Black Hat Europe Around The Web

Another great security event has come and gone. Here are a few posts related to the recent Black Hat Europe conference held in Barcelona last April 12 – 15.

Summary posts of the conference activities:

• BlackHat Briefings Day #1
• BlackHat Briefings Day #2
• BlackHat Europe 2010 Conference
• Attending Security Conferences from a Social Point of View

Posts about individual talks during the event

• Steve Ocepek and Wendel Henrique demonstrate a man-in-the-middle attack that will steal credentials by downgrading authentication mechanisms as well as take over existing user sessions.
• Paul Stone released a browser-based point-and-shoot tool for clickjacking.
• Mario Vuksan, Tomislav Pericin and Brian Karney talked about vulnerabilities in various compression formats (ZIP, RAR, 7ZIP, CAB and GZIP), as well as their potential for steganographical use or misuse.
• Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using cryptanalysis.
• Eduardo Vela Nava presents how IE8 can be abused by attackers in order to enable XSS on web sites and web pages that would otherwise be immune to XSS.
• Enno Rey and Daniel Mende demonstrated how to hack into two separate generations of the Cisco Wi-Fi kit.
• Mariano Nunez Di Croce demonstrated techniques for inserting into SAP applications backdoors that provide attackers a way to gain control of them.
• Manish Saindane discussed a technique that could be used to test enterprise applications that make use of JAVA Object Serialization using currently available tools.

New tools released during the event

• Clickjacking Tool – contextis.co.uk
  The tool also has several ‘next-generation’ clickjacking techniques using point-and-click to visually select different elements within a webpage to be targeted.

We’ll keep you posted once the actual presentation files and videos get uploaded to the Black Hat site.