Black Hat USA 2008

/Tag:Black Hat USA 2008

Black Hat USA Posts Carnival

Black Hat USA is over, and I think everyone is still in recovery mode. There were tons of presentations, and here are some posts from various people recapping the event. Once I recover, I will be posting my overall thoughts on the conference as well. Day 1: BlackHat 2008 LiveBlog: Day 1 by Security Monkey [...]

2017-03-12T17:40:23-07:00 August 12th, 2008|Security Conferences|0 Comments

MetaPost Exploitation Notes

Here are my notes from the Black Hat USA 2008 presentation called 'MetaPost Exploitation' by Val Smith and Colin Ames. The MetaPost Exploitation slides are now online, as well as demo movies at If you do any sort of enterprise level penetration testing, you should definitely check it out. Credential Management Wordpad and paper [...]

2017-03-12T17:40:23-07:00 August 10th, 2008|Security Conferences|0 Comments

Profiting From Business Logic Flaws

Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called 'Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws. The Get [...]

2017-03-12T17:40:23-07:00 August 8th, 2008|Security Conferences|0 Comments

Extreme Client Side Exploitation Notes

Here are my notes from the Black Hat USA 2008 presentation called 'The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation' by Nathan McFeters, John Heasman, and Rob Carter. GIFAR Hybrid .gif and .jar file .gif header is in the beginning of the file .jar header is in the end of the file [...]

2017-03-12T17:40:23-07:00 August 7th, 2008|Security Conferences|0 Comments

Dan Kaminsky’s DNS Presentation Carnival

Dan Kaminsky's Black Hat USA presentation was a bit different than what I was expecting, but it was still very interesting. Instead of going into details on the vulnerability, he spent the majority of time identifying the systems that would break if someone were able to manipulate the DNS system. He basically said that once [...]

2017-03-12T17:40:23-07:00 August 7th, 2008|Security Conferences|0 Comments

Black Hat SWAG Bag

This years' SWAG bag for Black Hat USA 2008 is pretty cool. Included in the bag is a Moleskine like notebook, Paypal OTP token, Black Hat pen/highlighter, Black Hat sticker and of course all the presentations from the conference. The shoulder bag is actually useable, which is somewhat rare for conference bags. Thanks Black Hat!

2017-03-12T17:40:25-07:00 August 6th, 2008|Security Conferences|0 Comments

Black Hat USA Goes Social With Twitter

Black Hat has embraced the social networking site Twitter for this year's Black Hat Briefings USA 2008. Follow the official Black Hat USA 2008 account on Twitter and get live updates from the conference. There are also a bunch of "Security Twits" attending this year's event and the best way to track all the chatter [...]

2008-08-05T11:55:30-07:00 August 5th, 2008|Security Conferences|0 Comments

Top 5 Must See Sessions at Black Hat

Black Hat USA is only a few days away, and I think the conference gets bigger each year. There are eight different tracks during the Black Hat Briefings, and many of the presentations sound interesting. Because there are so many choices, we decided to gather our top give picks for sessions you can't afford to [...]

2017-03-12T17:40:25-07:00 August 3rd, 2008|Security Conferences|1 Comment