Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!

Episodes

Gadi Evron: Estonia: Information Warfare and Strategic Lessons

December 11, 2007 • 73 mins
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population.

Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight work...
Mark as Played

HD Moore & Valsmith: Tactical Exploitation-Part 2

December 11, 2007 • 72 mins
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework.

REVIEWER NOT...
Mark as Played

Mark Vincent Yason: The Art of Unpacking

January 9, 2006 • 60 mins
Unpacking is an art - it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating system in order to identify or solve very difficult anti-reversing tricks employed by packers/protectors, patience and cleverness are also major factors in a successful unpack. This challenge involves researchers creating the packers and ...
Mark as Played

Mike Perry: Securing the tor network

January 9, 2006 • 67 mins
Imagine your only connection to the Internet was through a potentially hostile environment such as the Defcon wireless network. Worse, imagine all someone had to do to own you was to inject some html that runs a plugin or some clever javascript to bypass your proxy settings. Unfortunately, this is the risk faced by many users of the Tor anonymity network who use the default configurations of many popular browsers and other network ...
Mark as Played

Richard A. Clarke: KEYNOTE: A Story About Digital Security in 2017

January 9, 2006 • 44 mins
To those who seek truth through science, even when the powerful try to suppress it.
Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bus...
Mark as Played

HD Moore & Valsmith: Tactical Exploitation-Part 1

January 9, 2006 • 58 mins
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework.

REVIEWER NOT...
Mark as Played

Joel Eriksson & Panel: Kernel Wars

January 9, 2006 • 73 mins
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question.

This talk intends to demystify kernel-mode exploitation by demonstrating the analysis and reliable exploitation ...
Mark as Played

Jon Callas: Traffic Analysis -- The Most Powerful and Least Understood Attack Methods

January 9, 2006 • 51 mins
Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a family of techniques that are powerful and hard to defend against.

Traffic analysis is also one of the least studied and least well understood techniques in the hacking repertoire. Listen to experts in information security discuss what ...
Mark as Played

David Byrne: Intranet Invasion With Anti-DNS Pinning

January 9, 2006 • 53 mins
Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of anti-DNS pinning techniques. A victim web browser will be used to execute arbitrary, in...
Mark as Played

Len Sassaman: Anonymity and its Discontents

January 9, 2006 • 77 mins
In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems, and explain their strengths and limitations.

We will then describe the pseudonym system we are developing based on an information-theoretic secure private information r...
Mark as Played

Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques

January 9, 2006 • 48 mins
Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron is based upon dynamic instrumentation techniques as well as a newly developed page fau...
Mark as Played

Cody Pierce: PyEmu: A multi-purpose scriptable x86 emulator

January 9, 2006 • 61 mins
Processor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presentation I address these issues and provide a solution in the form of a scriptable multi-purpose x86 emulator written in Python. The concept was to allow a security researcher the ability to quickly integrate an emulator into their work flow ...
Mark as Played

Krishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

January 9, 2006 • 70 mins
Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and discovered that several vulnerabilities exist in such phones allowing remote attacker...
Mark as Played

Window Snyder & Mike Shaver : Building and Breaking the Browser

January 9, 2006 • 58 mins
Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same.

Mozilla has built and collaborated on tools to secure the Firefox Web browser and Thunder...
Mark as Played

Alexander Sotirov: Heap Feng Shui in JavaScript

January 9, 2006 • 74 mins
Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application.

This presentation introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaSc...
Mark as Played

Brad Hill: Attacking Web Service Securty: Message....

January 9, 2006 • 70 mins
Web Services are becoming commonplace as the foundation of both internal Service Oriented Architectures and B2B connectivity, and XML is the world's most successful and widely deployed data format. This presentation will take a critical look at the technologies used to secure these systems and the emerging attention to "message-oriented" security. How do WS-Security, XML Digital Signatures and XML Encryption measure up?

The firs...
Mark as Played

Joanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone?

January 9, 2006 • 75 mins
We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal firewalls on Vista systems.

A significant amount of time will be devoted to presenting...
Mark as Played

Luis Miras: Other Wireless: New ways of being Pwned

January 9, 2006 • 62 mins
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as well as chip level injection attacks allowing an attacker to control the target syst...
Mark as Played

Jonathan Afek: Dangling Pointer

January 9, 2006 • 66 mins
A Dangling Pointer is a well known security flaw in many applications.

When a developer writes an application, he/she usually uses pointers to many data objects. In some scenarios, the developer may accidentally use a pointer to an invalid object. In such a case, the application will enter an unintended execution flow which could lead to an application crash or other types of dangerous behaviors.
Mark as Played

Chris Wysopal & Chris Eng: Static Detection of Application Backdoors

January 9, 2006 • 71 mins
Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to. And what about your developer tool chain? Ken Thompson in "Reflections on Trusting ...
Mark as Played

Popular Podcasts

    Stuff You Should Know

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

    Dateline NBC

    Dateline NBC

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

    The Breakfast Club

    The Breakfast Club

    The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!

    The Clay Travis and Buck Sexton Show

    The Clay Travis and Buck Sexton Show

    The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.

    Latino USA

    Latino USA

    Latino USA is the longest-running news and culture radio program in the U.S. centering Latino stories, hosted by Pulitzer Prize winning journalist Maria Hinojosa Every week, the Peabody winning team brings you revealing, in-depth stories about what’s in the hearts and minds of Latinos and their impact on the world. Want to support our independent journalism? Join Futuro+ for exclusive episodes, sneak peaks and behind-the-scenes chisme on Latino USA and all our podcasts. www.futuromediagroup.org/joinplus

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.