Black Hat Webcasts

Overview: We’re trying out a new format for the May 21 webcast on Mobility and Security. We’re going to bring in some researchers and some industry folks and have a round-table discussion on the current state and future direction of securing the mobile devices we all can’t live without. The idea behind this new style of presentation is to increase the amount of interactivity, both with the guests and the audience, so please join us and bring your ideas and questions. Alex Stamos, Founding Partner, iSEC Partners Charlie Miller, Principal Analyst, Independent Security Evaluators Vincenzo Iozzo, Student, Politecnico di Milano Roberto Gassira’, Security Researcher, Mobile Security Lab Roberto Piccirillo, Security Researcher, Mobile Security Labbr

Overview: Black Hat Europe is right around the corner – we’ll be returning to Amsterdam April 14-17. We’re very excited about the lineup of speakers we’ve put together, and this webcast will be a sort of sneak preview of what kind of presentations attendees will get to see at the live event. Webcast speakers include: Enno Rey and Daniel Mende All Your Packets Are Belong to Us – Attacking Backbone Technologies Charlie Miller and Vincenzo Iozzo Fun and Games Using In-Memory Execution on Mac OS X and iPhone Stefano Zanero adn Claudio Criscione Masibty: a Web Application Firewall Based on Anomaly Detection Roberto Gassira’ and Roberto Piccirillo Hijacking Mobile Data Connections

Rich Internet Application (RIA) frameworks are seeing an enormous growth in popularity – technologies like Ajax and Flash create nearly unlimited opportunities to expand and improve the web user experience. They also bring with them a host of new security risks. The popularity of these frameworks among application developers insures that we’ll see more attacks and issues in the months and years ahead. Join Black Hat Founder and Director Jeff Moss and his guests Billy Hoffman of HP and Alex Stamos of iSec for a lively discussion of new issues and security implications in the world of Rich Internet Applications.

Overview: Our seventh installment of the Black Hat Webcast Series arrives next week with an in-depth and fascinating look into the world of Mac Security. As the Mac platform grows in popularity both with the general public and the enterprise, we’ve seen an increase both in attacks and reasearcher interest in the topic of OS X Security. Black Hat Speaker Jesse D’Aguanno will be presenting on the topic of “Crafting OS X Kernel Rootkits – Fundamentals.” We’ll also have a presentation by Tiller Beauchamp of IOActive will be making a presentation called “OS X Security – A year in Review”. Please join me and our guests for what is sure to be a fascinat

Database Forensics expert David Litchfield will discuss his new tool and paper with Black Hat Founder and Director Jeff Moss and take questions from our webcast audience. The tool, orablock, allows a forensic investigator to dump data from a “cold” Oracle data file – i.e. there’s no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate “stale” data – i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box.

“Clickjacking” is all over the news lately. For the uninitiated, it’s a set of techniques discovered by Jeremiah Grossman and Robert Hansen that allows an attacker to transparently capture a user’s clicks, forcing the user to do all manner of unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.

Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities and at first sight present an insurmountable obstacle for exploit developers. This talk aims to present exploitation methodologies against this increasingly complex target. We will demonstrate how the inherent design limitations of the protection mechanisms in Windows Vista make them ineffective for preventing the exploitation of memory corruption vulnerabilities in browsers and other client applications. Each of the aforementioned protections will be briefly introduced and its design limitations will be discussed. We will present a variety of techniques that can be used to bypass the protections and achieve reliable remote code execution in many different circumstances. Finally, we will discuss what Microsoft can do to increase the effectiveness of the memory protections at the expense of annoying Vista users even more.

Our monthly free webcast series rolls on with another talk about a major vulnerability. This webcast is entitled “Trust Doesn’t Scale: Practical Hijacking On the World’s Largest Network.” The webcast is based on a remarkable presentation by Tony Kapela and Alexander Pilosov at the DEFCON security conference this August. To illustrate their BGP-based traffic-hijacking techniques, they intercepted all traffic from the notoriously hostile conference network and ran it through their servers. The process was almost completely invisible to DEFCON attendees. Their demonstration took advantage of a trust issue with Border Gateway Protocol (BGP), and it appears to be part of a larger security trend of major issues emerging in the bedrock protocols that support the Internet. Dan Kaminsky’s DNS vulnerability relies on trust issues in DNS. In recent years major questions have been raised about SNMP and ICMP and at this writing there’s word of a potentially major TCP exploit. Vulnerabilities like these raise significant questions about the business of security, the limits of patching, and the difficulties involved in securing a trust-based system.

Early in 2008, security researcher Dan Kaminsky located a gaping hole the basic underpinnings of the internet. This fundamental flaw in DNS security renders almost all DNS serves open to cache poisoning (US CERT VU#800113). As the vulnerability arises from flaws in the design of the DNS protocol, the issue affects nearly all vendors and nearly all products designed to work with DNS. In the intervening time, Dan has worked with a coalition of vendors to create a fix for this very serious and ubiquitous vulnerability. On July 8th, technology vendors from across the industry simultaneously released patches for their products in a combined effort of historic proportion.

During this inaugural webcast, Jeff Moss provided an overview of prevailing security trends and technologies and was joined by several of the world’s leading security minds who will each provide a brief preview of the topics they presented at the Black Hat Briefings & Trainings in August 2008. The presenters were: Bruce Potter with Malware Detection Through Flow Analysis Fyodor Vaskovich with Nmap – Scanning the Internet Shawn Moyer and Nathan Hamiel with Satan is on My Friends List: Attacking Social Networks Nate McFeters, John Heasman and Rob Carter with The Internet is Broken: beyond Document.Cookie – Extreme Client-Side Exploitation Mike Reavey, Steve Adegbite and katie Moussouris with Secure the Planet! new Strategic Initiatives from Microsoft to Rock your World.