Black Hat USA is over, and I think everyone is still in recovery mode. There were tons of presentations, and here are some posts from various people recapping the event. Once I recover, I will be posting my overall thoughts on the conference as well. Day 1: BlackHat 2008 LiveBlog: Day 1 by Security Monkey [...]
Michael Boman is hosting the Black Hat USA 2008 presentations on his site. Here is a direct link to the Black Hat USA 2008 zip file, with a file size of 198,756,461 bytes, and a MD5 of a5551435ccce85d3fb26b90bc899c080. Thanks Michael!
Here are my notes from the Black Hat USA 2008 presentation called 'MetaPost Exploitation' by Val Smith and Colin Ames. The MetaPost Exploitation slides are now online, as well as demo movies at offensivecomputing.net. If you do any sort of enterprise level penetration testing, you should definitely check it out. Credential Management Wordpad and paper [...]
Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called 'Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws. The Get [...]
Here are my notes from the Black Hat USA 2008 presentation called 'The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation' by Nathan McFeters, John Heasman, and Rob Carter. GIFAR Hybrid .gif and .jar file .gif header is in the beginning of the file .jar header is in the end of the file [...]
Dan Kaminsky's Black Hat USA presentation was a bit different than what I was expecting, but it was still very interesting. Instead of going into details on the vulnerability, he spent the majority of time identifying the systems that would break if someone were able to manipulate the DNS system. He basically said that once [...]
Vendor parties during Black Hat USA is always interesting, because the conference is in Las Vegas. Here is a list of vendors that I know of that are throwing parties this year at Black Hat USA 2008. Tuesday, August 5th Qualys Fortify Wednesday, August 6th Arbor Networks MANDIANT WASC / OWASP Thursday, August 7th Accuvant [...]
This years' SWAG bag for Black Hat USA 2008 is pretty cool. Included in the bag is a Moleskine like notebook, Paypal OTP token, Black Hat pen/highlighter, Black Hat sticker and of course all the presentations from the conference. The shoulder bag is actually useable, which is somewhat rare for conference bags. Thanks Black Hat!
Black Hat has embraced the social networking site Twitter for this year's Black Hat Briefings USA 2008. Follow the official Black Hat USA 2008 account on Twitter and get live updates from the conference. There are also a bunch of "Security Twits" attending this year's event and the best way to track all the chatter [...]
Black Hat USA is only a few days away, and I think the conference gets bigger each year. There are eight different tracks during the Black Hat Briefings, and many of the presentations sound interesting. Because there are so many choices, we decided to gather our top give picks for sessions you can't afford to [...]