Black Hat Media Archives


Black Hat 2007 Multimedia Archives Quick-link
USA Europe Asia DC
Europe 2007
Asia 2007


Black Hat USA 2007
Track/Speaker/Topic Presentation (PDFs) White Paper/
Notes/Tools
Audio/Video
(not yet available)
Keynote Presentation - Black Hat USA 2007
Richard Clarke
A Story About Digital Security in 2017


Tony Sager
The NSA Information Assurance Directorate and the National Security Community
 

 
 
Bruce Schneier
The Psychology of Security

 
Bruce Schneier: The Psychology of Security  
Speakers - Black Hat USA 2007

Jonathan Afek
Dangling Pointer

Presentation:  Jonathan Afek - Dangling Pointer White Paper: Presentation:  Jonathan Afek - Dangling Pointer  
updated materials

Pedram Amini & Aaron Portnoy
Fuzzing Sucks! (or Fuzz it Like you Mean it!)

Presentation White Paper: Pedram Amini & Aaron Portnoy - Fuzzing Sucks! (or Fuzz it Like you Mean it!)
updated materials

Brandon Baker
Kick Ass Hypervisoring: Windows Server Virtualization

White Paper:

Architecture

ZIP:

Security

   

Andrea Barisani & Daniele Bianco
Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

Presentation: Andrea Barisani & Daniele Bianco - Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation
White Paper: Andrea Barisani & Daniele Bianco - Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

White Paper

ZIP: Andrea Barisani & Daniele Bianco - Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

.avis

 

Rohyt Belani & Keith Jones
Smoke 'em Out!

Presentation: White Paper:

Damiano Bolzoni & Emmanuel Zambon
Sphinx: An Anomaly-based Web Intrusion Detection System

Presentation: White Paper:  
updated materials

Yuriy Bulygin
Remote and Local Exploitation of Network Drivers

Presentation: White Paper:  

Jamie Butler & Kris Kendall
Blackout: What Really Happened...

Presentation:    
updated materials

David Byrne
Intranet Invasion With Anti-DNS Pinning

Presentation: White Paper:  

Jon Callas, Raven Alder, Riccardo Bettati & Nick Mathewson
Traffic Analysis—The Most Powerful and Least Understood Attack Methods

Presentation:    
updated materials

Ero Carrera
Reverse Engineering Automation with Python

White Paper:    

Stephan Chenette & Moti Joseph
Defeating Web Browser Heap Spray Attacks

Presentation:    
updated materials

Brian Chess, Jacob West, Sean Fay & Toshinari Kureha
Iron Chef Blackhat

Presentation: 1, 2 White Paper:  
updated materials

Steve Christey
Unforgivable Vulnerabilities

Presentation: White Paper:  

Robert W. Clark
Computer and Internet Security Law—A Year in Review 2006–2007

Presentation:    

David Coffey & John Viega
Building an Effective Application Security Practice on a Shoestring Budget

Presentation: White Paper:  
updated materials

Job De Haas
Side Channel Attacks (DPA) and Countermeasures for Embedded Systems

Presentation:    
updated materials

Mark Ryan del Moral Talabis
The Security Analytics Project: Alternatives in Analysis

Presentation: White Paper: White Paper:

Barrie Dempster
VoIP Security: Methodology and Results

Presentation: White Paper:  
updated materials

Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing

Presentation: White Paper:  

Rohit Dhamankar & Rob King
PISA: Protocol Identification via Statistical Analysis

Presentation: White Paper:  

Roger Dingledine
Tor and Blocking-resistance

Presentation:    
updated materials

Mark Dowd, John McDonald, Neel Mehta
Breaking C++ Applications

  White Paper:  

Himanshu Dwivedi & Zane Lackey
Something Old (H.323), Something New (IAX), Something Hollow (Security), and Something Blue (VoIP Administrators)

Presentation: White Paper:  
updated materials

Joel Eriksson, Christer Öberg, Claes Nyberg & Karl Janmar
Kernel Wars

Presentation:
White Paper: Kernel Wars

White Paper

ZIP: Kernel Wars Tools and Movies

Tools, Videos

 

Gadi Evron
Estonia: Information Warfare and Strategic Lessons

     
updated materials

Ben Feinstein & Daniel Peck
CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript

Presentation: White Paper:  
updated materials

Justin N. Ferguson
Understanding the Heap by Breaking It

Presentation White Paper:  
updated materials

Kevvie Fowler
SQL Server Database Forensics

Presentation: White Paper:  
updated materials

Dave G., & Jeremy Rauch
Hacking Capitalism

Presentation:    
updated materials

Kenneth Geers
Greetz from Room 101

White Paper: White Paper:  
updated materials

Jeremiah Grossman & Robert Hansen
Hacking Intranet Websites from the Outside (Take 2)—"Fun With and Without JavaScript Malware"

White Paper: White Paper:  
updated materials

Jennifer Granick
Disclosure and Intellectual Property Law: Case Studies

Presentation:    
updated materials

Ezequiel D. Gutesman & Ariel Waissbein
A Dynamic Technique for Enhancing the Security and Privacy of Web Applications

White Paper: White Paper:  

Nick Harbour
Stealth Secrets of the Malware Ninjas

Presentation: White Paper:  
updated materials

John Heasman
Hacking the Extensible Firmware Interface

Presentation:    
updated materials

Brad Hill
Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

Presentation: White Paper:  
updated materials

Jim Hoagland
Vista Network Attack Surface Analysis and Teredo Security Implications

White Paper: White Paper:  

Billy Hoffman & John Terrill
The Little Hybrid Web Worm that Could

  White Paper:  
updated materials

Greg Hoglund
Active Reversing: The Next Generation of Reverse Engineering

Presentation:    
updated materials

Mikko Hypponen
Status of Cell Phone Malware in 2007

Presentation White Paper  

Dan Kaminksy
Black Ops 2007: Design Reviewing The Web

Presentation:    

Krishna Kurapati
Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

Presentation: Presentation:  

Dr. Neal Krawetz
A Picture's Worth...

Presentation:
White Paper:

White Paper

Tool

Code

updated materials

Zane Lackey, & Alex Garbutt
Point, Click, RTPInject

Presentation:
White Paper:

Tools

 

Adam Laurie
RFIDIOts!!!– Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)

Presentation:    

David LeBlanc
Practical Sandboxing - Techniques for Isolating Processes

     
updated materials

Dr. Andrew Lindell
Anonymous Authentication— Preserving Your Privacy Online

White Paper: White Paper:  

Jonathan Lindsay
Attacking the Windows Kernel

Presentation: White Paper:  

David Litchfield
Database Forensics

Presentation:    

Iain McDonald
Longhorn Server Foundation & Server Roles

     

Alfredo Ortega
OpenBSD Remote Exploit

Presentation: White Paper:  

David Maynor & Robert Graham
Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook

  White Paper:  
updated materials

Haroon Meer & Marco Slaviero
It's All About the Timing

White Paper:
White Paper:

White Paper

Tool

Tool

 
updated materials

Charlie Miller
Hacking Leopard: Tools and techniques for attacking the newest Mac OS X

White Paper: White Paper:  

Luis Miras
Other Wireless: New ways of being Pwned

Presentation: White Paper:  
updated materials

Eric Monti & Dan Moniz
Defeating Information Leak Prevention

White Paper:    
updated materials

HD Moore & Valsmith
Tactical Exploitation

Presentation: White Paper:  

Jeff Morin
Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage

Presentation: White Paper:  
updated materials

Shawn Moyer
(un)Smashing the Stack

Presentation: White Paper:  
updated materials

Chris Paget
RFID for Beginners++

Presentation:    

Chris Palmer, Tim Newsham, Alex Stamos & Chris Ridder
Breaking Forensics Software: Weaknesses in Critical Evidence Collection

  White Paper:  

Stephen Patton
Social Network Site Data Mining

Presentation: White Paper:

Mike Perry
Securing the Tor Network

Presentation: White Paper:  

Cody Pierce
PyEmu: A multi-purpose scriptable x86 emulator

  White Paper:  

Thomas Ptacek & Nate Lawson
Don't Tell Joanna, The Virtualized Rootkit Is Dead

Presentation:    

Danny Quist & Valsmith
Covert Debugging: Circumventing Software Armoring Techniques

Presentation: White Paper:  
updated materials

Dror-John Roecher & Michael Thumann
NACATTACK

Presentation:
White Paper:

White Paper

Tool

Tool

Tool
updated materials

Joanna Rutkowska & Alexander Tereshkin
IsGameOver(), anyone?

Presentation:    

Paul Vincent Sabanal
Reversing C++

Presentation: White Paper:  

Len Sassaman
Anonymity and its Discontents

  White Paper:  
updated materials

Eric Schmiedl & Mike Spindell
Strengths and Weaknesses of Access Control Systems

Presentation: White Paper:  
updated materials

Jerry Schneider
Reflection DNS Poisoning

Presentation:    
updated materials

Window Snyder & Mike Shaver
Building and Breaking the Browser

Presentation: White Paper:  

Alexander Sotirov
Heap Feng Shui in JavaScript

Presentation: White Paper:  
updated materials

Scott Stender
Blind Security Testing—An Evolutionary Approach

Presentation: White Paper:  
updated materials

Joe Stewart
Just Another Windows Kernel Perl Hacker

Presentation: White Paper:  

Bryan Sullivan & Billy Hoffman
Premature Ajax-ulation

White Paper: White Paper:  

Peter Thermos
Transparent Weaknesses in VoIP

Presentation:    

David Thiel
Exposing Vulnerabilities in Media Software

Presentation: White Paper:  

Eugene Tsyrklevich & Vlad Tsyrklevich
OpenID: Single Sign-On for the Internet

Presentation: White Paper:  
updated materials

Ariel Waissbein & Damian Saura
Timing Attacks for Recovering Private Entries From Database Engines

White Paper: White Paper:  

Greg Wroblewski
Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004–2007

     

Chris Wysopal & Chris Eng
Static Detection of Application Backdoors

Presentation: White Paper:  
updated materials

Mark Vincent Yason
The Art of Unpacking

Presentation: White Paper:  

Stefano Zanero
Observing the Tidal Waves of Malware

Presentation:    

Phil Zimmermann
Z-Phone

     

Panels - Black Hat USA 2007

Panel
Ethics Challenge!

     

Panel
Executive Women's Forum

     

Panel
Meet the Fed

     

Panel
Meet the VCs

     

Panel
Spyware 2010: Center for Democracy & Technology Anti-Spyware Coalition

     


Black Hat Europe 2007
Track/Speaker/Topic Presentation (PDFs) White Paper/
Notes/Tools
Audio
(not yet available)
Keynote Presentation - Black Hat Europe 2007

Welcome by Jeff Moss, Founder & CEO, Black Hat

Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure)
How can the Security Researcher Community Work Better for the Common Good?



Speakers - Black Hat Europe 2007

Nish Bhalla
Web Service Vulnerabilities


White Paper: Nish Bhalla - Web Service Vulnerabilities  

Sun Bing
Software Virtualization Based Rootkits

Presentation: Sun Bing - Software Virtualization Based Rootkits PDF: Sun Bing - Software Virtualization Based Rootkits  

Damiano Bolzoni
NIDS: False Positive Reduction Through Anomaly Detection

Presentation: Damiano Bolzoni - NIDS: False Positive Reduction Through Anomaly Detection
White Paper: Damiano Bolzoni - Aphrodite

Aphrodite

White Paper: Damiano Bolzoni - Poseiden

Poseiden

 

updated materials
Laurent Butti
Wi-Fi Advanced Fuzzing

Presentation: Laurent Butti - Wi-Fi Advanced Fuzzing White Paper: Laurent Butti - Wi-Fi Advanced Fuzzing  

Augusto Paes de Barros, André Fucs & Victor Pereira
New Botnets Trends and Threats

Presentation: Augusto Paes de Barros, André Fucs & Victor Pereira - New Botnets Trends and Threats Presentation:  

updated materials
Cesar Cerrudo & Esteban Martinez Fayo
Hacking Databases for Owning Your Data

Presentation: Cesar Cerrudo & Esteban Martinez Fayo - Hacking Databases for Owning Your Data
White Paper: Cesar Cerrudo & Esteban Martinez Fayo - Hacking Databases for Owning Your Data

White Paper

Code: Cesar Cerrudo - Practical 10 Minute Security Audit: The Oracle Case

Additional Materials

 

Joel Eriksson
Kernel Wars

Presentation: Joel Eriksson - Kernel Wars White Paper: Joel Eriksson - Kernel Wars  

updated materials
ERESI Team
Next Generation Debuggers for Reverse Engineering

Presentation: ERESI Team - Next Generation Debuggers for Reverse Engineering
White Paper: ERESI Team - Next Generation Debuggers for Reverse Engineering

White Paper

ERESI Team - Next Generation Debuggers for Reverse Engineering

Additional Materials

 

Kostya Kortchinsky
Making Windows Exploits More Reliable

Presentation: Kostya Kortchinsky - Making Windows Exploits More Reliable White Paper: Kostya Kortchinsky - Making Windows Exploits More Reliable  

updated materials

Nitin Kumar & Vipin Kumar
Vboot Kit: Compromising Windows Vista Security

Presentation: Kostya Kortchinsky - Making Windows Exploits More Reliable Presentation: Kostya Kortchinsky - Making Windows Exploits More Reliable  

updated materials
Toshinari Kureha & Dr. Brian Chess
Make My Day – Just Run a Web Scanner: Countering The Faults of Typical Web Scanners Through Byte-code Injection

Presentation: Toshinari Kureha & Dr. Brian Chess Make My Day – Just Run a Web Scanner: Countering The Faults of Typical Web Scanners Through Byte-code Injection White Paper: Toshinari Kureha & Dr. Brian Chess Make My Day – Just Run a Web Scanner: Countering The Faults of Typical Web Scanners Through Byte-code Injection  

Adam Laurie
RFIDIOts!!! - Practical RFID hacking (without soldering irons)

Presentation: Adam Laurie RFIDIOts!!! - Practical RFID hacking (without soldering irons)
 

updated materials
Philippe Langlois
SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones

Presentation: Presentation:  

David Litchfield
Advanced Oracle Attack Techniques



 

Bruno Luiz
Challenging Malicious Inputs with Fault Tolerance Techniques

Presentation: Bruno Luiz Challenging Malicious Inputs with Fault Tolerance Techniques
Presentation:

White Paper

Presentation:

References

 

Lluis Mora
SMTP Information Gathering

Presentation: Lluis Mora SMTP Information Gathering White Paper: Lluis Mora SMTP Information Gathering  
updated materials
Mariano Nuñez Di Croce
Attacking the Giants: Exploiting SAP Internals
Presentation: Mariano Nuñez Di Croce Attacking the Giants: Exploiting SAP Internals
White Paper: Mariano Nuñez Di Croce Attacking the Giants: Exploiting SAP Internals

White Paper

ZIP: Mariano Nuñez Di Croce Attacking the Giants: Exploiting SAP Internals

Source Code

 

Billy K Rios & Raghav Dube
Kicking Down the Cross Domain Door (One XSS at a Time)

Presentation: Billy K Rios & Raghav Dube Kicking Down the Cross Domain Door (One XSS at a Time) White Paper: Billy K Rios & Raghav Dube Kicking Down the Cross Domain Door (One XSS at a Time)  
updated materials
Dror-John Roecher & Michael Thumann
NACATTACK
Presentation: Dror-John Roecher & Michael Thumann NACATTACK
White Paper: Dror-John Roecher & Michael Thumann NACATTACK

White Paper

ZIP: White Paper: Alexander Sotirov Heap Feng Shui in JavaScript

Extra

 

updated materials
Alexander Sotirov
Heap Feng Shui in JavaScript

Presentation: Alexander Sotirov - Heap Feng Shui in JavaScript
White Paper: Alexander Sotirov Heap Feng Shui in JavaScript

White Paper

ZIP: White Paper: Alexander Sotirov Heap Feng Shui in JavaScript

Source Code

 

Ollie Whitehouse
GS and ASLR in Windows Vista

Presentation: Ollie Whitehouse - GS and ASLR in Windows Vista Paper: Ollie Whitehouse - GS and ASLR in Windows Vista  

Jonathan Wilkins
ScarabMon - Automating Web Application Penetration Tests


White Paper: Alexander Sotirov Heap Feng Shui in JavaScript

White Paper

ZIP: Source Code - Jonathan Wilkins

Source Code

 

Stefano Zanero
360° Anomaly Based Unsupervised Intrusion Detection

Presentation: Stefano Zanero - 360° Anomaly Based Unsupervised Intrusion Detection Paper: Stefano Zanero - 360° Anomaly Based Unsupervised Intrusion Detection  


Black Hat Federal 2006
Track/Speaker/Topic Presentation (PDFs) White Paper/
Notes/Tools
Audio
(not yet available)
Keynote Presentation - Black Hat DC 2007

Welcome by Jeff Moss, Founder & CEO, Black Hat

Special Agent (Ret) Jim Christy, Director, Futures Exploration, Department of Defense Cyber Crime Center
Cyber Crime and the Power of Digital Forensics



Speakers - Black Hat DC 2007

updated materials
Ofir Arkin
NAC

Presentation: Ofir Arkin - NAC Paper: Ofir Arkin - NAC  

Sean Barnum
Attack Patterns: Knowing Your Enemies in Order to Defeat Them

Presentation: Sean Barnum - Attack Patterns: Knowing Your Enemies in Order to Defeat Them Paper: Sean Barnum - Attack Patterns: Knowing Your Enemies in Order to Defeat Them  

James D. Broesch
Secure Processors for Embedded Applications

Presentation: James D. Broesch - Secure Processors for Embedded Applications Paper: James D. Broesch - Secure Processors for Embedded Applications  

Cesar Cerrudo
Practical 10 Minute Security Audit: The Oracle Case

Presentation: Cesar Cerrudo - Practical 10 Minute Security Audit: The Oracle Case
Paper: Cesar Cerrudo - Practical 10 Minute Security Audit: The Oracle Case
White Paper
Code: Cesar Cerrudo - Practical 10 Minute Security Audit: The Oracle Case
POC Exploit Code
 

John Heasman
Firmware Rootkits and the Threat to the Enterprise


Paper: John Heasman Firmware Rootkits and the Threat to the Enterprise  

Kris Kendall & Chad McMillan
Practical Malware Analysis: Fundamental Techniques and a New Method for Malware Discovery

Presentation: Kris Kendall & Chad McMillan - Practical Malware Analysis: Fundamental Techniques and a New Method for Malware Discovery Paper: Kris Kendall & Chad McMillan - Practical Malware Analysis: Fundamental Techniques and a New Method for Malware Discovery  

updated materials
David Litchfield
Advanced Oracle Attack Techniques

Presentation: David Litchfield - Advanced Oracle Attack Techniques
Papers:David Litchfield - Advanced Oracle Attack Techniques
Papers
 

Kevin Mandia
Agile Incident Response: Operating through Ongoing Confrontation

Presentation: Kevin Mandia - Agile Incident Response: Operating through Ongoing Confrontation
 

Robert A. Martin, Steve Christey & Sean Barnum
Being Explicit about Software Weaknesses

Presentation: Robert A. Martin, Steve Christey & Sean Barnum - Being Explicit about Software Weaknesses Paper: Robert A. Martin, Steve Christey & Sean Barnum - Being Explicit about Software Weaknesses  

David Maynor
Device Drivers 2.0



 

updated materials
David Maynor & Robert Graham
Data Seepage: How to Give Attackers a Roadmap to Your Network

Presentation: David Maynor & Robert Graham - Data Seepage: How to Give Attackers a Roadmap to Your Network
Tool: David Maynor & Robert Graham - Data Seepage: How to Give Attackers a Roadmap to Your Network
Ferret Tool
 

Jose Nazario
Botnet Tracking: Tools, Techniques, and Lessons Learned

Presentation: Jose Nazario - Botnet Tracking: Tools, Techniques, and Lessons Learned Paper: Jose Nazario - Botnet Tracking: Tools, Techniques, and Lessons Learned  

updated materials
Joanna Rutkowska
Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools (Part I: AMD case)

Presentation: Joanna Rutkowska - Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools (Part I: AMD case)
 

Paul Vincent Sabanal & Mark Vincent Yason
Reversing C++

Presentation: Paul Vincent Sabanal & Mark Vincent Yason - Reversing C++ Paper: Paul Vincent Sabanal & Mark Vincent Yason - Reversing C++  

Amichai Shulman
Danger From Below: The Untold Tale of Database Communication Protocol Vulnerabilities

Presentation: Amichai Shulman - Danger From Below: The Untold Tale of Database Communication Protocol Vulnerabilities Paper: Amichai Shulman - Danger From Below: The Untold Tale of Database Communication Protocol Vulnerabilities  

updated materials
Michael Sutton
Smashing Web Apps: Applying Fuzzing to Web Applications and Web Services

Presentation: Michael Sutton - Smashing Web Apps: Applying Fuzzing to Web Applications and Web Services
 

Andrew Walenstein
Exploting Similarity Between Variants to Defeat Malware

Presentation: Andrew Walenstein - Exploting Similarity Between Variants to Defeat Malware Paper: Andrew Walenstein - Exploting Similarity Between Variants to Defeat Malware  

updated materials
AAron Walters & Nick Petroni, Jr
Volatools: Integrating Volatile Memory Forensics into the Digital Investigation Process

Presentation: AAron Walters & Nick Petroni, Jr - Volatools: Integrating Volatile Memory Forensics into the Digital Investigation Process Paper: AAron Walters & Nick Petroni, Jr - Volatools: Integrating Volatile Memory Forensics into the Digital Investigation Process  

Ollie Whitehouse
GS and ASLR in Windows Vista

Presentation: Ollie Whitehouse - GS and ASLR in Windows Vista Paper: Ollie Whitehouse - GS and ASLR in Windows Vista  

Chuck Willis & Rohyt Belani
Web Application Incident Response and Forensics - A Whole New Ball Game!

Presentation: Chuck Willis & Rohyt Belani - Web Application Incident Response and Forensics - A Whole New Ball Game! Paper: Chuck Willis & Rohyt Belani - Web Application Incident Response and Forensics - A Whole New Ball Game!  

Stefano Zanero
360° Anomaly Based Unsupervised Intrusion Detection

Presentation: Stefano Zanero - 360° Anomaly Based Unsupervised Intrusion Detection Paper: Stefano Zanero - 360° Anomaly Based Unsupervised Intrusion Detection  


Media Server Hosted By:

Complex Drive

Complex Drive - Reliable, Secure, and Responsive Business Internet


Black Hat Logo
(c) 1996-2007 Black Hat