Targeted VoIP Eavesdropping: An Attack From Within

• VoIP Hopper
• X Test
• UC Sniffer
• ACE – Automated Corporate Enumerator

One XSS To Rule The Enterprise

• Squirtle

Active Fingerprinting of 802.11 APs

• BAFFLE

RFD (Remote File Downloading) using Blind Techniques

• Marathon Tool
• BSQL Hacker

Hacking SharePoint

• MossRegExSearch

Breaking UNIX crypt() on the PlayStation 3

• cell-bf

Owning telephone entry systems (aka why you shouldn’t sleep so well)

• opwn_sesame

Ultimate Script Deobfuscation: Browser Hooking version simulation

• The Ultimate Deobfuscator – Not a actual tool release, but they talk about the process of how it was built. Still very useful information.

And for those that missed the presentations, the slides can be available from an earlier post – ToorCon X Presentations.

• Workshop on the Analysis of System Logs – December 7 in San Diego
• SC World Congress – December 9-10 in New York

And here is the list of information security events around the world:

• ClubHack2008 – December 6-7 in India
• European Conference on Computer Network Defense – December 11-12 in Ireland
• International Conference on Information Security and Cryptology – December 14-17 in China
• 25th Chaos Communication Congress – December 27-30 in Germany

One day I will get out to a CCC event as I hear they are amazing.

The folks over at Linux devices goes over more features of the product, and they also have some screenshots of the web interface. Yoggie has the SDK for both products available on their Yoggie Developers page.

Day 1 – General Sessions

• Jon DeVaan Keynote
• Iftach Amit interview on Crimeware Behind the Scenes
• Reolof Temmingh interview on Investigating Individuals and Organizations Using Open Source Intelligence
• Dan Kaminsky interview on Black Ops 2008
• Gareth Heyes, Eduardo Vela Nava, and David Lindsay interview on CSS: The Sexy Assassin
• Richard Johnson interview on Visualizing Software Security
• Ian Hellen interview on Probing the Far Corners of Windows – Using Code Characteristics to Find Security Bugs

Day 2 – SDL Sessions

• Scott Charney Keynote
• Danny Dhillon interview on his presentation called Threat Modeling @EMC
• Adam Shostack interview on his presentation called Counterpoint: Threat Modeling @Microsoft
• Matt Miller interview on his presentation called Mitigations Unplugged
• Scott Stender and Alex Vidergar interview on their presentation called Concurrency Attacks on Web Applications
• Dave Weinstein and Jason Shirk interview on their presentation called Fuzzed Enough? When It’s OK to Put the Shears Down
• Vinnie Liu interview on his presentation called Real World Code Review – Using the Right Tools in the Right Place at the Right Time

A few people blogged about the BlueHat conference as well. Robert at cgisecurity went over some tools that were discussed at the conference in a post called My Trip To Microsoft’s Bluehat Conference. Gareth Heyes talks about his BlueHat experiences, and Mike Andrews has a great BlueHat summary post.

Keynote address

• The AV industry: quo vadis? by Alex Eckelberry

Corporate stream

• The malware business by David Emm
• Stormy weather: a quantitative assessment of the Storm web threat in 2007 by Anthony Arrott
• Intentions of capitalistic malware by Gunter Ollmann and Holly Stewart
• Affiliate web-based malware by Paul Baccas
• Life beyond outbreaks. Marketing in today’s threat environment by Jeff Aboud
• How secure is your virtualised network? by Gunter Ollmann (on behalf of Joshua Corman)
• Network Access Control technologies by Benjamin Czarny
• Effective open-source spam filtering for enterprise by Chris Lewis
• Playing with shadows - exposing the black market for online game password theft by Chun Feng
• A look at defence in depth: the re-evaluation by Kenneth Bechtel

Technical stream

• Towards integrated malware defence by Morton Swimmer
• Your computer is now stoned (…again!). The rise of the MBR rootkit by Kimmo Kasslin
• When the hammer falls - effects of successful widespread disinfection on malware development and direction by Matt McCormack
• Applying user-mode memory scanning on Windows NT by Eric Kumar
• A fast randomness test that preserves local detail by Tim Ebringer and Li Sun
• Graphs, entropy and grid computing: automatic comparison of malware by Ismael Briones
• The robustness of new email identification standards by Patrik Ostrihon and Reza Rajabiun
• Coordinated distributions method for tracking botnets sending out spam by Andrey Bakhmutov
• Malware forensics: detecting the unknown by Martin Overton
• Using game theory to assess the strength of an AV system against evolving offences by Andrew Walenstein and Arun Lakhotia
• Rebuilding anti-malware testing for the future by Igor Muttik
• Samples.malware.org: sample sharing for the next decade by Richard Ford and William Allen
• Clean data profiling by Bartlomiej Uscilowski and Julie Weber

‘Last-minute’ technical papers

• Race to zero with online scanners by Boris Lau
• Apple iPhone SDK programming by Marius van Oers
• Recent rogueware by Kurt Baumgartner
• URL check: Malware and phishing URLs aggregator by Sorin Mustaca

Discussion forum

• Security in banking

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The full report is 150 pages, and covers data collected from January through June of 2008. There is also an executive summary and key findings summary for individual download.

Vinny Gullotto, Paul Cooke, Sandi, and Brian Krebs all posted their thoughts on the Microsoft report.

• Black Ops of DNS 2008: Its The End Of The Cache As We Know It (Keynote) by Dan Kaminsky
• New reverse engineering technique using API hooking and sysenter hooking, and capturing of cash card access by Kenji Aiko
• Understanding Targeted Attacks with Office Documents by Bruce Dang
• Get Rich or Die Trying: "Making Money on The Web, The Black Hat Way" by Arian Evans
• Cyberspace and the Changing Nature of Warfare by Kenneth Geers
• Attacking with Character Encoding for Profit and Fun by Yosuke Hasegawa
• "FFR EXCALOC" - Exploitability Calculator Based on Compiler Analysis by Toshiaki Ishiyama
• Threat Gallery of Japanese Landscape by Hiroshi Kawaguchi
• The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation by Nathan McFeters
• Owning the Fanboys: Hacking Mac OSX by Charlie Miller
• Satan is on My Friends List: SNS Survey by Shawn Moyer and Nathan Hamiel
• Exploiting Symbian OS in mobile devices by Collin Mulliner
• A Hypervisor IPS based on Hardware Assisted Virtualization Technology by Junichi Murakami
• Disclosing Secret Algorithms from Hardware by Karsten Nohl
• ePassports Reloaded by Jeroen van Beek

The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked into opening a rigged PDF file.

The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the “util.printf()” JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.

A specifically crafted PDF file that embeds JavaScript code to manipulate the program’s memory allocation pattern and trigger the vulnerability can allow an attacker to execute arbitrary code with the privileges of a user running the Adobe Reader application.

If, for some reason, you can’t upgrade to the latest version, Core says a possible workaround for this vulnerability is to disable JavaScript in Adobe Reader and Acrobat (in the software’s Edit/Preferences menu). Disabling JavaScript will prevent the issue, although it will also prevent many basic Acrobat and Reader workflows from properly functioning.