Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!;br> Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format

Episodes

Bruce Potter: The Trusted Computing Revolution

June 4, 2006 44 mins
Trusted computing is considered a dirty word by many due to its use for Digital Rights Management (DRM). There is a different side of trusted computing, however, that can solve problems information security professionals have been attempting to solve for more than three decades. Large scale deployment of trusted computing will fundamentally change the threat model we have been using for years when building operating systems, applic...
Mark as Played

Saumil Udayan Shah: Writing Metasploit Plugins - from Vulnerability to Exploit

June 4, 2006 75 mins
This talk shall focus on exploit development from vulnerabilities. We have seen many postings on security forums which vaguely describe a vulnerability, or sometimes provide a "proof-of-concept" exploit. The Metasploit Framework is a powerful tool to assist in the process of vulnerability testing and exploit development. The framework can also be used as an engine to run exploits, with different payloads and post-exploitation me...
Mark as Played

Charles Edge: Attacking Apple’s Xsan

June 4, 2006 16 mins
A fundamental of many SAN solutions is to use metadata to provide shared access to a SAN. This is true in iSCSI or FibreChannel and across a wide variety of products. Metadata can offer a way around the built-in security features provided that attackers have FibreChannel connectivity. SAN architecture represents a symbol of choosing speed over security. Metadata, the vehicle that provides speed, is a backdoor into the system bui...
Mark as Played

Doug Mohney: Defending Against Social Engineering with Voice Analytics

June 4, 2006 45 mins
Voice analytics-once the stuff of science fiction and Echelon speculation-is now commercially available and is being used by call centers processing hundreds of thousands of calls per day to authenticate identity, spot key words and phrases, and even detect when a caller is angry or frustrated. It is also being used by large financial institutions for fraud prevention. These same tools can be applied to detect and deter social engi...
Mark as Played

Alexander Sotirov: Hotpatching and the Rise of Third-Party Patches

June 4, 2006 56 mins
Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used by old-school DOS viruses, spyware, and many security products. This presentation will focus on one particular application of hotpatching: the development of third-party security patches in the absence of source code or vendor support, as illustrated by Ilfak Guilfanov’s unofficial fix...
Mark as Played

Rob Franco: Case Study: The Secure Development Lifecycle and Internet Explorer 7

June 4, 2006 45 mins
Tony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will detail key vulnerabilities and attacks this methodology revealed as well as how the new version of IE will mitigate those threats with unique features such as the Phishing Filter and Protected Mode. Rob Franco lives to make browsing safer for internet users. Rob led Security improveme...
Mark as Played

Shawn Moyer: Defending Black Box Web Applications: Building an Open Source Web Security Gateway

June 4, 2006 24 mins
Web apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an option, especially for closed-source, black-box web apps or apps hosted on servers that you can't harden directly. If you have an app in your data center that your CIO thinks is the greatest thing since Microsoft Golf, but is really the HTTP equivalent of a big flashing "own me" sig...
Mark as Played

Brian Caswell and HD Moore: Thermoptic Camoflauge: Total IDS Evasion

June 4, 2006 81 mins
Intrusion detection systems have come a long way since Ptacek and Newsham released their paper on eluding IDS, but the gap between the attackers and the defenders has never been wider. This presentation focuses on the two weakest links in the current generation of intrusion detection solutions: application protocols and resource limitations. Complex protocols often have the most dangerous flaws, yet these protocols are barely suppo...
Mark as Played

Tom Gallagher: Finding and Preventing Cross-Site Request Forgery

June 4, 2006 20 mins
There is an often overlooked security design flaw in many web applications today. Web applications often take user input through HTML forms. When privileged operations are performed, the server verifies the request is from an authorized user. Cross-Site Request Forgery Attacks allow an attacker to coerce an authorized user to request privileged operations of the attacker’s choice. Learn about this attack, how you can quickly identi...
Mark as Played

Marco M. Morana: Building Security into the Software Life Cycle, a Business Case

June 4, 2006 24 mins
The times of designing security software as a matter of functional design are over. Positive security functional requirements do not make secure software. Think risk driven design, think like an attacker, think about negative scenarios during the early stages of the application development from misuse and abuse cases during inception, to threats, vulnerabilities and countermeasures during elaboration, secure coding during construct...
Mark as Played

Corey Benninger: Finding Gold in the Browser Cache

June 4, 2006 17 mins
Looking for instant gratification from the latest client side attack? Your search may be over when you see the data that can be harvested from popular web browser caches. This discussion will focus on what web application programmers are NOT doing to prevent data like credit card and social security numbers from being cached. It will explore what popular websites are not disabling these features and what tools an attacker can use t...
Mark as Played

Jamie Butler: R^2: The Exponential Growth in Rootkit Techniques

June 4, 2006 42 mins
Rootkit technology has exploded recently, especially in the realm of remote command and control vectors. This talk will cover the evolution of rootkit techniques over the years. It will explore the interaction between corporations, the open source community, and the underground. A detailed analysis of how different rootkits are implemented will be covered. Based on this analysis, the presentation concludes with a discussion of dete...
Mark as Played

John Lambert: Security Engineering in Windows Vista

June 4, 2006 48 mins
This presenation will offer a technical overview of the security engineering process behind Windows Vista. Windows Vista is the first end-to-end major OS release in the Trustworthy Computing era from Microsoft. Come see how we’ve listened to feedback from the security community and how we’ve changed how we engineer our products as a result. The talk covers how the Vista engineering process is different from Windows XP, details from...
Mark as Played

Renaud BIDOU: IPS Short comings

June 4, 2006 65 mins
Technologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and that 100% security is not realistic. Therefore the real need when deploying a new security device is to know its limits. IPS are part of those new technologies. They are oversold by marketing speeches and promises of an absolute security. Guess what? This is not exactly the truth.......
Mark as Played

William B Kimball: Code Integration-Based Vulnerability Auditing

June 4, 2006 15 mins
There is a growing need to develop improved methods for discovering vulnerabilities in closed-source software. The tools and techniques used to automate searching for these vulnerabilities are either incomplete or non-existent. Fuzz-testing is a common technique used in the discovery process but does not provide a complete analysis of all the vulnerabilities which may exist. Other techniques, such as API hooking, are used to monito...
Mark as Played

Noel Anderson and Taroon Mandhana: WiFi in Windows Vista: A Peek Inside the Kimono

June 4, 2006 58 mins
Windows Vista comes with redesigned support for WiFi (802.11 wireless). For those of us who live with a laptop in easy reach, it’s going to have an effect on our workday. For users there’s a new UI experience, helpful diagnostics and updated default behaviors. For IT pros who manage Windows clients, there’s improved management via Group Policy and Scripting. For sysadmins & geeks there’s a new command line interface. But behind ...
Mark as Played

Tom Brosch and Maik Morgenstern: Runtime Packers: The Hidden Problem?

June 4, 2006 20 mins
Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to the WildList as well as ad- and spyware is packed with one or another runtime packer. Not only can they turn older malware into new threats again, but they might also prevent AV vendors from using more generic approaches and therefore requiring more work, which possibly generates more errors or broken updates, unless the product is ...
Mark as Played

Halvar Flake: RE 2006: New Challenges Need Changing Tools

June 4, 2006 45 mins
Reverse Engineering has come a long way-what used to be practiced behind closed doors is now a mainstream occupation practiced throughout the security industry. Compilers and languages are changing, and the reverse engineer has to adapt: Nowadays, understanding C and the target platform assembly language is not sufficient any more. Too many reverse engineers shy away from analyzing C++ code and run into trouble dealing with heavily...
Mark as Played

Dino Dai Zovi: Hardware Virtualization Based Rootkits

June 4, 2006 50 mins
Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the Intel® Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these ext...
Mark as Played

Jonathan Squire: $30, 30 Minutes, 30 Networks

June 4, 2006 17 mins
Have you ever walked into your local Global Mega Super Tech Store and wondered how cheaply you could build a device that could play your digital music, display pictures, and listen to your neighbor's wireless network? Project Cowbird is part of an on-going research project to chart the various predators and prey within the information security landscape into a pseudo-ecology. Project Cowbird demonstrates the reuse of a $30 wir...
Mark as Played

Popular Podcasts

    Stuff You Should Know

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

    Dateline NBC

    Dateline NBC

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.

    On Purpose with Jay Shetty

    On Purpose with Jay Shetty

    I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!

    24/7 News: The Latest

    24/7 News: The Latest

    The latest news in 4 minutes updated every hour, every day.

    The Bobby Bones Show

    The Bobby Bones Show

    Listen to 'The Bobby Bones Show' by downloading the daily full replay.

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

Explore

iHeart

Live Radio

Podcasts

Artist Radio

Exclusives

News

Features

Events

Contests

Photos

Information

About

Advertise

Blog

Brand Guidelines

Contest Guidelines

Subscription Offers

Jobs

Get the App

Automotive

Home

Mobile

Wearables

© 2025 iHeartMedia, Inc.