Black Hat Media Archives


Black Hat 2006 Multimedia Archives Quick-link
USA Europe Asia Federal
Europe 2006

Many Black Hat talks are available in audio and video formats. While we reorganize the site to include direct links, please peruse our RSS feed for links to those talks currently online.


Black Hat Japan 2006
Track/Speaker/Topic Presentation (PDFs)
Keynote Presentation - Black Hat Japan 2006

Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency
Change of the Meaning of a Threat and Technology...What has Occurred Now in Japan?

PDF:  Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency Change of the Meaning of a Threat and Technology...What has Occurred Now in Japan?
Speakers - Black Hat Japan 2006

updated materials
Darren Bilby
Low Down and Dirty: Anti-Forensic Rootkits

PDF:  Darren Bilby Low Down and Dirty: Anti-Forensic Rootkits

Paul Böhm
Taming Bugs: The Art and Science of Writing Secure Code

PDF:

Kenneth Geers & Alexander Eisen
IPv6 World Update: Strategy & Tactics

PDF: Kenneth Geers & Alexander Eisen IPv6 World Update: Strategy & Tactics

Jeremiah Grossman
Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous"

PDF: Jeremiah Grossman Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous"

Yuji Hoshizawa
Increasingly-sophisticated Online Swindlers

PDF: Yuji Hoshizawa Increasingly-sophisticated Online Swindlers

updated materials
Heikki Kortti
Input Attack Trees: Death of a Thousand Leaves

PDF: Heikki Kortti Input Attack Trees: Death of a Thousand Leaves

Dan Moniz
Six Degrees of XSSploitation

PDF: Dan Moniz Six Degrees of XSSploitation

Joanna Rutkowska
Subverting Vista Kernel For Fun And Profit

PDF:  Joanna Rutkowska Subverting Vista Kernel For Fun And Profit

Alex Stamos & Zane Lackey
Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

PDF: Alex Stamos & Zane Lackey Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

Scott Stender
Attacking Internationalized Software

PDF:  Scott Stender Attacking Internationalized Software

updated materialsTakayuki Sugiura
Winny P2P Security

PDF: Takayuki Sugiura Winny P2P Security

Georg Wicherski & Thorsten Holz
Catching Malware to Detect, Track and Mitigate Botnets

PDF:  Georg Wicherski & Thorsten Holz Catching Malware to Detect, Track and Mitigate Botnets


Black Hat USA 2006
Track/Speaker/Topic Presentation (PDFs)
Keynote Presentation - Black Hat USA 2006

Dan Larkin, Unit Chief, Internet Crime Complaint Center, Federal Bureau of Investigation
Keynote: Fighting Organized Cyber Crime – War Stories and Trends


Speakers - Black Hat USA 2006

Noel Anderson & Taroon Mandhana
WiFi in Windows Vista: A Peek Inside the Kimono


Ofir Arkin
Bypassing Network Access Control (NAC) Systems

PDF: Ofir Arkin, Bypassing Network Access Control (NAC) Systems

Robert Auger & Caleb Sima
Zero Day Subscriptions: Using RSS and Atom Feeds as Attack Delivery Systems


Tod Beardsley
Investigating Evil Websites with Monkeyspaw: The Greasemonkey Security Professional's Automated Webthinger

PDF:

Corey Benninger
Finding Gold in the Browser Cache

PDF:

Renaud Bidou
IPS Shortcomings

PDF:

Daniel Bilar
Automated Malware Classification/Analysis Though Network Theory and Statistics

PDF:

updated materials

Paul Böhm
Taming Bugs: The Art and Science of Writing Secure Code

PDF:

Mariusz Burdach
Physical Memory Forensics

PDF:

Jesse Burns
Fuzzing Selected Win32 Interprocess Communication Mechanisms

PDF:

Jamie Butler, Nick Petroni & William Arbaugh
R^2: The Exponential Growth of Rootkit Techniques

PDF:

johnny cache & David Maynor
Device Drivers

PDF:

Brian Caswell & HD Moore
Thermoptic Camoflauge: Total IDS Evasion

PDF:

Andrew Cushman
Microsoft Security Fundamentals: Engineering, Response and Outreach

PDF:

Himanshu Dwivedi
I’m going to shoot the next person who says VLANs

PDF:

Charles Edge
Attacking Apple’s Xsan

PDF:

Dino Dai Zovi
Hardware Virtualization Based Rootkits

PDF:

Shawn Embleton, Sherri Sparks & Ryan Cunningham
Sidewinder: An Evolutionary Guidance System for Malicious Input Crafting

PDF:

David Endler & Mark Collier
Hacking VoIP Exposed

PDF:

Chris Eng
Breaking Crypto Without Keys: Analyzing Data in Web Applications

PDF:

FX
Analysing Complex Systems: the BlackBerry Case

PDF:

Yuan Fan & Xiao Rong
MatriXay—When WebApp&Database Security Pen-Test/Audit Is a Joy

PDF:

Pete Finnigan
How to Unwrap Oracle PL/SQL

PDF:

Nicolas Fischbach
Carrier VoIP Security

PDF:

Halvar Flake
RE 2006: New Challenges Need Changing Tools


Rob Franco
Case Study: The Secure Development Lifecycle and Internet Explorer 7


Stefan Frei & Dr. Martin May
The Speed of (In)security: Analysis of The Speed of Security vs Insecurity

PDF:

Tom Gallagher
Finding and Preventing Cross-site request Forgery

PDF:

Abolade Gbadegesin
The NetIO Stack: Reinventing TCP/IP in Windows Vista

PDF:

Jeremiah Grossman & TC Niedzialkowski
Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous"

PDF:

Lukas Grunwald
New Attack RFID-systems and Their Middleware and Backends

PDF:

Zvi Gutterman
Open to Attack: Vulnerabilities of the Linux Random Number Generator

PDF:

Billy Hoffman
AJAX (in)security

PDF:

Billy Hoffman
Analysis of Web Application Worms and Viruses

PDF:

Greg Hoglund
Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design


David Hulton & Dan Moniz
Faster Pwning Assured: Hardware Hacks and Cracks with FPGAs

PDF:

Dan Kaminsky
Black Ops 2006


William Kimball
Code Integration-Based Vulnerability Auditing

PDF:

Alexander Kornbrust
Oracle Rootkits 2.0: The Next Generation

PDF:

Dr. Neal Krawetz
You Are What You Type: Non-Classical Computer Forensics

PDF:

John Lambert
Security Engineering in Windows Vista

PDF:

Johnny Long
Death by 1000 Cuts


Johnny Long
Hacking, Hollywood Style


Kevin Mandia
The State of Incidence Response

PDF:

Adrian Marinescu
Windows Vista Heap Management Enhancements– Security, Reliability and Performance

PDF:

updated materials

Claudio Merloni & Luca Carettoni
The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device

PDF:

Doug Mohney
Defending Against Social Engineering with Voice Analytics

PDF:

Dan Moniz & HD Moore
Six Degrees of XSSploitation


HD Moore
Metasploit Reloaded

PDF:

updated materials

Marco Morana
Building Security into the Software LifeCycle, A Business Case

PDF:

Maik Morgenstern & Tom Brosch
Runtime Packers: The Hidden Problem?

PDF:

updated materials

Shawn Moyer
Defending Black Box Web Applications: Building an Open Source Web Security Gateway

PDF:

Bala Neerumalla
SQL Injections by Truncation

PDF:

Brendan O'Connor
Vulnerabilities in Not-So Embedded Systems

PDF:

Bruce Potter
Bluetooth Defense Kit

PDF:

Bruce Potter
The Trusted Computing Revolution

PDF:

Tom Ptacek & Dave Goldsmith
Do Enterprise Management Applications Dream of Electric Sheep?

PDF:

Jeremy Rauch
PDB: The Protocol DeBugger

PDF:

Melanie Rieback
RFID Malware Demystified

PDF:

Joanna Rutkowska
Subverting Vista Kernel For Fun And Profit

PDF:

Hendrik Scholz
SIP Stack Fingerprinting and Stack Difference Attacks

PDF:

SensePost
A Tale of Two Proxies


Saumil Shah
Writing Metasploit Plugins - From Vulnerability to Exploit


Jay Schulman
Phishing with Asterisk PBX

PDF:

Peter Silberman & Jamie Butler
RAIDE: Rootkit Analysis Identification Elimination v1.0

PDF:

Paul Simmonds, Henry Teng, Bob West & Justin Somaini
Jericho Forum and Challenge


Alexander Sotirov
Hotpatching and the Rise of Third-Party Patches

PDF:

Kimber Spradlin & Dale Brocklehurst
Auditing Data Access Without Bringing Your Database To Its Knees

PDF:

Jonathan Squire
$30, 30 minutes, 30 networks (Project Cowbird)

PDF:

Alex Stamos & Zane Lackey
Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0


Scott Stender
Attacking Internationalized Software

PDF:

Michael Sutton & Greg MacManus
Punk Ode: Hiding Shellcode In Plain Sight

PDF:

Alexander Tereshkin
Rootkits: Attacking Personal Firewalls

PDF:

Philip Trainor
The Statue of Liberty: Utilizing Active Honeypots for Hosting Potentially Malicious Events

PDF:

Franck Veysset & Laurent Butti
Wi-Fi Advanced Stealth

PDF:

Jeff Waldron
VOIP Security Essentials

PDF:

Chuck Willis & Rohyt Belani
Web Application Incident Response & Forensics: A Whole New Ball Game!

PDF:

Emmanuelle Zambon & Damiano Bolzoni
NIDS: False Positive Reduction Through Anomaly Detection

PDF:

Stefano Zanero
Host Based Anomaly Detection on System Call Arguments

PDF:

Panels: Black Hat USA 2006

Center for Democracy and Technology Anti-Spyware Coalition Public Forum on Corporate Spyware Threats
Ari Schwartz, Ron Davidson, Gerhard Eschelbeck, John Heasman, Dan Kaminsky, Andre Gold, Phil Harris, Drew Maness, Eileen Harrington, Jerry Dixon


Disclosure (Public)
Jeff Moss, Paul Proctor, David Mortman, John Stewart, Derrick Scholl, Michael Sutton, Raven, Tom Ptacek, Pamela Fusco, Scott Blake, Jerry Dixon


Hacker Court
Panel


Meet the Feds: OODA Loop and the Science of Security
Jason Beckett, Ovie Carroll, James Christy, Andy Fried, Mike Jacobs, Ken Privette, Keith Rhodes, Dave Thomas, Bob Hopper, Hilary Stanhope, Tim Fowler



Black Hat Europe 2006
Track/Speaker/Topic Presentation (PDFs) Notes/Tools
Keynote Presentation - Black Hat Europe 2006

Welcome by Jeff Moss, Founder & CEO, Black Hat and

Eric Litt, Chief Information Security Officer, General Motors
Stuck in the Middle



Speakers - Black Hat Europe 2006

updated materials
Philippe Biondi, & Fabrice Desclaux
Silver Needle in the Skype

PDF: Philippe Biondi, & Fabrice Desclaux, Silver Needle in the Skype

Shalom Carmel
IBM iSeries For Penetration Testers: Bypass Restrictions and Take Over Server

PDF: Shalom Carmel, IBM iSeries For Penetration Testers: Bypass Restrictions and Take Over Server

ZIP: Shalom Carmel, IBM iSeries For Penetration Testers: Bypass Restrictions and Take Over Server
resources

updated materials
Cesar Cerrudo
WLSI - Windows Local Shellcode Injection

PDF: Cesar Cerrudo, WLSI - Windows Local Shellcode Injection

ZIP: Cesar Cerrudo, WLSI - Windows Local Shellcode Injection
exploits

Tzi-cker Chiueh
How to Automatically Sandbox IIS With Zero False Positive and Negative

PDF: Tzi-cker Chiueh, How to Automatically Sandbox IIS With Zero False Positive and Negative

PDF: Tzi-cker Chiueh, How to Automatically Sandbox IIS With Zero False Positive and Negative
white paper

Gregory Conti
Malware Cinema: A Picture is Worth a Thousand Packets

PDF: Drew Copley, Angel Recon System (ARS) Prototype: Heuristic Vulnerability Analysis and Attack


resources

Bryan Cunningham & Amanda Hubbard
Separated By A Common Goal—Emerging EU and US Information Security and Privacy Law: Allies or Adversaries?
PDF: Bryan Cunningham & Amanda Hubbard, Separated By A Common Goal—Emerging EU and US Information Security and Privacy Law: Allies or Adversaries?

PDF: Drew Copley, Angel Recon System (ARS) Prototype: Heuristic Vulnerability Analysis and Attack
bibliography

Arian J. Evans, Daniel Thompson & Mark Belles
Project Paraegis Round 2: Using Razorwire HTTP proxy to strengthen webapp session handling and reduce attack surface
PDF: Arian J. Evans, Daniel Thompson & Mark Belles, Project Paraegis Round 2: Using Razorwire HTTP proxy to strengthen webapp session handling and reduce attack surface
FX
Analysing Complex Systems: The BlackBerry Case
PDF: FX, Analysing Complex Systems: The BlackBerry Case

Halvar Flake
Attacks on Uninitialized Local Variables

PDF: Halvar Flake, Attacks on Uninitialized Local Variables

John Heasman
Implementing and Detecting An ACPI BIOS Rootkit

PDF: John Heasman, Implementing and Detecting An ACPI BIOS Rootkit

Barnaby Jack
Exploiting Embedded Systems

PDF: Barnaby Jack, Exploiting Embedded Systems


updated materials
Mikko Kiviharju
Hacking fingerprint Scanners - Why Microsoft's Fingerprint Reader Is Not a Security Feature

PDF: Mikko Kiviharju, Hacking fingerprint Scanners - Why Microsoft's Fingerprint Reader Is Not a Security Feature


resources

Adam Laurie, Martin Herfurt, & Marcel Holtmann
Bluetooth Hacking - The State of The Art



Johnny Long
Death of a Thousand Cuts- Finding Evidence Everywhere!



Johnny Long
Hacking, Hollywood Style



Steve Manzuik and Andre Protas
Skeletons in Microsoft's Closet - Silently Fixed Vulnerabilities

PDF: Steve Manzuik and Andre Protas, Skeletons in Microsoft's Closet - Silently Fixed Vulnerabilities

updated materials
Jarno Niemelä
Combatting Symbian Malware

PDF: Jarno Niemelä, Combatting Symbian Malware

PDF: Whitepaper, Jarno Niemelä, Combatting Symbian Malware
white paper

Gunter Ollmann
Stopping Automated Application Attack Tools

PDF: Gunter Ollmann, Stopping Automated Application Attack Tools
updated materials
Enno Rey
MPLS and VPLS Security
PDF: Enno Rey, MPLS and VPLS Security

Joanna Rutkowska
Rootkit Hunting vs. Compromise Detection

PDF: Joanna Rutkowska, Rootkit Hunting vs. Compromise Detection
Peter Silberman & Jamie Butler
RAIDE: Rootkit Analysis Identification Elimination
PDF: Peter Silberman & Jamie Butler, RAIDE: Rootkit Analysis Identification Elimination

spoonm & skape
Beyond EIP

PDF: spoonm & skape, Beyond EIP

updated materials
Alex Wheeler, Mark Dowd, & Neel Mehta
The Science of Code Auditing

PDF: Alex Wheeler, Mark Dowd, & Neel Mehta, The Science of Code Auditing

Stefano Zanero
Anomaly Detection Through System Call Argument Analysis

PDF: Stefano Zanero, My IDS is better than yours. Or is it?


Black Hat Federal 2006
Track/Speaker/Topic Presentation (PDFs) Notes/Tools
Keynote Presentation - Black Hat Federal 2006

Welcome by Jeff Moss, Founder & CEO, Black Hat

Dr. Linton Wells II, Principal Deputy Assistant Secretary of Defense (Networks and Information Integration)
Security Research and Vulnerability Disclosure



Speakers - Black Hat Federal 2006

David Aitel
Nematodes

PDF: David Aitel, Nematodes

updated materials
Mariusz Burdach
Finding Digital Evidence in Physical Memory

PDF: Mariusz Burdach, Finding Digital Evidence in Physical Memory


tools & docs

updated materials
Max Caceres
Client Side Penetration Testing

PDF: Max Caceres, Client Side Penetration Testing

Tzi-cker Chiueh
How to Automatically Sandbox IIS With Zero False Positive and Negative

PDF: Tzi-cker Chiueh, How to Automatically Sandbox IIS With Zero False Positive and Negative

Drew Copley
Angel Recon System (ARS) Prototype: Heuristic Vulnerability Analysis and Attack

PDF: Drew Copley, Angel Recon System (ARS) Prototype: Heuristic Vulnerability Analysis and Attack


tools

Halvar Flake
Attacks on Uninitialized Local Variables

PDF: Halvar Flake, Attacks on Uninitialized Local Variables

Simson L. Garfinkel
New Directions in Disk Forensics

PDF: Simson L. Garfinkel New Directions in Disk Forensics

John Heasman
Implementing and Detecting An ACPI BIOS Rootkit

PDF: John Heasman, Implementing and Detecting An ACPI BIOS Rootkit

updated materials
Billy Hoffman
Analysis of Web Application Worms and Viruses

PDF: Billy Hoffman, Analysis of Web Application Worms and Viruses


code

Dan Kaminsky
Network Black Ops: Extracting Unexpected Functionality from Existing Networks

PDF: Dan Kaminsky, Network Black Ops: Extracting Unexpected Functionality from Existing Networks

Arun Lakhotia
Analysis of Adversarial Code: Problem, Challenges, Results

PDF: Arun Lakhotia, Analysis of Adversarial Code: Problem, Challenges, Results

David Litchfield
Breakable



Kevin Mandia
Foreign Attacks on Corporate America  (How the Federal Government can apply lessons learned from the private sector)

PDF: Kevin Mandia, Foreign Attacks on Corporate America  (How the Federal Government can apply lessons learned from the private sector)

updated materials
David Maynor & Robert Graham
SCADA Security and Terrorism: We're Not Crying Wolf!

PDF: David Maynor & Robert Graham, SCADA Security and Terrorism: We're Not Crying Wolf!

Jarno Niemelä
Combatting Symbian Malware

PDF: Jarno Niemelä, Combatting Symbian Malware PDF: Whitepaper, Jarno Niemelä, Combatting Symbian Malware

updated materials
Tom Parker & Matthew G. Devost
The Era of a Zero-Day Nation-State: Characterising the real threats to our nation’s critical information systems

PDF: Tom Parker & Matthew G. Devost, The Era of a Zero-Day Nation-State: Characterising the real threats to our nation’s critical information systems

updated materials
Joanna Rutkowska
Rootkit Hunting vs. Compromise Detection

PDF: Joanna Rutkowska, Rootkit Hunting vs. Compromise Detection

updated materials
Marc Schoenefeld
Pentesting J2EE

PDF: Marc Schoenefeld, Pentesting J2EE

spoonm & skape
Beyond EIP

PDF: spoonm & skape, Beyond EIP

Paul Syverson & Lasse Øverlier
Playing Server Hide and Seek on the Tor Anonymity Network

PDF: Paul Syverson & Lasse Øverlier, Playing Server Hide and Seek on the Tor Anonymity Network

updated materials
Irby Thompson & Mathew Monroe
FragFS: An Advanced NTFS Data Hiding Technique

PDF: Irby Thompson, FragFS: An Advanced NTFS Data Hiding Technique


tool

Stefano Zanero
My IDS is better than yours. Or is it?

PDF: Stefano Zanero, My IDS is better than yours. Or is it?


Media Server Hosted By:

Complex Drive

Complex Drive - Reliable, Secure, and Responsive Business Internet


Black Hat Logo
(c) 1996-2007 Black Hat