Black Hat USA 2008 Webcast No. 1 – The Forbidden Sneak Peek

[ad_1]

The Forbidden Sneak Peek – Black Hat USA 2008

Thursday, June 26 1:00 pm PST/4:00 pm ET • FREE

Speakers: Jeff Moss, Bruce Potter, Fyodor Vaskovich, Shawn Moyer,
Nathan Hamiel, Nathan McFeters, John Heasman, Rob Carter,
Steve Reavey, Katie Moussouris, Steve Adegbite

Overview:

Please join Black Hat Founder and Director Jeff Moss and several of this year’s USA speakers for our very first Black Hat Webcast.

We plan for this webcast to be the first in a year-round series of online presentations that allow our speakers to present breaking
research between shows and provide the Black Hat community with another stream of fresh, relevant, and usable security knowledge from
the speakers and trainers you’ve come to trust.

During this inaugural webcast, Jeff Moss will provide an overview of prevailing security trends and
technologies and will be joined by several of the world’s leading security minds who will each provide a
brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in August. Here’s
a small glimpse into the future:

Malware Detection Through Flow Analysis

by Bruce Potter

Over the last several years, we’ve seen a decrease in effectiveness of “classical” security tools. The nature
of the present day attacks is very different from what the security community has been used to in the past.
Rather than wide-spread worms and viruses that cause general havoc, attackers are directly targeting their
victims in order to achieve monetary or military gain. These attacks are blowing right past firewalls and anti-virus
and placing malware deep in the enterprise. Ideally, we could fix this problem at its roots; fixing the software that
is making us vulnerable. Unfortunately that’s going to take a while, and in the interim security engineers and
operators need new, advanced tools that allow deeper visibility into systems and networks while being easy and
efficient to use.

Bruce Potter

Bruce Potter is the founder of the Shmoo Group which is made up of security, crypto, and
privacy professionals. He is also the co-founder and CTO of Ponte Technologies, a company focused on developing
and deploying advanced IT defensive technologies. His areas of expertise include wireless security, network
analysis, trusted computing, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several
books including “802.11 Security” and “Mastering FreeBSD and OpenBSD Security” published by
O’Reilly and “Mac OS X Security” by New Riders.

Nmap – Scanning the Internet

by Fyodor Vaskovich

Nmap was built to efficiently scan large networks, but we have lately taken this to a new level with
massive scans of the IPv4 Internet. We hope to finish scanning a significant portion of the Internet
(if not the whole thing) in time for Black Hat as part of our Worldscan project. Nmap author Fyodor
will present our most interesting findings and empirical statistics from these scans, along with
practical advice for improving your own scan performance. Additional topics include detecting and
subverting firewall and intrusion detection systems, dealing with quirky network configurations,
and advanced host discovery and port scanning techniques. A quick overview of new Nmap features
will also be provided.

Fyodor Vaskovich

Fyodor (known to his family as Gordon Lyon) authored the open source Nmap
Security Scanner in 1997 and continues to coordinate its development. He also
maintains the Insecure.Org, Nmap.Org, SecLists.Org, and SecTools.Org security
resource sites and has authored seminal papers on stealth port scanning, remote
operating system detection, version detection, and the IPID Idle Scan. He is a
founding member of the Honeynet project and co-author of the books “Know Your
Enemy:Honeynets” and “Stealing the Network:How to Own a Continent”. His newest
book, Nmap Network Scanning, is due for release this year. Fyodor is President
of Computer Professionals for Social Responsibility (CPSR), which has been
promoting free speech, privacy, and useful technology since 1981.

Satan is on My Friends List: Attacking Social Networks

by Shawn Moyer and Nathan Hamiel

Social Networking is shaping up to be the perfect storm. An implicit trust of those in ones network or social circle,
a willingness to share information, little or no validation of identity, the ability to run arbitrary code (in
the case of user-created apps) with minimal review, and a tag soup of client-side user-generated HTML. Yikes.

But enough about pwning the kid from homeroom who copied your calc homework. With the rise of business social
networking sites, there are now thousands of public profiles with real names and titles of people working for major
banks, the defense and aerospace industry, federal agencies, the US Senate… A target-rich and trusting environment
for custom-tailored, laser-focused attacks.

Shawn Moyer and Nathan Hamiel

Shawn Moyer is CISO of Agura Digital Security, a web and network security
consultancy. He has led security projects for major multinational corporations
and the federal government, written for Information Security magazine, and
spoken previously at BH and other conferences.

Shawn is currently working on a slash fanfic adaptation of 2001:A Space Odyssey, told from the
perspective of Hal9000. He only accepts friend requests on Facebook if they
include a DNA sample and a scanned copy of a valid driver’s license or passport.

Nathan Hamiel is a Senior Consultant for Idea
Information Security and the founder of the Hexagon Security Group. He is also
an Associate Professor at the University of Advancing Technology. Nathan has
previously presented at numerous other conferences including DefCon, Shmoocon,
Toorcon, and HOPE.

Natahan spent much of DefCon 15 without shoes
and is planning ahead this year with a defense-in-depth approach that includes
failover footwear. He has 1,936 people in his extended network, and finds that
disturbing on a number of levels.

The Internet is Broken: Beyond Document.Cookie – Extreme Client Side Exploitation

Nathan McFeters, John Heasman, Rob Carter

The dangers of client-side threats such as XSS and CSRF are well understood in the context of vulnerable web applications.
Furthermore, the dangers of malicious script as a vehicle for exploiting browsers flaws and reconnoitering the Intranet
have been discussed at length. Now what if XSS and CSRF could be leveraged to directly to compromise the host… by design?

Nathan McFeters is a Senior Security Advisor for Ernst & Young’s Advanced Security Center (ASC) and is currently serving
in a Security Evangelist role for the ASC based out of Chicago, IL. Nathan has performed web application, deep source
code, Internet, Intranet, wireless, dial-up, and social engineering engagements for several clients in the Fortune 500
during his career at Ernst & Young.

John Heasman is the VP of Research for the US arm of NGS Software, a UK-based company with
offices in Seattle. NGS carries out sophisticated security assessments for the world’s leading software vendors and
financial institutions.

Rob Carter is a Security Advisor for Ernst & Young’s Advanced Security Center in Houston,
TX. He has performed web application, internet, intranet, social engineering and wireless penetration tests for multiple
Fortune 500 clients. Rob’s primary area of interest is in web application security research and tool development.

Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World

Has Microsoft lost its mind??!! Yes and no! Three top security dudes (one technically being a dudette) at Microsoft have come up with three new programs that will change the face of the vulnerability industry.

Mike Reavey – as group manager of the Microsoft Security Response Center (MSRC) at Microsoft Corp.,
Mike Reavey works with security teams to proactively identify and communicate critical software vulnerabilities to customers. Building
on Microsoft’s commitment to Trustworthy Computing,

Steve Adegbite aka Capn Steve Adegbite is a Senior Security Strategist in the MSRC Security
Ecosystem Strategy Team, working in the group that is responsible for securing current and future Microsoft products.

Katie Moussouris is a Security Strategist in the MSRC Security Ecosystem Strategy Team,
working in the group that is responsible for securing current and future Microsoft products.

Webcast Sponsor

Microsoft Corporation

[ad_2]

Source link

Geef een reactie

Je e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *