Jul 2007 15:25:50 -0700 On The BlackPage: C++ <![CDATA[See the link below for more details, descriptions and commentary.

On The BlackPage: C++ by Dominique Brezinski

A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena.

This year is different. Several presentations bring C++ issues and techniques to the foreground: "Breaking C++ Applications" by Mark Dowd, John McDonald and Neel Mehta and "Reversing C++" by Paul Vincent Sabanal. I like it when an unintentional plan comes together.

Link: https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html
]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html [email protected] (Black Hat Announcements) Black Hat USA 2007 A51F425B-AF5E-4EC2-9EB7-613C65C9EACA Fri, 15 Jun 2007 14:25:16 -0700
OWASP and WASC Cocktail Party <![CDATA[ OWASP and WASC have joined hands to have a combined meetup at Blackhat USA 2007 in Las Vegas which was earlier planned as a WASC meetup. Breach Security has generously agreed to sponsor the event, so cocktails and appetizers will be served to all attendees. Since both the top webappsec organization hosting this event together, we are expecting a huge turnout of webappsec industry's followers. You are invited to join us for a drink and meet other like minded people from the industry.

What: OWASP and WASC Cocktail Party

When: Wednesday, August 1, 8:00 PM - 9:30 PM

Where: Shadow Bar, Caesar's Palace, Las Vegas

RSVP: Heather Cason, [email protected]
760-268-1924 x732

The place is quickly filling up so please send in your RSVP ASAP.

Link: http://www.owasp.org
Invite: http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf ]]>
http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf [email protected] (Black Hat Announcements) Black Hat USA 2007 E14DC507-C47A-4A67-8C8E-57B650F04FA9 Wed, 13 Jun 2007 14:42:03 -0700
On The BlackPage: Timing <![CDATA[ .
See the link below for more details, descriptions and commentary. On The BlackPage: Timing by Dominique Brezinski

It is that time again: Black Hat in the hot LV summer. It always comes sooner than I expect. We have been working like mad to get the schedule together, which is basically done. One of the underlying themes this year is timing. I don't pick these things; it is really a reflection of the direction of research in our community. Another theme is nuance.

Timing attacks are not new. They have been part of the cryptanalyst's side-channel tool set for some time. In the last few years something caused researchers to start applying it beyond cryptographic operations. Maybe it was Boneh's remote timing attack against OpenSSL in 2003. I don't know. Whatever the reason, a number of researchers have started delivering results using timing as an attack vector. My prediction is that we are going to see a lot of things fall over based on timing attacks.

The research community's understanding of program control flow and its data dependencies is ever increasing. We are at a point where any user-supplied data in the address space should be suspect, because researchers are finding very subtle ways to direct program flow to user-supplied data. In many cases the vulnerabilities are based on unforeseen synchronicity and what were once minor programming mistakes.

A few of the presentations in the Zero Day Attack track highlight the themes of timing and nuance: "Understanding the Heap by Breaking It" by Justin Ferguson, "Timing Attacks for Recovering Private Entries From Database Engines" by Ariel Waissbein and Damian Saura and "Dangling Pointer" by Jonathan Afek. Also, Haroon Meer and Marco Slaviero will be presenting the aptly named "It's All About The Timing." I am excited to see what these guys pull out of the hat.

Link: https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132007.html ]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132007.html [email protected] (Black Hat Announcements) Black Hat USA 2007 D2AB32CD-F589-4F6C-AF57-07FD1214717C Wed, 13 Jun 2007 14:18:41 -0700
Black Hat USA '07 Final Speakers Selected! <![CDATA[ We have finished selecting speakers and our schedule is now full!!

Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.

We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you didn't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html [email protected] (Black Hat Announcements) Black Hat USA 2007 696BF930-5DC5-4E7D-9816-775D14CEEF9B Tue, 5 Jun 2007 13:54:10 -0700
Black Hat USA 2007 Regular Registration is now over <![CDATA[ Regular registration rate closed May 31, 2007. Late registration rate is now in effect and Online registration closes on July 20, 2007.

For training be sure register now to save your seat before it is too late! Check out the Training pages for more info!
Black Hat Training:
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

We have started our speaker selection for Black Hat Briefings, Check out or speaker page and schedule for updates! We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Black Hat Briefings:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register: https://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted after June 30.
Registration Class Change Requests are not accepted after June 30. ]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA [email protected] (Black Hat Announcements) Black Hat USA 2007 494BF749-3253-4C46-909A-046B20180A13 Fri, 1 Jun 2007 17:32:56 -0700
Black Hat USA 2007 2nd Round of Speakers Selected! <![CDATA[ We have made our second round of speaker selection. We only have a small handful of slots remaining and the competition is fierce.

Here is a short list of new talks:
Static Detection of Application Back doors by Chris Wysopal
Covert Debugging: Circumventing Software Armoring Techniques by Danny Quist and Valsmith
Breaking C++ Applications by Mark Dowd, John Mcdonald, and Neel Mehta
The Art of Unpacking by Mark Vincent Yason
Alexander Sotirov, Heap Feng Shui in JavaScript
Timing attacks for recovering private entries from database engines by Ariel Waissbein
Transparent weaknesses in VoIP by Peter Thermos
Dangling Pointer by Jonathan Afek
Also, Womans Executive Forum is back for a 2nd year!
A sample of a few more SPEAKERS have been selected, in no order:

Rohit Dhamankar and Rob King,
Alfredo Ortego
Yoriy Bolygin
Andrew Lindell
Jonathan Afek
Satyam Tyagi
Jim Hoalgand
Ezequiel Gutesman
Jerry Schneider
Jeff Morin
David Byrne
Stephan Chenetter and Moti Joseph
Paul Vincent Sabanal
Window Snyder

Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html

There you will find abstracts for the upcoming presentations and get some background information on the speakers.

Keep in mind we are still reviewing a small handful of papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html ]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html [email protected] (Black Hat Announcements) Black Hat USA 2007 AA5DB130-BF0A-4101-BC05-D018CB32CEA2 Fri, 1 Jun 2007 16:46:20 -0700
Black Hat USA 2007 First round of speakers selected! <![CDATA[
We have made our first round of talk selections for our USA 2007, Las Vegas conference!

Our initial schedule is online now at:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html

This years tracks include;0-Day Attack and Defense,Application Security,Deep Knowledge,Forensics and Anti-Forensics,Hardware and Biometric Security,Policy,Management and the Law,Privacy and Anonymity,Turbo Talks,The Network,Detection and Evasion!

Here is just a short list of some of the great presentations we have scheduled:

Joel Eriksson and panel: Kernel Wars
Thomas H. Ptacek: Don't Tell Joanna, The Virtualized Rootkit Is Dead!
Dror-John Roecher: NACATTACK
John Heasman: Hacking the extensible Firmware Interface
David Maynor: Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook: What Your Security Vendor Doesn't Want You to Know .

Also selected to speak will be:

Jennifer Granick
Greg Hoglund
Bruce Schneier
Phil Zimmermann
David Litchfield
Jon Callas
Tony Sager
Richard Clarke
Roger Dingledine
Jim Christie

With Many more to come! Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html There you will find abstracts for the upcoming presentations and get some background information on the speakers.

Keep in mind we are still reviewing papers and making our decisions, if you have not received status of your submission by June 1, please email nikita (at) blackhat (dot) com.

If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel

Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html [email protected] (Black Hat Announcements) 3880BC9A-06EE-4601-BBB0-BAABCEF3F781 Wed, 23 May 2007 16:03:29 -0700
USA '07 Regular Registration Rate Ends SOON! <![CDATA[ Regular registration rate closes May 31, 2007. Register now to save your seat and save some dough! There are still plenty of class seats available, plus a few new training courses! Check out the Training pages for more info!
Black Hat Training:
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

We have started our speaker selection for Black Hat Briefings, Check out or speaker page and schedule for updates! We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Black Hat Briefings:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register: https://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted after June 30.
Registration Class Change Requests are not accepted after June 30. ]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA [email protected] (Black Hat Announcements) Black Hat USA 2007 244233E7-F43C-4357-9809-6F0398CF36A7 Tue, 22 May 2007 13:47:15 -0700
Black Hat USA: Two New Training classes Announced! <![CDATA[ Regular registration rate closes May 31, 2007. Register now to save your seat and save some dough!

Black Hat Registration:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Side Channel Analysis and Countermeasures with Riscure
Url: https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jdh.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.

Overview: Side channel analysis is a technique to discover secrets such as cryptographic keys and PINs from hardware and embedded software. This is achieved by listening to and understanding the information that (hardware) channels emit when processing information. This course provides an understanding of the possibilities and impact of side channel analysis and explains how you can protect against it through a hands-on approach. Besides the necessary side channel theory, students will perform exercises themselves in which they will, for instance, break a DES key through power analysis. Further, in another exercise, each student is challenged to devise their own countermeasures and the effect of these is analyzed via a live data acquisition and analysis on the code using side channel analysis equipment.

For a long time, Side Channel Analysis (SCA) terms such as Differential Power Analysis (DPA), Timing attacks and Electro Magnetic Analysis (EMA) have had the air of mythical powers to break any crypto system and reveal every secret in a system. This course provides a practical introduction into the world of side channel analysis. It shows the basics and allows students to understand and experience what it means to break a system with these types of attacks. At the same time this course explores the countermeasures that are available to developers. Using these, the side channel attack resistance of software on smart cards and embedded systems will significantly improve. We examine source code implementations on weaknesses and provide hands-on exercises to improve these implementations. This will allow the student to develop a feel for the possibilities and limitations for software-based countermeasures against such attacks.

Building and Testing Secure Web Applications with Aspect Security.
Url: https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.


Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of 'what to do' and 'what not to do.' The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application. This specially designed environment includes deliberate flaws the students have to find and diagnose. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.

]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html [email protected] (Black Hat Announcements) Black Hat USA 2007 9B7BD12A-967C-4DF3-AA3F-373901249A15 Tue, 22 May 2007 13:44:16 -0700
Black Hat USA 2007 Keynote Speakers <![CDATA[ We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Check out our Black Hat USA 07 page for updates!
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Day 1 Keynote: Tony Sager
The NSA Information Assurance Directorate and the National Security Community.

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Department of Defense (DoD) and our other federal customers.

This presentation will highlight some of the ways that the VAO Group is translating vulnerability knowledge in cooperation with many partners, into countermeasures and solutions that scale across the entire community. This includes the development and release of security guidance through the NSA public website (www.nsa.gov) and sponsorship of a number of community events like the Cyber Defense Initiative and the Red Blue Symposium.

It also includes support for, or development of, open standards for vulnerability information (like CVE, the standard naming scheme for vulnerabilities); the creation of the extensible Configuration Checklist Description Format (XCCDF) to automate the implementation and measurement of security guidance; and joint sponsorship, with the National Institute of Standards and Technology (NIST) and the Defense Information Systems Agency (DISA), of the Information Security Automation Program (ISAP), to help security professionals automate security compliance and manage vulnerabilities.

The presentation will also discuss the cultural shift we have been making to treat network security as a community problem, one that requires large -scale openness and cooperation with security stake holders at all points in the security supply chain - operators, suppliers, buyers, authorities and practitioners.

Tony Sager, Chief, Vulnerability Analysis and Operations Group, Information Assurance Directorate, National Security Agency Tony Sager is the Chief of the Vulnerability Analysis and Operations (VAO) Group, part of the Information Assurance Directorate at the National Security Agency. The mission of the VAO organization is to identify, characterize, and put into operational context vulnerabilities found in the technology, information, and operations of the DoD and the national security community and to help the community identify countermeasures and solutions. This group is known for its work developing and releasing security configuration guides to provide customers with the best options for securing widely used products.

The VAO Group also helps to shape the development of security standards for vulnerability naming and identification, such as the Open Vulnerability and Assessment Language (OVAL), partnering with National Institute for Standards and technology (NIST) on the Information Security Automation Program (ISAP), developing the eXtensible configuration checklist description format (XCCDF), and for hosting the annual Cyber Defense Exercise and the Red Blue Symposium. Mr. Sager is active in the public network security community, as a member of the CVE (Common Vulnerabilities and Exposures) Senior Advisory Council and the Strategic Advisory Council for The Center for Internet Security. He is in his 29th year with the National Security Agency, all of which he has spent in the computer and network security field.

ADDITIONAL Day 1 Keynote: Richard A. Clarke
A Story About Digital Security in 2017.

Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on the U.S. National Security Council for both the latter part of the Clinton Administration and early part of the George W. Bush Administration through the time of the 9/11 terrorist attacks.

Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations when in March of 2004 he appeared on the 60 Minutes television news magazine, his memoir about his service in government, Against All Enemies was released, and he testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks and the decision to go to war with Iraq.

Richard Clarke is currently Chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm, an on-air consultant for ABC News, and a contributor to GoodHarborReport.com, an online community discussing homeland security, defense, and politics. He also recently published his first novel, The Scorpion's Gate, in 2005; and a second, Breakpoint, in 2007.

Day 2 Keynote: Bruce Schneier
The Psychology of Security.

Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why so many smart security solutions go unimplemented. Two different fields -- behavioral economics and the psychology of decision making -- shed light on how we perceive security, risk, and cost. Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used.

Bruce Schneier is an internationally renowned security technologist and CTO of BT Counterpane, referred to by The Economist as a "security guru." He is the author of eight books -- including the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography" -- and hundreds of articles and academic papers. His influential newsletter, Crypto-Gram, and blog "Schneier on Security," are read by over 250,000 people. He is a prolific writer and lecturer, a frequent guest on television and radio, has testified before Congress, and is regularly quoted in the press on issues surrounding security and privacy. ]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html [email protected] (Black Hat Announcements) Black Hat USA 2007 3902FF3A-78FF-4322-BBB1-29E22050CC42 Fri, 18 May 2007 18:38:52 -0700
Black Hat USA 2007 Call for Papers is now Closed! The Black Hat USA 2007 Call for Papers is now closed!<br /> <br /> If you have submitted a presentation, please be patient, the reviewers are working away as fast as they can. We expect to notify everyone in the next two weeks of their acceptance or rejection as a speaker this year. Best of luck, and thank you all for your incredible support! <br /> Black Hat USA 2007: <br /> https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html <br /> <br /> Register online at: <br /> https://www.blackhat.com/html/bh-registration/bh-registration.html#USA <br /> <br /> Hotel Reservations now open. <br /> https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html [email protected] (Black Hat Announcements) Black Hat USA 2007 016B750B-5FE4-4E99-B738-1C7EC7C89916 Mon, 14 May 2007 20:38:07 -0700 Audio from Black Hat USA'02 now on-line! Black Hat USA 2002 was held July 31-August 1 in Las Vegas at Caesars Palace. Two days with eight tracks of speaking. The Keynote was Richard Clarke speaking on "National Strategy for Securing Cyberspace" <br /> <br /> A post convention wrap up can be found here:https://www.blackhat.com/html/bh-usa-02/bh-usa-02-index.html <br /> <br /> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2002.html#USA-2002 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there! <br /> <br /> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo https://www.blackhat.com/podcast/bh-usa-02-audio.rss [email protected] (Black Hat Announcements) Black Hat USA 2002 23A876A9-9A7B-4FE7-B0EC-D945AABE607C Tue, 8 May 2007 19:27:28 -0700 Audio from Black Hat Europe '07 now on-line! The Black Hat Europe briefings was held March 27-30 at the Moevenpick Amsterdam Centre Hotel over two days, four different tracks. <br /> <br /> Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure), spoke on "How can the Security Researcher Community Work Better for the Common Good."<br /> A post convention wrap up can be found here: https://www.blackhat.com/html/bh-europe-07/bh-eu-07-index.html <br /> <br /> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html#eu_07 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there! <br /> <br /> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo https://www.blackhat.com/podcast/bh-eu-07-audio.rss [email protected] (Black Hat Announcements) Black Hat Europe 2007 3F1913B5-D60E-4335-B886-2A98E4326E40 Tue, 8 May 2007 17:53:28 -0700 Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away" <![CDATA[ Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away"

Most of you may have heard from various web posts about Chris Paget's RFID talk at Black Hat D.C. this past February. After receiving a letter from HID and several hours of intense negotiation Paget's talk was on and off. Ultimately, Paget modified his original talk and in addition included a special presentation from Nicole A. Ozer, Technology & Civil Liberties Policy Director at ACLU of Northern California. Her presentation was titled: Rights "Chipped" Away: RFID and Identification Documents. Both presentations are included in the media as well as a Q&A session with Paget that follows.

Audio is here:
http://media.blackhat.com/bh-dc-07/audio/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp3
Video is here:
http://media.blackhat.com/bh-dc-07/video/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp4

More Black Hat DC Audio will be coming soon!

Chris wrote us a short blog entry on his presentation prior to HID's Objection.

"It's fairly well-known that RFID is an insecure technology. Most people know that RFID tags can be cloned, but without knowing how - at best, most people use expensive dedicated equipment, having been scared off by the voodoo involved with anything Radio Frequency. After demonstrating an RFID-based smart bomb on Seattle-based KOMO news I decided to take things a step further, and see just how small an RFID cloner needed to be; I surprised even myself. Two small chips and a handful of passive components later (about 5 dollars of parts in all) I had a working cloner for HID RFID access badges, and had completely busted the myth that Radio Frequency IDentification is hard to work with. This presentation will allow you to do the same thing - in one short talk I'll teach you everything you need to know in order to build and understand an RFID cloner; covering everything from Magnetic Fields to Manchester Encoding, with plenty of theory and background info along the way. If you're considering implementing, hacking, or even using an RFID system, this presentation will give you everything you need to understand exactly how vulnerable these systems are, how to mess with them yourself, and how to have some electronic fun along the way." - Chris Paget

Paget's modified slide deck can be found here:
https://www.blackhat.com/presentations/bh-dc-07/Paget/Presentation/bh-dc-07-paget.pdf

Ozer's Presentation is here:
https://www.blackhat.com/presentations/bh-dc-07/ACLU/Presentation/bh-dc-ozer-ACLU.pdf

To read more news on Paget's Black Hat Talk:
http://www.google.com/search?hl=en&q=Paget%2BBlack+Hat

HID's Letter to IOActive, Courtesy of wired:
http://blog.wired.com/27bstroke6/files/hid_ltr_to_ioactive_0221071.pdf ]]>
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html#Paget [email protected] (Black Hat Announcements) Black Hat USA 2007 2F720B35-89E0-4311-BFC6-D71CD0F6655F Fri, 4 May 2007 12:52:27 -0700
Japan Spring Training, Early Registration rate Closing! <![CDATA[ Japan Spring Training, Early Registration rate is closing May 1,2007.

Register now to assure a seat in the class of your choice. There are currently two ways to register: Online registrations for inside Japan and Paper registrations for outside of Japan. Early registration rate close May 1, 2007. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered for each class.

Black Hat Japan Spring Training 2007
Keio Plaza Hotel Tokyo * 28-29 May 2007:

All Training sessions are taught in English. Simultaneous translation from English to Japanese will be available for all courses.

*Live Digital Investigation- Investigating the Enterprise by WetStone Technologies."Live" enterprise investigation training.

*NSA InfoSec Assessment Methodology Course (IAM) - Level 1by Security Horizon. You will need this course before you can take the IEM course. Earn NSA Certification.

*Reverse Engineering on Windows: Application in Malicious Code Analysis by Pedram Amini & Ero Carrera. Learn to reverse engineer real-world virus samples to better combat them.

Dates to Remember!
* Regular registration rate closes May 24, 2007.
* Only cash payments are accepted after May 24, 2007.
* Onsite Registration rates apply after May 24, 2007.

* Registration Cancellations, requests for refunds, and Registration Class Change Requests are not accepted after May 2. ]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#JP_SPR07 [email protected] (Black Hat Announcements) Black Hat Japan 2007 53F03F2E-E03A-461C-99C7-63BB948F5F9C Fri, 27 Apr 2007 14:47:11 -0700
Black Hat USA 2007 Call for Papers EXTENSION! <![CDATA[ The Black Hat USA 2007 Call for Papers is now being extended until May 14,2007.

After several Requests we have decided to extend the deadline by two weeks. We believe this will be a fair opportunity to review all the submissions and see what you have to offer. So If you were worried about meeting the deadline this should give you a little more time to get together your best stuff.

We have expanded from 9 tracks to 11 this year and are looking forward to the added content. Please check out the description page to learn more about these tracks and to ensure you submit to the appropriate track.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp-tracks.html

For more information on this years call for papers:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html

How to Submit:
Submit proposals by completing the submissions form on the CFP server at https://cfp.blackhat.com/ Submissions are due no later than May 14, 2007.

This is a new submissions process this year so we have a helpful how to guide available at: https://www.blackhat.com/html/bh-cfp/bh-cfp-howto.html. There you will find a step by step walk through to help you with registering and using the CFP application system. You will use this system to submit presentation proposals for future Black Hat events. You must create an account to use the system. Once you have signed up and confirmed your email address, you will be able to submit proposals, upload supporting files and modify aspects of your submissions at any time. ]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html [email protected] (Black Hat Announcements) Black Hat USA 2007 A8FC07F4-926E-483F-A321-ECC563FE3A0E Fri, 27 Apr 2007 14:08:06 -0700
Past Black Hat Speaker hijacks MacBook Pro for $10,000 bounty! <![CDATA[ Read an Interview with Dino Dai Zovi here: http://blogs.zdnet.com/security/?p=176

>From the Article:
"Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines aDino Dai Zovire impenetrable."

Dai Zovi is a previous Black Hat Speaker. He spoke with us at the 2006 USA conference on Hardware Virtualization-Based Rootkits: "Hardware Virtualization-Based Rootkits"

Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the IntelR Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also present useful capabilities to rootkit authors. On VT-capable hardware, an attacker may install a rootkit "hypervisor" that transparently runs the original operating system in a VM. The rootkit would be loaded in physical memory pages that are inaccessible to the running OS and can mediate device access to hide blocks on disk. This presentation will describe how VT-x can be used by rootkit authors, demonstrate a rootkit based on these techniques, and begin to explore how such rootkits may be detected.

See his Presentation Slides here:
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf

WATCH HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp4

LISTEN TO HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp3 ]]>
http://blogs.zdnet.com/security/?p=174 [email protected] (Black Hat Announcements) Black Hat in the News 568B766A-525A-4C08-8586-DDB8A64D48BD Thu, 26 Apr 2007 17:45:50 -0700
Call For Papers for Japan 2007 will open May 1st! <![CDATA[ The Call For Papers will open for Black Hat Japan 2007 Briefings on May 1,2007.

Submit proposals by completing the submissions form on the CFP server at:
https://cfp.blackhat.com/

Papers and requests to speak will be received and reviewed from May 1until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel

Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html ]]>
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html [email protected] (Black Hat Announcements) Black Hat Japan 2007 125BB3CA-C6FB-4965-9BC2-6A28ABE2D2AA Fri, 20 Apr 2007 14:29:11 -0700
Black Hat USA 2007 New Training Classes Added <![CDATA[ In the build up for the big Black Hat Briefings and Training this summer we have added some new training classes.

Check out the three new classes we just added to the roster for US 2007, Register now to reserve your seat!.

Incident Response: Black Hat Edition by Mandiant

As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-md-ir.html

Understanding Stealth Malware by Joanna Rutkowska and Alexander Tereshkin

The course will provide attendees with an in-depth understanding of how advanced stealth malware works, how it interacts with the operating system, underlying hardware and network. Attendees will have a chance to run, analyze and experiment with several previously unpublished samples of proof-of-concept rootkits, similar to Deepdoor, FireWalk, Blue Pill and others. The malware samples will be created from scratch (and in a slightly different way) exclusively for the use during the training, as the original implementations can not be used due to NDA restrictions.

Simpler stealth malware will also be briefly covered as well as approaches to its detection, so that participants get a clear understanding what advantages the more sophisticated malware offers to attackers.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jrk.html

Building and Testing Secure Web Applications by Aspect Security

Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of 'what to do' and 'what not to do.' The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html ]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html [email protected] (Black Hat Announcements) Black Hat USA 2007 A261CF49-3F5D-4763-A68A-339507FC990C Fri, 20 Apr 2007 14:22:24 -0700
Black Hat Europe 2007 online registration closing Soon! <![CDATA[ Online registration will close Sunday March 18, 2007.
Act now, save some money and avoid the lines at on site registration.

https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe

All press must pre-register:
https://commerce.blackhat.com/stores/europe-reg-07/press_info

Black Hat Europe 2007 Briefings and Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam. There will be 4 different tracks, over 2 days comprised of over 20+ internationally renown security professionals speaking.

This years Keynote will be Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure). Black Hat Europe 2007 Briefings Speakers, topic titles, presentation abstracts and speaker biographies may be found here.
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-schedule.html

See our current training courses offered visit us at:
https://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-index.html

A Few Dates to remember:
# Regular Registration rate closed on February 25, 2007.
# Only credit card payments will be accepted after February 25, 2007.
# Online registration closes March 18, 2007.
# Onsite registration rates begin March 19, 2007.

To view the registration terms and conditions please visit:
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-reg-terms.html ]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 5D78D83F-62B1-4C5B-800B-CFDC8C724BC3 Wed, 14 Mar 2007 17:08:58 -0700
Black Hat USA 2007 Training Classes now open! <![CDATA[ Black Hat USA 2007 Training Classes now open!

Please see the following link for a complete list of classes being offered this year.
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

Highlights include over 35 training classes including two new four day sessions. Below is a sample of what to expect:
- The nuts and bolts of the Metasploit Framework: Metasploit 3.0 Internals by Matt Miller, aka skape.
- Web Application (In)security by NGS Software. If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
- TCP/IP Weapons School: Black Hat Edition by Richard Bejtlich, TaoSecurity. Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.
- Ultimate Hacking: Wireless Edition by Foundstone. Knowledge is power and you do not want the hackers to know more about your wireless networks than you do.
- Hands-On Hardware Hacking and Reverse Engineering Techniques: Black Hat Edition by Joe Grand. This course is the first of its kind and focuses entirely on hardware hacking.
- ROOTKIT: Advanced 2nd Generation Digital Weaponry by Greg Hoglund and Jamie Butler. Advanced class developed and taught by the creators of rootkit.com
- Advanced Malware Deobfuscation by Jason Geffner & Scott Lambert. No Source? No Symbols? No Problem.
- Hacking by Numbers: Combat Grading by SensePost. Advanced level. The world’s first objective technical grading system for hackers and penetration testers.

Black Hat Briefings and Trainings USA 2007:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Registration online at:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Hotel Reservations now open.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html ]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html [email protected] (Black Hat Announcements) Black Hat USA 2007 D27A8B22-A296-4206-9A06-145C8C231F21 Wed, 7 Mar 2007 14:57:15 -0800
Black Hat Europe 2007 Hotel rate extended. We have extended the Group Rate at the Movenpick until the end of this week (March 9).<br /> <br /> If you plan to stay at the hotel, now is the last minute for you reserve at the Black Hat conference rate, currently EUR 145,00 per night plus taxes.<br /> https://www.blackhat.com/html/bh-europe-07/bh-eu-07-venue.html [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 366CF0CE-4590-4B34-83AD-844AE80729A2 Wed, 7 Mar 2007 14:45:39 -0800 Online registration for Black Hat DC 2007 has closed Online registration for Black Hat DC 2007 has now closed.<br /> <br /> On site registration for training will take place Monday, February 26, 08:00 - 12:00.<br /> <br /> On site registration for the Briefings will begin Tuesday, February 27, 16:00 - 18:00 until Thursday, March 1, 08:00 - 12:00. <br /> <br /> To view the full schedule please visit: <br /> https://www.blackhat.com/html/bh-dc-07/bh-dc-07-schedule.html <br /> <br /> To view the registration terms and conditions please visit: <br /> https://www.blackhat.com/html/bh-dc-07/bh-dc-07-reg-terms.html https://www.blackhat.com/html/bh-dc-07/bh-dc-07-index.html [email protected] (Black Hat Announcements) Black Hat Briefings DC 2007 BEC26F09-7E0A-4FDF-B232-EEEB30DC216C Tue, 20 Feb 2007 16:27:12 -0800 Black Hat USA 2007 Call for Papers is now open! <![CDATA[ The Black Hat USA 2007 Call for Papers is now open!
Don't hesitate to submit your presentations for consideration. This year we have expanded from 9 tracks to 11 and are looking to expand the depth and breath of content. The Deep Knowledge track will now span both days of Black Hat.

The Black Hat USA 2007 Briefings tracks will include:
Track 1: √ò-Day Attack
Track 2: √ò-Day Defense
Track 3: Application Security
Track 4: Deep Knowledge
Track 5: Forensics and Anti-Forensics
Track 6: Hardware and Biometric Security
Track 7: Policy, Management and the Law
Track 8: Privacy and Anonymity
Track 9: Turbo Talks
Track 10: The Network
Track 11: Detection and Evasion

Please check out the description page to learn more about these tracks and to ensure you submit to the appropriate track.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp-tracks.html

Submit proposals by completing the submissions form on the CFP server at:
https://cfp.blackhat.com/
Submissions are due no later than May 1, 2007. The Black Hat Briefings will be August 1-2 in Las Vegas.

There is a new submissions process this year so we have a helpful how to guide available at:
https://www.blackhat.com/html/bh-cfp/bh-cfp-howto.html.

There you will find a step by step walk through to help you with registering and using the CFP application system. Use this system to submit presentation proposals for future Black Hat events by creating an account. Once your account email address is confirmed you will be able to submit proposals, upload supporting files and modify aspects of your submissions, and add or remove co-presenters at any time.

For more information on this years call for papers please visit:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html

Black Hat USA 2007:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Early bird registration online at:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Hotel Reservations now open.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html ]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html [email protected] (Black Hat Announcements) Black Hat USA 2007 95E353C6-8324-4571-90FA-E5901799E04A Tue, 20 Feb 2007 13:43:44 -0800
Black Hat Europe 2007 Speakers Now Selected! <![CDATA[ We have made our selections for Black Hat Europe 2007! There will be four different tracks over two days comprised of over 20+ internationally renown security professionals speaking. Making our decisions were difficult as we had many excellent submissions to consider.

Keep them coming, If you didn't get selected for this show don't be discouraged, please consider submitting again. Our call for papers for USA 2007 has just begun.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html

This years tracks include; Hardware/Below The OS, Infrastructure and IDS, Attack and Defence and Application Security. Here is just a short list of some of the great presentations we have scheduled:

RFIDIOts!!! - Practical RFID hacking (without soldering irons) by Adam Laurie
SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones by Philippe Langlois
Wi-Fi Advanced Fuzzing by Laurent Butti
ScarabMon - Automating Web Application Penetration Tests by Jonathan Wilkins
Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html

There you will find abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at the show. ]]>
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-schedule.html [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 D6B50C37-3544-425F-AADA-6A13E3FD2E9D Tue, 20 Feb 2007 13:34:34 -0800
Hacking Exposed VoIP <![CDATA[ Looks like David Endler and Mark Collier have been busy and their book "Hacking Exposed VoIP" came out this December.
We knew it would be a hit and It looks like others are in agreement with us. Lawrence M. Walsh posted a short review on the book online.

>From the Article:
"For ambitious VoIP practitioners who want to know the fabric of VoIP security, this is your book. It covers everything from voice-network enumeration to eavesdropping techniques, spam and phishing threats."

On their website http://www.hackingvoip.com/ they have sample chapters and some tools and downloads which may be of interest.
>From the site:

"Security Tools - Here you can download the security tools we wrote and demonstrated in the book.


VoIP "Google Hacking" Database - This is a listing of Google Hacking terms for VoIP phones and servers which goes along with Chapter 1.

VoIP Voicemail Database - This is a collection of default sound files of popular voicemail systems to assist in properly identifying the vendor. This goes along with Chapter 1."

We have the audio and video for their talk "Hacking VoIP Exposed" which was given at our 2006 Las Vegas Show, available to download now.

Check out our BlackPage on VoIP Security and see what they had to say.
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132006.html

Audio Download:
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V2-Endler_and_Collier-Hacking_VOIP.mp3

Video Download:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V2-Endler_and_Collier-Hacking_VOIP.mp4 ]]>
http://www.ddj.com/dept/security/196902423 [email protected] (Black Hat Announcements) Black Hat in the news 28AFF7BC-5635-4F20-871E-2FFB391A0939 Mon, 22 Jan 2007 17:05:02 -0800
New Black Hat Europe 2007 Training classes <![CDATA[ Check out our New training classes, here's a short list of some of the new classes available:

- Metasploit 3.0 Internals with Matt Miller, aka skape: The nuts and bolts of the Metasploit Framework taught by one of its creators!

Web Application (In)security with NGS Software: If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.

- Advanced Asp.Net Exploits and Countermeasures with IOActive

- Advanced level: Push Asp.Net to the limit. See how Asp.Net applications and environments can be exploited by skilled attackers, and how those same techniques can be used to protect the targeted assets.

For a complete list of training classes available visit us online at
https://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-index.html ]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 D13CE1B9-E7A7-4D4B-ADBD-00DCF6F9E475 Mon, 22 Jan 2007 14:54:25 -0800
Black Hat Europe 2007 Briefings and Training Update Black Hat Europe 2007 Briefings & Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam.<br /> There will be 4 different tracks, over 2 days comprised of renown information and computer security professionals.<br /> <br /> Register Now! Regular Registration rate closes February 18, 2007<br /> - Regular Registration rate closes on February 25, 2007.<br /> - Only credit card payments will be accepted after February 25, 2007.<br /> - Online registration closes March 18, 2007.<br /> - Onsite registration rates begin March 19, 2007.<br /> <br /> https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 7D891261-BE1E-4ED1-8288-7ED07E04E19E Mon, 22 Jan 2007 14:50:17 -0800 Black Hat Europe 2007 CFP Closing Soon! <![CDATA[ We have recieved some great presentations this year and have made our first round of selections.

A sample of this years speakers include:
RFIDIOts!!! - Practical RFID hacking (without soldering irons) by Adam Laurie
Kicking Down the Cross Domain Door (One XSS at a Time) by Billy K Rios
Heap Feng Shui in JavaScript by Alexander Sotirov
GS and ASLR in Windows Vista by Ollie Whitehouse

Topic titles, presentation abstracts and speaker biographies may be found at https://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html
This will be updated from now until speaker selection is complete.

Call for Papers closes February 1st, however we strongly suggest that you submit earlier than later. We will close the CFP early if we receive enough quality submissions to fill the slots.
Please submit using the new on-line system at: https://cfp.blackhat.com/ ]]>
https://cfp.blackhat.com/ [email protected] (Black Hat Announcements) Black Hat Briefings Amsterdam 2007 726E18EC-E59A-4521-ACAC-75577DB4DD0F Mon, 22 Jan 2007 14:47:13 -0800
Black Hat Briefings DC speakers now selected . <![CDATA[ The Black Hat Briefings DC '07 speakers have been selected. We received many presentations this year and have picked the best of the bunch.

This year our focus was on the operational aspects of information security and we hope you like our selections as much as we do. There will be 4 different tracks, over 2 days comprised of renown information and computer security professionals.

Briefings: February 28-March 1st
Tracks include: Hardware and Below the OS, Forensics and Incident Response, Affecting the Enterprise, Software Security and Binary Analysis

A sample of our 23 speakers include:
Software Virtualization Based Rootkits by Sun Bin
Agile Incident Response: Operating Through Ongoing Confrontation by Kevin Mandia
GS and ASLR in Windows Vista by Ollie Whitehouse
Network Admission Control issues by Ofir Arkin
Practical 10 Minute Security Audit by Cesar Cerrudo.

Please check out our speakers page for a complete list of speakers and for updates. www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at the show.

To register visit us online at: https://www.blackhat.com/html/bh-registration/bh-registration.html#DC
Regular Registration rate closes February 18, 2007

Don't forget about our training.
A sample of a few new and updated courses:
Ultimate Hacking: Black Hat Edition by Foundstone
The definitive training regimen for assessing and securing your networks.
Reverse Engineering on Windows: Application in Malicious Code Analysis with Pedram Amini and Ero Carrera

Learn to reverse engineer real-world virus samples.
Breakable: Secure Your Oracle Servers By Breaking Into Them with David Litchfield and Mark Litchfield
Delves deeply into Oracle server security and complements the Advanced Database Security Assessment Course


All training classes are limited to ensure each student receives individual attention. Register early before classes fill up and to receive the best discounts.

Black Hat DC Training 2007 Sheraton Crystal City - February 26-March 1 Training : February 26-27 Briefings: February 28-March 1 ]]>
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html [email protected] (Black Hat Announcements) Black Hat Briefings DC 2007 3BD80614-D2F9-49F8-BEBE-925CA58C1139 Fri, 19 Jan 2007 17:47:39 -0800
Audio from Black Hat Japan '04 now on-line! Past speeches and talks from the Black Hat Briefings computer security conferences.<br> <br /> The Black Hat Briefings in Japan 2004 was held October 14-15 in Tokyo at the at the Tokyo International Exchange Center. Two days, two tracks. Raisuke Miyawaki was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br> <br /> A post convention wrap up can be found at https://www.blackhat.com/html/bh-asia-04/bh-jp-04-index.html<br> <br /> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2004.html#Asia-2004 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there! <br /> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br><br /> <br /> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format. https://www.blackhat.com/podcast/bh-japan-04-audio.rss [email protected] (Black Hat Announcements) Black Hat Japan 04 28203664-3AD5-4394-816D-6DD660BA609D Fri, 19 Jan 2007 17:40:28 -0800 Audio from Black Hat Japan '05 now on-line! Past speeches and talks from the Black Hat Briefings computer security conferences.<br> The Black Hat Briefings in Japan 2005 was held October 17-18 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Katsuya Uchida was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br> <br /> A post convention wrap up can be found at https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-index.html <br> <br /> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2005.html#AS_2005 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there! <br /><br /> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br><br /> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format. https://www.blackhat.com/podcast/bh-japan-05-audio.rss [email protected] (Black Hat Announcements) Black Hat Japan 05 E873CB34-598E-4C2B-887D-4BDA75132E5C Fri, 19 Jan 2007 17:40:31 -0800 Audio from Black Hat Japan '06 now on-line! Past speeches and talks from the Black Hat Briefings computer security conferences.<br> <br> The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br /> <br /> A post convention wrap up can be found at https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-index.html <br> <br /> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!<br /> <br /> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br /> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format. https://www.blackhat.com/podcast/bh-japan-06-audio.rss [email protected] (Black Hat Announcements) Black Hat Japan 06 555C07EE-875B-428E-A8B8-7A363E85E2D4 Fri, 19 Jan 2007 17:40:33 -0800 Five Hackers Who Left a Mark on 2006 by Ryan Naraine at eWeek Several people on the list spoke at Black Hat, H.D., Johnny Cache, David Maynor, and Joanna Rutkowska<br /> <br /> >From the beginning of the article:<br /> <br /> "In the security year that was 2006, zero-day attacks and exploits dominated the headlines. <br /> However, the year will be best remembered for the work of members of the hacking, er, security research community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.<br /> <br /> In no particular order, here's my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007" http://www.eweek.com/article2/0,1895,2078362,00.asp [email protected] (Black Hat Announcements) Black Hat in the news 161795CE-C146-483C-87A9-51B9B996E61F Wed, 3 Jan 2007 16:05:57 -0800 Audio from Black Hat USA '06 now on-line! <br /> The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. <br /> A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html<br> <br> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!!<br /> <br /> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format. https://www.blackhat.com/podcast/bh-usa-06-audio.rss [email protected] (Black Hat Announcements) Black Hat USA 06 21147169-C85F-4BAE-A973-2F53C0A84166 Fri, 29 Dec 2006 18:27:00 -0800 Video from Black Hat USA '06 now on-line! The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. <br /> A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html<br> <br> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br> If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!!<br /> <br /> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format. https://www.blackhat.com/podcast/bh-usa-06-video.rss [email protected] (Black Hat Announcements) Black Hat USA 06 62A40867-A9E3-4571-9734-D8890EDD6A2F Fri, 29 Dec 2006 18:26:12 -0800 Black Hat DC 2007 Call for Papers is Closing soon! <![CDATA[ The Black Hat D.C. 2007 Call for Papers will be closing soon. The Submission review process has begun, and the first round of selections and rejections should be coming out shortly after CFP closes. You have until January 5, 2007 to submit.

As a reminder for Black Hat DC there will be a focus on operations aspects of information security.We would like presenters to think about offensive and defensive computer security operations and application of your expertise and research in this context. Instead of technology on its own, we would like you to contemplate its application in an operational process. The operational context can be defensive or offense, large enterprise or distributed organized criminal group, military or civilian. This directive is not hard and fast, but we recognize a need for continuity and differentiation for the DC conference and thinking in terms of operational applicability will steer content in a direction meaningful to the target audience.

Topics that lend themselves to this would be:
- Deploying zero day attacks to maximum effect
- Tracking of bot nets and analyzing their structure
- Automated detection of system anomalies

Topics that don't reflect this focus:
- How to install a patch management system
- Why updating your AUP is a good thing.

Black Hat has always focused on the practical, applied uses of information and computer security. Your audience is looking to learn the latest trends, the latest techniques to either attack or defend their networks. Think practical and applied over pure research or policy development.

Speakers may submit more than one proposal, but each proposal must be a separate submission. Submit using the online submission system at https://cfp.blackhat.com/.

Good Luck!
Also, Some date to remember:

# Early Registration will close December 31, 2006.
# Only credit card payments will be accepted after February 1, 2007.
# Online registration closes February 18, 2007.
# On-site Registration rates begin February 19, 2007. ]]>
https://cfp.blackhat.com/ [email protected] (Black Hat Announcements) Black Hat Briefings DC 2007 D6C1F3C0-26B7-436F-A491-F3D8D3E13EB8 Fri, 29 Dec 2006 17:23:44 -0800
Black Hat USA '06 Audio and Video now on-line! <![CDATA[ The Black Hat Briefings USA 2006 held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html

Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo.
If you want to get a better idea of the presentation materials go to:
https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!

Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format.


Also check here to download:
https://www.blackhat.com/podcast/bh-usa-06-audio.rss
https://www.blackhat.com/podcast/bh-usa-06-video.rss
]]>
https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 [email protected] (Black Hat Announcements) Black Hat USA 2006 8E53EA02-77FF-4D8C-87BE-97623AB712C0 Tue, 26 Dec 2006 14:54:18 -0800
Happy Holidays! USA 2007 Registration Open! We at Black Hat would like to wish you the best this Holiday season!<br /> <br /> We hope you have plenty of family, food and fun to go around. If you get bored you can always gather the family around the warm glow of your flat screen to watch the ghosts of presentations past. There is no better gift than that.<br /> <br /> Unless of course your loved one registers you for the USA 2007 show, in warm sunny Las Vegas!<br /> <br /> Early bird registration online at:<br /> https://www.blackhat.com/html/bh-registration/bh-registration.html#USA (Prices Vary ) <br /> <br /> Hotel Reservations now open.<br /> https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html https://www.blackhat.com/html/bh-registration/bh-registration.html#USA [email protected] (Black Hat Announcements) Black Hat Briefings USA 2007 ADF7494A-4F0A-443B-BCF6-3A2076B7AEF4 Fri, 22 Dec 2006 17:09:26 -0800 Black Hat DC CFP Details <![CDATA[ Interested in submitting to Black Hat DC? Here are some guidelines and suggestions.

Black Hat DC this year will focus on the operational aspects of information security, both defensive and offensive. By ‘operational’ we mean techniques, technologies, and code that are used as part of an ongoing cycle for securing the information systems of an organization. It could be applied to the offensive initiatives of a group such as a pen test team or vulnerability researchers.

We are not looking for how-tos, pure research, or pure policy presentations. We are looking for innovations that can be applied to information security operations by real people in real organizations.

Here are a few example topics that are good fits:

-Automating detection and remediation of important threats.
-Methods to deploy zero-day attacks for maximum effect and minimal exposure.
-Integrating binary analysis into the patch management cycle to optimize the decision-to-deploy process.
-Exposing vulnerabilities in little known systems that introduce novel attack vectors, from SCADA, WiFi, RFID, or machine BIOS.
-Determining security activities that are ongoing cycles that can be optimized for strategic gain. You would include specific examples with in-depth discussion of the technical solutions and results.

And a few examples of topics that do not reflect our focus for Black Hat DC:
-Why updating your AUP is a good thing.
-How to install (anything)
-In-depth review of a specific tool
If you have questions about a topic as it applies, just drop us an email.

Black Hat has always focused on the practical, applied uses of information and computer security. Your audience is looking to learn the latest trends, as well as the latest techniques to either attack or defend their networks. ]]>
https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Black Hat Briefings DC 2007 A2D68C1C-E2ED-435E-8817-B6B38D0F638D Wed, 29 Nov 2006 18:21:27 -0800
Black Hat Europe 2007 Call For Papers is open Black Hat Europe 2007 Briefings & Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam.<br /> <br /> If you want to submit to the Call for Papers please note Black Hat does not accept product or vendor related pitches, or voodoo. If your talk is a veiled advertisement for a new product or service your company is offering, please do not submit. If your talk relies on voodoo techniques or tools you are not willing to share, then you should rethink the benefit the audience will get from sitting through your presentation. <br /> We strongly suggest that you submit earlier than later, since we will close the CFP early if we receive enough quality submissions to fill the slots. Please submit using the new on-line system at: https://cfp.blackhat.com/ https://cfp.blackhat.com/ 5D0D01C5-0547-4F1A-B5E8-55E0643AFA24 Fri, 17 Nov 2006 15:58:47 -0800 Black Hat Japan 2006 Presentations now online! Black Hat Japan 2006 Presentations are now available online!<br /> https://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006<br /> Presentation topics available include:Anti-Forensic Rootkits, The Art and Science of Writing Secure Code, Hacking Intranet Websites from the Outside,Breaking AJAX Web Applications, Subverting Vista Kernel and more!<br /> <br /> View more speaker info: https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-speakers.html<br /> <br /> We Also have the presentation material from USA 2006 show online, and we Anticipate we will have audio and video of the presentations available for download within the next few months.<br /> To view the USA media archives and more: https://www.blackhat.com/html/bh-multimedia-archives-index.html https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-speakers.html [email protected] (Black Hat Announcements) Black Hat Briefings Japan 2006 F4FA2392-EF25-435B-9601-618BAFC55029 Tue, 10 Oct 2006 17:21:07 -0700 Black Hat DC Registration and CFP open! <![CDATA[ Black Hat would like to announce that online registration and the Call for Papers for Black Hat DC is now open!

Black Hat DC 2007 Briefings & Training will be February 26 to March 1, held at the Sheraton Crystal City hotel in Arlington Virginia.

Register early and take advantage of our early bird special and save when you register for the Briefings before January 1st.

Papers and requests to speak will be received and reviewed from October 1, 2006 until January 1, 2007. We strongly suggest that you submit earlier than later, since we will close the CFP early if we receive enough quality submissions to fill the slots.
Please submit using the online system at https://cfp.blackhat.com/

If you want to submit to the Call for Papers please note:
Black Hat does not accept product or vendor related pitches. If your talk is a veiled advertisement for a new product or service your company is offering, please do not submit.

Black Hat is launching its new electronic CFP submissions server with this announcement. You will be able to upload your submissions, make changes, select your co-presenters, etc. This system will allow you to submit multiple presentations as well as be able to change your info should you need to. This new submission and review process will enable the future possibility of peer review and online information exchange. For now we are looking forward to seeing your submissions and would like to hear any feedback you have on this new submissions process.

Topic Focus for Black Hat DC 2007:
We would like presenters to think about offensive and defensive computer security operations and the application of your expertise and research. Think about its application in an operational process that can be defensive or offense, large enterprise or distributed organized criminal group, military or civilian. This is not a requirement to submit, but we want some differentiation for the DC conference. Thinking in terms of operational applicability will steer content in a direction we hope the DC audience will appreciate.

Dates to Remember:

https://cfp.blackhat.com/
Call for Papers closes: January 1st, 2007.

https://www.blackhat.com/html/bh-registration/bh-registration.html#DC Early Bird registration rate ends December 31st.
Regular registration rate ends Feb 18th.
More information regarding speaker requirements and our guidelines for this years submissions available at https://www.blackhat.com/ ]]>
https://www.blackhat.com/html/bh-link/briefings.html [email protected] (Black Hat Announcements) Black Hat Briefings DC 2007 916A1A80-9FF5-4C3E-AD17-C544437F3E01 Wed, 11 Oct 2006 10:05:44 -0700
Black Hat Briefings Japan speakers now selected. The Black Hat Briefings Japan '06 speakers have been selected. We received many presentations this year and we have chosen a broad sampling of topics facing security professionals today, with an emphasis on issues facing the Asian Pacific region. The schedule is on line now and available on our Black Hat Japan site in both English and Japanese.<br /> <br /> There will be 2 tracks, over 2 days comprised of renowned information and computer security professionals. We have a wide selection of topics this year from "Catching Malware" to "Subverting Vista Kernel" <br /> Speakers include: Alex Stamos and Zane Lackey - Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 Jeremiah Grossman - Hacking Intranet websites from the outside: Malware just got a lot more dangerous Dan Moniz - Six Degrees of XSSploitation Paul Bohm - Taming Bugs: The art and science of writing secure code Joanna Rutkowska - Subverting Vista Kernel For Fun And Profit Kenneth Geers & Alexander Eisen - IPv6 World Update Strategy & Tactics Heikki Kortti - Input Attack Trees Mr. Sugiura - Winny P2P security Darren Bilby - Low Down and Dirty: Anti-Forensic Rootkits Thorsten Holz and Georg Wicherski - Catching Malware to Detect, Track and Mitigate Botnets Yuji Hoshizawa - TBD Scott Stender - Attacking Internationalized Software <br /> Please check out our speakers page for updates. There you will find Abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at Tokyo, Keio Plaza Hotel, October 3-6th, 2006. More information is available on our Black Hat Japan site.<br /> <br /> To register visit us online at: https://www.blackhat.com/html/bh-registration/bh-registration.html#Japan. Act fast our early bird discount will end September 15th. We look forward to seeing you at Tokyo, Keio Plaza Hotel, October 3-6th, 2006. More information on this years venue is available at https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-venue.html . https://www.blackhat.com/html/bh-japan-06/bh-jp-06-main.html [email protected] (Black Hat Announcements) Black Hat Briefings Japan 2006 BEC7823F-2AD8-477C-B22D-FC350D23EF47 Wed, 6 Sep 2006 14:20:57 -0700 Researchers hack Wi-Fi driver to breach laptop - by By Robert McMillan, IDG <br> One of many flaws found allowed them to take over a laptop by exploiting a bug in an 802.11 wireless driver. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California.<br> <br> "This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said." http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html [email protected] (Black Hat Announcements) Black Hat in the news 6E3B68FC-A407-4BF1-B5B9-1778594AAADE Fri, 23 Jun 2006 13:08:00 -0700 Black Page update: Forensics by Dominique Brezinski, Chuck Willis, Dr. Neal Krawetz, Johnny Long and Kevin Mandia The BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community. The June 20, 2006 page highlights the Forensics and incident response and adversary identification topics we will be seeing at our upcoming conference. <br> <br> "I am so relieved. It has finally happened: the forensic field is transitioning from techniques that satisfy the needs of law enforcement to techniques that satisfy the needs of everyone else. " https://www.blackhat.com/html/bh-blackpage/bh-blackpage.html [email protected] (Black Hat Announcements) Black Hat USA 06 7D2749EC-2AE6-4EA5-B71F-DE1A3AB00F45 Fri, 23 Jun 2006 13:06:21 -0700 Black Page update: VoIP Security by Dominique Brezinski, Doug Mohney, David Endler, Hendrik Scholz, Jay Schulman The BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community.The June 13, 2006 page highlights the number of voice-service related presentations we will be seeing at our upcoming conference.<br> <br> "However, the security impacts of prevalent and cheap voice services over IP networks go far beyond device, protocol and server weaknesses. With voice communication comes social engineering, so this year we have presentations demonstrating VoIP phishing, voice analytics used to defend against social engineering attacks, and the more traditional exploitation of technology weaknesses." https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132006.html [email protected] (Black Hat Announcements) Black Hat USA 06 E6BBBDDB-D386-4A96-AFDE-F88604ACC1BB Fri, 23 Jun 2006 13:04:13 -0700 Audio from Black Hat USA '05 now on-line! Past speeches and talks from the Black Hat Briefings computer security conferences.<br> <br> The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace.<br> A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html<br> <br> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 cbr 64k audio format. If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2005 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there! https://www.blackhat.com/podcast/bh-usa-05-audio.rss [email protected] (Black Hat Announcements) Black Hat USA 05 BB3F0BB4-5BB1-4F79-835A-DE488D2C0F67 Mon, 12 Jun 2006 19:25:33 -0700 Video from Black Hat USA '05 now on-line! The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace.&lt;br&gt;<br> A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html<br> <br> Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br> <br> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2005 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there! https://www.blackhat.com/podcast/bh-usa-05-video.rss [email protected] (Black Hat Announcements) Black Hat USA 05 10C3E6C1-6D74-4411-8C43-01E3212385D9 Mon, 12 Jun 2006 19:23:06 -0700 From the MSRC Blog: Microsoft presenting at the Black Hat security conference in Las Vegas. I was asked by a reported to comment on this, so I went and read it. Microsoft has some nice things to say about Black Hat.. who would have thought the their security world would have changed so much in a few short years?<br> <br> >From the article:<br> <br> "he cool part is that we will be the first software vendor to present an entire Black Hat Briefing track on a pre-release product, specifically to gather security researcher feedback. We submitted several presentations to the Black Hat event organizers and, based on the technical merit and interest to the audience, they were accepted. Day two of the Black Hat event in Las Vegas will feature deeply technical presentations on security features and functionality in Windows Vista. There‚Äôs a total of five presentations, and of course Microsoft researchers and architects will be there to actively participate in the event..." http://blogs.technet.com/msrc/archive/2006/06/09/434600.aspx [email protected] (Black Hat Announcements) Black Hat in the news 23FFB860-EB86-4353-8D4C-7B976FBE7BE0 Mon, 12 Jun 2006 15:34:06 -0700 BlueBag PC sniffs out Bluetooth Flaws - by Robert McMillan Over at infoworld, an article about BlueBag, a custom Bluetooth sniffing set up created by Stefano Zanero (A long time Black Hat contributor) and his company.<br> <br> If you make it to Black Hat this summer you can see it in action during their presentation.<br> <br> "If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag..." http://www.infoworld.com/article/06/06/07/79045_HNbluebag_1.html [email protected] (Black Hat Announcements) Black Hat in the news 1DF9944D-AACB-43B0-9782-89D770FC5F7A Fri, 9 Jun 2006 17:52:06 -0700 Black Hat USA 2006 Speakers Selection Complete! The Black Hat USA 2006 Speaker selection process is now complete.<br> <br> This years Briefings will be the largest ever in terms of content. Even with an additional two track of content per day we were overwhelmed with submissions. In the end there were over twenty submissions we would have liked to accept, but simply had no room.<br> <br> Curious about who was selected, and what they are presenting on? Check out the speakers page below.<br> The quality and quantity of submissions was at an all time hight this year. Even with an added two tracks of content there was not nearly enough room to accept all the presentation we wanted to.<br> <br> To those who made it, congratulations! Please work hard to impress the audience.<br> To those who didn't please know that most submissions were up to our standards, but lack of room and subject matter overlap were the main reasons for rejection. Don't give up! https://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html [email protected] (Black Hat Announcements) Black Hat USA 06 D6DFC204-1512-488A-8A94-B981FE2FB1F0 Thu, 1 Jun 2006 11:58:20 -0700 Black Hat USA 2006 Call for Papers has closed! The Black Hat USA 2006 Call for Papers has now closed. Speaker selection has begun, and the first round of selections and rejections should be complete by the end of the week. https://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html [email protected] (Black Hat Announcements) Black Hat USA 06 8F64CB18-DC2A-4E35-85B3-0048FDD36474 Mon, 8 May 2006 13:43:28 -0700 RAIDE Rootkit Elimination Tool Hits Beta Ryan Naraine writes for eWeek about Peter Silberman and Jamie Buttler's RAIDE tool that was released at Black Hat Amsterdam. From the article 'Spurred on by the ongoing cat-and-mouse game between malicious hackers and existing anti-rootkit scanners, a pair of security researchers have teamed up on a new tool that promises a solution to the threat from stealthy malware.' http://www.eweek.com/article2/0,1895,1938948,00.asp [email protected] (Black Hat Announcements) Black Hat in the news E32CD34F-CC8F-4A98-81D8-57CECA7782C9 Fri, 17 Mar 2006 08:00:00 -0700 Web 2.0 Meets Virus 2.0 Black Hat presenter Billy Hoffman, a researcher at SPI Dynamics, discusses the possibility of advanced Ajax based worms. In one scenario discussed, if an online stock broker site was breached, it could not only impact thousands of users on a site, but could potentially impact the stock market as a whole. These threats are more than theoretical, as the recent infection of MySpace has shown. http://technology.guardian.co.uk/weekly/story/0,,1726234,00.html [email protected] (Black Hat Announcements) Black Hat in the news 7E2273ED-3E38-40D4-A397-9B37E99601E2 Sat, 4 Mar 2006 07:00:00 -0700 Black Hat presenter finds Microsoft fingerprint reader insecure. Shocker! Microsoft sells a fingerprint reader designed to logs into web sites without remembering passwords. Despite this, Microsoft explicately states that the device should not be used to protect sensative information. Mikko Kiviharju, a finnish researcher, discovered that Microsoft chose turn off the encryption that is supported by the OEM, Digital Persona. What baffles the Black Hat team is the statement from Digital Persona's CTO - 'The fact that they turned the encryption off, I would argue, does not in a practical sense open up any security holes'. Then why include it as a feature? http://www.pcworld.com/resource/article/0,aid,124978,pg,1,RSS,RSS,00.asp [email protected] (Black Hat Announcements) Black Hat in the news 10E0884E-4DA2-4BA8-9460-A16C223F7EE4 Fri, 3 Mar 2006 11:00:00 -0700 Black Hat Europe 2006 Online registration closed Online registration for Black hat Europe 2006 has closed. On site registration for training will take place Tuesday, 28 February 2006, 16:00 - 21:00. On site registration for the Briefings will be Wednesday, 01 March 2006, 16:00 - 18:00. Follow the link for more the full schedule. https://www.blackhat.com/html/bh-europe-06/bh-eu-06-schedule.html [email protected] (Black Hat Announcements) Black Hat Europe 06 5D3DDD8A-FED0-475F-BB69-9C4D25FBA7A5 Fri, 17 Feb 2006 18:00:00 -0700 Black Hat USA 2006 Call for Papers Opens! The Black Hat USA 2006 Call for Papers is now open. Don't hesitate to submit your presentations for consideration. Unleash you best kung-fu for the greatest chance of being selected. For complete details follow the link. https://www.blackhat.com/html/bh-usa-06/bh-usa-06-cfp.html [email protected] (Black Hat Announcements) Black Hat USA 06 D2456FA5-50B5-49AA-8D8D-007BD8BEB030 Thu, 2 Feb 2006 16:05:00 -0700 Black Hat Europe 2006 Early Bird Registration Closing Black Hat Europe early bird rate is about to end. There are 6 days left of a $200 USD discount on registration for Black Hat Europe Briefings and Trainings 2006. Black Hat Europe takes place February 28-March 3, 2006 at the Grand Hotel Krasnapolsky, Amsterdam, NL. Register now and save! https://www.blackhat.com/html/bh-registration/bh-registration.html#eu [email protected] (Black Hat Announcements) Black Hat Europe 06 4AFAAD32-EBC2-4745-BC2A-6740139FB0ED Thu, 2 Feb 2006 16:00:00 -0700 Comprehensive Black Hat Federal 2006 review by noted security author Richard Bejtlich In an extensive five-part review author Richard Bejtlich discusses each presentation he attended and interactions he had at Black Hat Federal 06. Richard has trained at a previous Black Hat, was a contributor to 'hacking exposed' and the author of 'The Tao of Network Security Monitoring: Beyond Intrusion Detection'. http://taosecurity.blogspot.com/#113839241238734087 [email protected] (Black Hat Announcements) Black Hat in the news 1CA40AEF-8FF2-4755-BC8D-9B8C9DD0A1E6 Tue, 31 Jan 2006 17:25:00 -0700 Adversary characterization highlighted at Black Hat Federal 06 Parker and Devost show that it is not enough to take technical countermeasures to defend yourself it's necessary to understand who may be attacking you. Parker literally wrote the book on adversary characterization, and Government Computer News takes a look at his latest research. http://www.gcn.com/vol1_no1/daily-updates/38107-1.html [email protected] (Black Hat Announcements) Black Hat in the news AD404833-E31E-4A74-872C-9355E3E35444 Tue, 31 Jan 2006 17:15:00 -0700 BIOS Rootkit research explored at Black Hat Federal 06 As rootkit technology continues to advance, researcher John Heasman investigates the potential for BIOS rootkits. He concludes that this is an attack-vector that could have devastating consequences. John is working on a toolkit to detect these attacks. http://www.gcn.com/vol1_no1/daily-updates/38102-1.html [email protected] (Black Hat Announcements) Black Hat in the news 2A0F516F-597B-4C89-B7F8-CB8F96D83EC5 Tue, 31 Jan 2006 17:10:00 -0700 Washington Post reviews Black Hat Federal 06 Briefings Brian Krebs of the Washington Post provides a summary of many of the groundbreaking presentations at the Black Hat Federal 2006 Briefings. http://blogs.washingtonpost.com/securityfix/2006/01/a_letter_from_b.html [email protected] (Black Hat Announcements) Black Hat in the news 79D527C3-78AB-47FD-A718-A9FDFDD8D9AC Tue, 31 Jan 2006 17:05:00 -0700 Litchfield's Oracle 'Breakable' presentation stirs disclosure debate. David Litchfield presented the Black Hat Federal audience with a '0-day' Oracle vulnerability, as well as risk mitigation techniques after Oracle neglected to address the problem in their latest patch. This SecurityFocus article discusses the growing frustration in the security community regarding Oracles apparent lack of commitment to building healthy relationships with independent researchers. http://www.securityfocus.com/brief/118 [email protected] (Black Hat Announcements) Black Hat in the news FB7493E4-99E0-4BD1-95DA-514497EAB03F Tue, 31 Jan 2006 17:00:00 -0700 Black Hat Europe 2006 Briefings Speakers Selected Speakers for Black Hat Europe 2006 Briefings have been selected. Selections include 'Skeletons in Microsoft's Closet - Silently Fixed Vulnerabilities' by Steve Manzuik and Andre Protas, 'RAIDE: Rootkit Analysis Identification Elimination' by Peter Silberman and Jamie Butler, and 'Exploiting Embedded Systems' by Barnaby Jack. This is the sixth Briefings in Europe since our first Briefings in 2000. Black Hat Europe 2006 Briefings and Trainings take place in Amsterdam, 28 February - March 2006. Visit www.blackhat.com for to register or for further information. https://www.blackhat.com/html/bh-europe-06/bh-eu-06-speakers.html [email protected] (Black Hat Announcements) Black Hat Europe 06 33A11454-C8BF-4257-BA25-DA11077DC980 Mon, 12 Dec 2005 08:00:00 -0700 PC World's Winners and Losers of 2005 In a round-up of the highlights in technology this year, PC World lists Cisco as a 'Loser' for it's censorship attempts at Black Hat USA 2005. Juniper is shown as the 'Winner', having hired researcher and Black Hat speaker Michael Lynn. http://abcnews.go.com/Technology/PCWorld/story?id=1444676 [email protected] (Black Hat Announcements) Black Hat in the news C3AD3760-30FE-4BE8-BF77-A4098749B6B9 Thu, 29 Dec 2005 17:00:00 -0700 Black Hat Federal 2006 speakers selection now complete The Black Hat Federal 2006 CFP is closed, and speakers have been selected and are now on-line! The Federal show is highlighing some great presentations on technical attack, defense, root kit advancements and forensics. Something for every security ninja in the new year. https://www.blackhat.com/html/bh-federal-06/bh-fed-06-speakers.html [email protected] (Black Hat Announcements) Black Hat Federal 06 BAE2408B-2A2B-4E98-8EBD-7D9E9E005239 Fri, 23 Dec 2005 17:00:00 -0700 CNET highlights Anti-Anti Virus Research, Black Hat Speaker At Black Hat USA 2005, reporter Robert Vamosi spoke with Black Hat Speaker Alex Wheeler regarding the state of vulnerabilities in Anti-virus software. According to Robert, only one vendor - F-Secure took the threat seriously enough to determine that patches were warranted. Keep an eye on vulnerabilities in security related software - vulnerability researchers are starting to have them in their sights. http://cnet.com.au/software/security/0,39029558,40058961,00.htm [email protected] (Black Hat Announcements) Black Hat in the news 88E80103-390F-48F1-9561-E1D81F5A5EDF Tue, 20 Dec 2005 12:00:00 -0700 BlackPage update: Kevin Mandia Kevin Mandia, a world recognized leader of incident response research, points out that a responder must have skills at least that of the attacker. One of the challenges to IR is discovering there is an incident to begin with. If we only look for known attacks, we will only find the moderately skilled attackers, leaving us exposed to the truly skilled adversaries. https://www.blackhat.com/html/bh-blackpage/bh-blackpage.html [email protected] (Black Hat Announcements) Black Hat BlackPage 4973BBAC-1AC7-4462-910E-051A406F5831 Thu, 8 Dec 2005 11:50:00 -0700 New training class added to Black Hat Europe Laurent Oudot is offering a new class Live Hacking on Honeypots for our Amsterdam conference. Overview: Few years after the birth of those valuable solutions to delude attackers, Honeypots have become a new key to improve the security of IT infrastructures. This 2 days comprehensive course is geared to teach you almost anything about honeypots technologies: theory, value, goals, conception, design, architectures, etc. Practical periods will allow students to switch their role from whitehat to blackhat, with live hacking on dedicated honeypots! https://www.blackhat.com/html/bh-europe-06/train-bh-eu-06-lo2.html [email protected] (Black Hat Announcements) Black Hat Europe 06 2F7988B7-6E64-4B05-9FEA-FC9AADAC3266 Mon, 5 Dec 2005 10:00:00 -0700 Jennifer Granick writes about disclosure post ciscogate is "Dark Cloud Hovers Over Black Hat" wired.com From the article "Last week Black Hat, the Vegas security conference that was at the center of the Ciscogate controversy last summer, was purchased by CMP Media. The sale has the internet hens clucking about whether ownership by a larger, wealthier corporation will protect Black Hat from future legal challenges, or make it more susceptible to pressure from companies wanting to control vulnerability disclosures. The more worrisome question is why Black Hat and other purveyors of security information must worry so much about what they disclose. For better or worse, the settlement I negotiated with Cisco in its case against researcher Michael Lynn kept some important legal issues from reaching a courtroom, and these unsettled questions cast a long shadow over security research today. http://www.wired.com/news/privacy/0,1848,69655,00.html [email protected] (Black Hat Announcements) Black Hat in the news B42FCDC4-DB3A-49A0-83D5-E986C91EFD06 Wed, 23 Nov 2005 10:00:00 -0700 Saumil Shah and Dave Cole "Adware Spyware" Audio The Business:Timeline - how did we get into this mess? The Technology: Technical overview of different types of programs (taxonomy). Looking ahead: Market polarization, bad get worse, good get better (more white, less grey). Exploiting Adware. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Shah [email protected] (Black Hat Announcements) Black Hat Japan 05 DE75895C-5B9A-4399-9A28-5259B5E640AE Fri, 18 Nov 2005 14:30:00 -0700 Satoru Koyama "Botnet survey result: Our security depends on your security" Audio (Japanese) Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets. However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found during the investigation and the current state of the massive amount of infected users and sub-species of botnets. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Koyama [email protected] (Black Hat Announcements) Black Hat Japan 05 838DEF20-2020-45A9-84FE-65ED01A55B57 Thu, 17 Nov 2005 20:00:00 -0700 [Announcement] Black Hat acquired by CMP From the announcement "CMP Media, a marketing solutions company serving the technology, healthcare and entertainment markets, announced today that it has acquired Black Hat Inc., a producer of information security conferences and training that includes Black Hat Briefings and Conferences. Jeff Moss, founder and owner, will continue to run Black Hat and will join CMP Media as Director of Black Hat. Combining CMP's current portfolio of Computer Security Institute (CSI), Secure Enterprise magazine and the Security Pipeline website with Black Hat, will position CMP Media as the strongest platform in the computer security media market. . . This move will enable Black Hat to take advantage of growth opportunities we couldn't pursue as a small company, such as international expansion, while enabling me to keep doing what I love the most -- working with speakers and building the conference programs," Jeff Moss added. http://biz.yahoo.com/prnews/051115/nytu206.html [email protected] (Black Hat Announcements) Black Hat in the news 48E40C26-42A1-4F4C-9643-0C2BF6B02EC4 Tue, 15 Nov 2005 18:30:00 -0700 Michael Sutton and Adam Greene "The Art of File Format Fuzzing" Audio In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#sutton [email protected] (Black Hat Announcements) Black Hat Japan 05 857F2BEB-E056-4074-8BE8-F8D9C3ED59A1 Tue, 15 Nov 2005 18:00:00 -0700 Kenneth Geers "Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond)" Audio Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think that Anna Kournikova is hot. If the answer to any of the above questions is yes, then you need an introduction to the Gulag Archipelago of the Internet, the Cyberia of interconnected networks, Russia. . . https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#geers [email protected] (Black Hat Announcements) Black Hat Japan 05 9DBA5436-8EFB-43F4-93D1-6A647E5CE683 Fri, 11 Nov 2005 20:00:00 -0700 Jeremiah Grossman "Phishing with Super Bait" Audio The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#grossman [email protected] (Black Hat Announcements) Black Hat Japan 05 73C90831-29BF-4374-B516-D761A1694BBD Fri, 11 Nov 2005 17:00:00 -0700 BlackPage update Implications of the Lynn Cisco Research, and Moving Forward Jeff Moss updates the BlackPage with his thoughts about ISS/Cisco vs. Mike Lynn/Black Hat. From the article "This update to the BlackPage will catch us up with what has happened in the ISS and Cisco vs. Mike Lynn and Black Hat case, and I hope to set the record straight. I have also asked for comment from other security experts, and that will be included as separate BlackPage entries." https://www.blackhat.com/html/bh-blackpage/bh-blackpage-11092005.html [email protected] (Black Hat Announcements) Black Hat in the news C67946B6-B401-4CD4-9D65-18EEE9AA6A50 Wed, 9 Nov 2005 13:00:00 -0700 Sherri Sparks and Jamie Butler "Shadow Walker: Raising The Bar For Rootkit Detection" Audio Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly by modifying private kernel objects in memory. This technique was coined DKOM, or Direct Kernel Object Manipulation. The difficulty in detecting this form of attack caused concern for anti-malware developers. This year, FU teams up with Shadow Walker to raise the bar for rootkit detectors once again. In this talk we will explore the idea of memory subversion. We demonstrate that is not only possible to hide a rootkit driver in memory, but that it is possible to do so with a minimal performance impact. The application (threat) of this attack extends beyond rootkits. As bug hunters turn toward kernel level exploits, we can extrapolate its application to worms and other forms of malware. Memory scanners beware the axiom, "vidre est credere." Let us just say that it does not hold the same way that it used to. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Butler [email protected] (Black Hat Announcements) Black Hat Japan 05 3E643E41-F1A1-4571-B2E9-70868000980A Tue, 8 Nov 2005 16:00:00 -0700 Hideaki Ihara "Forensics in Japan" Audio (Japanese) In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character encoding and Japanese are significant issues for Japanese agents. This session will cover the various issues on Japanese when using popular forensic tools and other technical issues for future considerations. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Ihara [email protected] (Black Hat Announcements) Black Hat Japan 05 7290D592-FA56-46C1-8060-7FAE5E1D4041 Tue, 8 Nov 2005 14:00:00 -0700 Jeff Moss Interviewed about Ciscogate wired.com From the article "The legal wrangling finally ended this week, and the FBI case against Lynn has closed. Lynn spoke with Wired News in July to tell his side of the story. Now Black Hat founder Jeff Moss talks about what happened from his perspective and why companies continue to repeat the mistakes of their predecessors in trying to suppress the full disclosure of security bugs and punish security researchers." http://www.wired.com/news/privacy/0,1848,69488,00.html?tw=wn_tophead_5 [email protected] (Black Hat Announcements) Black Hat in the news AECAD8F2-15EA-4A6E-A7AA-31FDB9629689 Mon, 7 Nov 2005 19:00:00 -0700 Ejovi Nuwere "The Art of SIP fuzzing and Vulnerabilities Found in VoIP" Audio This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors. The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches for fuzzing text based protocols which can be more complex then fuzzing binary protocols. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Nuwere [email protected] (Black Hat Announcements) Black Hat Japan 05 E7BD9291-BC9C-49E1-8507-F5E2C7D8EA45 Mon, 7 Nov 2005 06:00:00 -0700 Dominique Brezinski "A Paranoid Perspective of an Interpreted Language" Audio Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Brezinski [email protected] (Black Hat Announcements) Black Hat Japan 05 33D3FF37-2D74-4305-A5C1-C5CA4F1BEBD3 Mon, 7 Nov 2005 05:00:00 -0700 David Maynor "Architecture Flaws in Common Security Tools" Audio Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepted encoding schemes to launch attacks right through most security tools? Come and see what hackers know; if you rely on these products to keep you safe, you can't afford not to. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#maynor [email protected] (Black Hat Announcements) Black Hat Japan 05 3F8C1202-FD0F-4C6A-8B07-A7AAE8DB0EC0 Sat, 5 Nov 2005 06:00:00 -0700 Chris Hurley (Roamer) "Identifying and Responding to Wireless Attacks" Audio on-line This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presented. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Hurley [email protected] (Black Hat Announcements) Black Hat Japan 05 2A159F44-8F7E-485A-90F0-AE288404D1AD Fri, 4 Nov 2005 09:00:00 -0700 Dan Kaminsky "Black Ops Of TCP/IP 2005" Audio on-line Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed. https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Kaminsky [email protected] (Black Hat Announcements) Black Hat Japan 05 BD0BF018-EB85-451A-9A33-E43BF213CE06 Fri, 4 Nov 2005 06:00:00 -0700 Black Hat Briefings and Training Federal Registration now open Black Hat Federal 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 22 presentations. There will be 11 Trainings classes, with new offerings such as Saumil Shah's "The Exploit Laboratory - Buffer Overflows For Beginners," and Matt Hargett's "Binary Static Analysis: From the Inside-Out." Class sizes for all trainings are limited to ensure each student receives individual attention. Register early before classes fill up and to receive an early discount. https://www.blackhat.com/html/bh-registration/bh-registration.html#Fed Black Hat Federal 06 70D9BA9C-A635-453C-AF7F-F48734C9DCF0 Thu, 3 Nov 2005 05:00:00 -0700 Black Hat Briefings and Training Europe Registration now open Black Hat Europe 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 25 presentations. There will be 10 Training classes with new offerings and an updated SensePost class "Hacking by Numbers: Combat Edition." Due to limited class size, many of our classes fill up quickly. Register early to ensure training availability and to take advantage of our early bird registration discount. https://www.blackhat.com/html/bh-registration/bh-registration.html#eu Black Hat Europe 06 41D52942-7D57-4A8B-8C29-251FDD852EFB Thu, 3 Nov 2005 05:00:00 -0700 Black Hat in '10 Infamous Moments In Security Research' InformationWeek has a top 10 Infamous Moments In Security Research artice, David Litchfield and Black Hat are listed as #1 for David's work on an SQL problem that turned into the slammer worm. You will notice that Mike Lynn is mentioned as #3, but it is not revealed that he presented this research at Black Hat as well, nor the ISS and Cisco lawsuits against Black Hat mentioned. But not to worry, Davaid Litchfield is also in position #6 with his Oracle PLSQL gateway vulnerability. http://www.informationweek.com/security/showArticle.jhtml?articleID=185301327 [email protected] (Black Hat Announcements) Black Hat in the news F9CFEA15-D83C-4C46-A119-767DD0EECDDC Mon, 17 Apr 2006 23:35:58 -0700