พอดคาสท์ Conference USA ชั้นนำ (2024)

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques 47:13

18+ y ago47:13

47:13

Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Sam…

1
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript 1:00:18

18+ y ago1:00:18

1:00:18

The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular…

1
Kevvie Fowler: SQL Server Database Forensics 1:04:22

18+ y ago1:04:22

1:04:22

Databases are the single most valuable asset a business owns. Databases store and process critical healthcare, financial and corporate data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mis…

1
Kenneth Geers: Greetz from Room 101 1:05:17

18+ y ago1:05:17

1:05:17

Imagine you are king for a day. Enemies are all around you, and they seem to be using the Internet to plot against you. Using real-world cyber war stories from the most tightly controlled nations on Earth, Greetz from Room 101 puts you in the shoes of a king who must defend the royal palace against cyber-equipped revolutionaries. Can a monarch buy …

1
Jennifer Granick: Disclosure and Intellectual Property Law: Case Studies 1:13:44

18+ y ago1:13:44

1:13:44

The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against…

1
Jeremiah Grossman & Robert Hansen: Hacking Intranet Websites from the Outside (Take 2) - "Fun with and without JavaScript malware 54:40

18+ y ago54:40

54:40

Attacks always get better, never worse. The malicious capabilities of Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF), coupled with JavaScript malware payloads, exploded in 2006. Intranet Hacking from the Outside, Browser Port Scanning, Browser History Stealing, Blind Web Server Fingerprinting, and dozens of other bleeding-edge a…

1
Nick Harbour: Stealth Secrets of the Malware Ninjas 53:15

18+ y ago53:15

53:15

It is important for the security professional to understand the techniques used by those they hope to defend against. This presentation focuses on the anti-forensic techniques which malware authors incorporate into their malicious code, as opposed to relying solely on an external rootkit. In addition to describing a number of known but scarcely doc…

1
John Heasman: Hacking the extensible Firmware Interface 52:09

18+ y ago52:09

52:09

Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/ The Extensible Firmware Interface (EFI) has long been tou…

1
Brad Hill: Attacking Web Service Securty: Message.... 1:10:53

18+ y ago1:10:53

1:10:53

Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format. This presentation will take a critical look at the technologies used to secure these systems and the emerging attention to "message-oriented" security. …

1
Jim Hoagland: Vista Network Attack Surface Analysis and Teredo Security Implications 54:59

18+ y ago54:59

54:59

This talk will present the results of a broad analysis performed on the network-facing components of the release (RTM) version of Microsoft Windows Vista, as well as the results of study of the security implications of the related Teredo protocol. Windows Vista features a rewritten network stack, which introduces a number of core behavior changes. …

1
Greg Hoglund: Active Reversing: The Next Generation of Reverse Engineering 1:06:23

18+ y ago1:06:23

1:06:23

Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, …

1
Mikko Hypponen: Status of Cell Phone Malware in 2007 1:08:35

18+ y ago1:08:35

1:08:35

First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of different viruses have been found, most of them targeting smartphones running the Symbian operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth. Why is this mostly a Symbian problem? Why hasn't Windows…

1
Krishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones 1:10:32

18+ y ago1:10:32

1:10:32

Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and …

1
Jon Callas: Traffic Analysis -- The Most Powerful and Least Understood Attack Methods 51:51

18+ y ago51:51

51:51

Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a family of techniques that are powerful and hard to defend against. Traffic analysis is also one of the least studied and least well understood techniques …

1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web 55:14

18+ y ago55:14

55:14

Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…

1
Dr. Neal Krawetz: A Picture's Worth... 48:37

18+ y ago48:37

48:37

Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…

1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys) 1:13:07

18+ y ago1:13:07

1:13:07

RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...โดย feedback@blackhat.com (Black Hat RSS Feed)

1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online 1:02:26

18+ y ago1:02:26

1:02:26

Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…

1
David Litchfield: Database Forensics 1:03:44

18+ y ago1:03:44

1:03:44

Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…

1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know . 50:31

18+ y ago50:31

50:31

Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…

1
Haroon Meer & Marco Slaviero: It's all about the timing 1:13:22

18+ y ago1:13:22

1:13:22

It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …

1
Luis Miras: Other Wireless: New ways of being Pwned 1:02:59

18+ y ago1:02:59

1:02:59

There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…

1
Brian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat 57:41

18+ y ago57:41

57:41

Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battl…

1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community 46:15

18+ y ago46:15

46:15

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…

1
Bruce Schneier: KEYNOTE: The Psychology of Security 49:21

18+ y ago49:21

49:21

Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…

1
Jonathan Afek: Dangling Pointer 1:06:58

18+ y ago1:06:58

1:06:58

A Dangling Pointer is a well known security flaw in many applications. When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the developer may accidentally use a pointer to an invalid object. In such a case, the application will enter an unintended execution flow which could lead to an applica…

1
Pedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!) 1:13:03

18+ y ago1:13:03

1:13:03

Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disapp…

1
Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization 59:03

18+ y ago59:03

59:03

Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment con…

1
Andrea Barisani & Daniele Bianco: Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. 1:06:47

18+ y ago1:06:47

1:06:47

RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems. All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in ca…

1
Rohyt Belani & Keith Jones: Smoke 'em Out! 1:20:42

18+ y ago1:20:42

1:20:42

Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on …

1
Yoriy Bolygin: Remote and Local Exploitation of Network Drivers 1:14:40

18+ y ago1:14:40

1:14:40

During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behi…

1
Damiano Bolzoni & Emmanuel Zambon: Sphinx: an anomaly-based Web Intrusion Detection System 1:03:39

18+ y ago1:03:39

1:03:39

We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being ano…

1
Jamie Butler & Kris Kendall: Blackout: What Really Happened... 1:10:25

18+ y ago1:10:25

1:10:25

Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has ov…

1
David Byrne: Intranet Invasion With Anti-DNS Pinning 53:54

18+ y ago53:54

53:54

Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of an…

1
Stephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks 35:27

18+ y ago35:27

35:27

In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities w…

1
Richard A. Clarke: KEYNOTE: A Story About Digital Security in 2017 44:50

18+ y ago44:50

44:50

To those who seek truth through science, even when the powerful try to suppress it. Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presiden…

1
Jim Christy: Meet the Feds 1:13:48

18+ y ago1:13:48

1:13:48

Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime inv…

1
Maria Cirino: Meet the VC's 1:07:57

18+ y ago1:07:57

1:07:57

2007 held numerous watershed events for the security industry. Innovation is needed and the money is there. Come to this session and meet the VCs actively investing in security, web, and mobile applications. Learn how VCs see the future, what they are looking for, and how best to utilize them to further your innovations. This session will conclude …

1
Robert W Clark: Computer and Internet Security Law - A Year in Review 2006 - 2007 1:01:09

18+ y ago1:01:09

1:01:09

This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. Additionally, we look at topics such as: email retention and…

1
David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget 1:07:57

18+ y ago1:07:57

1:07:57

Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business d…

1
Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems 1:19:23

18+ y ago1:19:23

1:19:23

For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on …

1
Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing 40:05

18+ y ago40:05

40:05

Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing…

1
Barrie Dempster: VOIP Security 44:32

18+ y ago44:32

44:32

As VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issues underwent a thorough security review. This presentation will discuss the current issues in VoIP security, explain why the current focus is slightly wr…

1
Rohit Dhamankar & Rob King: PISA: Protocol Identification via Statistical Analysis 39:52

18+ y ago39:52

39:52

A growing number of proprietary protocols are using end-to-end encryption to avoid being detected via network-based systems performing Intrusion Detection/Prevention and Application Rate Shaping. Attackers frequently use well known ports that are open through most firewalls to tunnel commands for controlling zombie systems. This presentation shows …

1
Roger Dingledine: TOR 1:10:32

18+ y ago1:10:32

1:10:32

Tor project, an anonymous communication system for the Internet that has been funded by both the US Navy and the Electronic Frontier Foundation.โดย feedback@blackhat.com (Black Hat RSS Feed)

1
Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications 1:15:15

18+ y ago1:15:15

1:15:15

This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that wi…

พอดคาสต์ที่ควรค่าแก่การฟัง

Conference USA พอดคาสต์

พอดคาสต์ที่ควรค่าแก่การฟัง

คู่มืออ้างอิงด่วน