| Blackhat 2006 Favorites http://craigchamberlain.dreamhosters.com/blackhat/ Joanna Rutkowska stunned the audience with her presentation of what is essentially a weapons-grade rootkit for vista64; she's done a good amount of work on this and it appears to be practically undetectable on the host. Grossman et. al. showed a functional bot implemented entirely in javascript being used to direct its host to scan and penetrate its local network. Ofir Arkin showed methods of bypassing network access control systems. Mandia & Willis gave some interesting talks on the state of incident response and web application incident response complete with war stories. One story had identity data being ransomed by a developer who had secretly coded a backdoor. A second recounted stock trading systems being hijacked, in order to execute buy orders and inflate a stock price, using a session fixation attack. Hoffman gave presentations on AJAX vulnerabilities and web application worms. HD Moore and Dan Moniz discussed the state of the art in cross-site scripting. Ptack & Glodsmith presented a stark picture of risks to servers posed by vulnerabilities in enterprise network and asset management software agents. Zambon & Bolzoni discussed using anomaly detection methods to reduce the false positive rate of intrusion detection systems. Auditing Data Access Without Bringing Your Database To Its Knees - Kimber Spradlin & Dale Brocklehurst Finding and Preventing Cross-site request Forgery - Tom Gallagher Finding Gold in the Browser Cache - Corey Benninger Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design - Greg Hoglund Hardware Virtualization Based Rootkits - Dino Dai Zovi The NetIO Stack: Reinventing TCP/IP in Windows Vista - Abolade Gbadegesin Oracle Rootkits 2.0: The Next Generation - Alexander Kornbrust Physical Memory Forensics - Mariusz Burdach R^2: The Exponential Growth of Rootkit Techniques - Jamie Butler, Nick Petroni & William Arbaugh Rootkits: Attacking Personal Firewalls - Alexander Tereshkin The Speed of (In)security: Analysis of The Speed of Security vs Insecurity - Stefan Frei & Dr. Martin May SQL Injections by Truncation - Bala Neerumalla Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems - Robert Auger http://craigchamberlain.dreamhosters.com/blackhat/ |
DEFCON 2006 Favorites http:/craigchamberlain.dreamhosters.com/defcon X30n presented some penetration scenarios using a blackberry. Martin Rukus discussed mainframe penetration scenarios. Vaughn & Evron presented DNS Amplification Attacks. Michael Rash Demonstrated combining Tor with Single Packet Authorization. Irby Thompson & Mathew Monroe presented a novel method of hiding data in the NTFS filesystem MFT. Abuse & The Global Infection Rate - Rick Wesson Advanced Windows Based Firewall Subversion - Lin0xx Corporate Network Spying - Andrew Whitaker Covert Channels using IPv6/ICMPv6 - R.P. Murphy The Evolving Art of Fuzzing - Jared DeMott Hunting for Metamorphic Engine - Mark Stamp & Wing H. Wong Phishing Tips and Techniques: Tackle, Rigging, and How & When to Phish - Peter Gutmann Trusted Computing - Bruce Potter Visual Log Analysis – The Beauty of Graphs - Raffael Marty Auditing Data Access Without Bringing Your Database To Its Knees - Kimber Spradlin & Dale Brocklehurst Finding and Preventing Cross-site request Forgery - Tom Gallagher Finding Gold in the Browser Cache - Corey Benninger Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design - Greg Hoglund Hardware Virtualization Based Rootkits - Dino Dai Zovi The NetIO Stack: Reinventing TCP/IP in Windows Vista - Abolade Gbadegesin Oracle Rootkits 2.0: The Next Generation - Alexander Kornbrust Physical Memory Forensics - Mariusz Burdach R^2: The Exponential Growth of Rootkit Techniques - Jamie Butler, Nick Petroni & William Arbaugh Rootkits: Attacking Personal Firewalls - Alexander Tereshkin The Speed of (In)security: Analysis of The Speed of Security vs Insecurity - Stefan Frei & Dr. Martin May SQL Injections by Truncation - Bala Neerumalla Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems - Robert Auger http:/craigchamberlain.dreamhosters.com/defcon |