Memorias del Black Hat USA 2009

Memorias Black Hat

Se ha liberado la documentación oficial del Blackhat USA, una de las conferencia de seguridad más importantes a nivel mundial, a continuación les dejo los contenidos expuestos en estas conferencias:

BHUSA09 webdoc Memorias del Black Hat Usa 2009 = Paper

BHUSA09 webdeck Memorias del Black Hat Usa 2009 = Diapositivas de la presentacion

= Video Presentacion

= Codigo Fuente

Alessandro Acquisti

Índice
  • I Just Found 10 Million SSN's
  • Fighting Russian Cybercrime Mobsters: Report from the Trenches
  • Sniff Keystrokes With Lasers/Voltmeters Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage
  • MD5 Chosen-Prefix Collisions on GPUs
  • Anti-Forensics: The Rootkit Connection
  • Embedded Management Interfaces: Emerging Massive Insecurity
  • BitTorrent Hacks
  • Exploratory Android Surgery
  • Reversing and Exploiting an Apple® Firmware Update
  • SADE: Injecting Agents into VM Guest OS
  • Advanced Mac OS X Rootkits
  • Lockpicking Forensics
  • Psychotronica: Exposure, Control, and Deceit
  • The Language of Trust: Exploiting Trust Relationships in Active Content
  • Advanced MySQL Exploitation
  • Demystifying Fuzzers
  • Using Guided Missiles in Drive-by's: Automatic browser fingerprinting and exploitation with Metasploit
  • Gizmo: A Lightweight Open Source Web Proxy
  • State of the Art Post Exploitation in Hardened PHP Environments
  • Hacking the Smart Grid
  • Internet Special Ops: Stalking Badness Through Data Mining
  • Breaking the "Unbreakable" Oracle with Metasploit
  • A 16 bit Rootkit and Second Generation Zigbee Chips
  • "Smart" Parking Meter Implementations, Globalism, and You
  • Computer Crime Year In Review: MySpace, MBTA, Boston College and More
  • Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way
  • How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession
  • Weaponizing the Web: More Attacks on User-Generated Content
  • Win at Reversing: Tracing and Sandboxing through Inline Hooking
  • Exploiting Rich Content
  • The Conficker Mystery
  • Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone
  • Something about Network Security
  • Stoned Bootkit
  • Cloudburst: Hacking 3D (and Breaking Out of VMware)
  • Attacking SMS
  • Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe
  • Router Exploitation
  • Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices
  • More Tricks For Defeating SSL
  • Practical Windows XP/2003 Heap Exploitation
  • Clobbering the Cloud!
  • Managed Code Rootkits: Hooking into the Runtime Environments
  • Fuzzing the Phone in your Phone
  • A Black Hat Vulnerability Risk Assessment
  • Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances
  • Long-Term Sessions: This Is Why We Can't Have Nice Things
  • Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries
  • Deactivate the Rootkit
  • Hacking Capitalism '09: Vulnerabilities In Markets And Trading Platforms
  • Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization
  • Your Mind: Legal Status, Rights and Securing Yourself
  • Automated Malware Similarity Analysis
  • Metasploit Autopsy: Reconstructing the Crime Scene
  • MetaPhish
  • Breaking the security myths of Extended Validation SSL Certificates
  • Worst of the Best of the Best
  • Defensive Rewriting: A New Take on XSS/XSRF/Redirect-Phishing Defense
  • What the hell is inside there?
  • Global Spying: Realistic Probabilities in Modern Signals Intelligence
  • Ruby for Pentesters
  • Metasploit Telephony
  • Our Favorite XSS Filters and How to Attack Them
  • Fast & Furious Reverse Engineering with TitanEngine
  • Unraveling Unicode: A Bag of Tricks for Bug Hunting
  • Enterprise Java Rootkits

    • I Just Found 10 Million SSN's

    Dmitri Alperovitch, Keith Mularski

    Fighting Russian Cybercrime Mobsters: Report from the Trenches

    Andrea Barisani, Daniele Bianco

    Sniff Keystrokes With Lasers/Voltmeters

    Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage

    Marc Bevand

    MD5 Chosen-Prefix Collisions on GPUs

    Bill Blunden

    Anti-Forensics: The Rootkit Connection

    Hristo Bojinov, Dan Boneh, Elie Bursztein

    Embedded Management Interfaces: Emerging Massive Insecurity

    Michael Brooks, David Aslanian

    BitTorrent Hacks

    Jesse Burns

    Exploratory Android Surgery

    K. Chen

    Reversing and Exploiting an Apple® Firmware Update

    Matt Conover

    SADE: Injecting Agents into VM Guest OS

    Dino Dai Zovi

    Advanced Mac OS X Rootkits

    Datagram

    Lockpicking Forensics

    Nitesh Dhanjani

    Psychotronica: Exposure, Control, and Deceit

    Mark Dowd, Ryan Smith, David Dewey

    The Language of Trust: Exploiting Trust Relationships in Active Content

    Muhaimin Dzulfakar

    Advanced MySQL Exploitation

    Michael Eddington

    Demystifying Fuzzers

    Egypt

    Using Guided Missiles in Drive-by's: Automatic browser fingerprinting and exploitation with Metasploit

    Rachel Engel

    Gizmo: A Lightweight Open Source Web Proxy

    Stefan Esser

    State of the Art Post Exploitation in Hardened PHP Environments

    Tony Flick

    Hacking the Smart Grid

    Andrew Fried, Paul Vixie, Dr. Chris Lee

    Internet Special Ops: Stalking Badness Through Data Mining

    Chris Gates

    Breaking the "Unbreakable" Oracle with Metasploit

    Travis Goodspeed

    A 16 bit Rootkit and Second Generation Zigbee Chips


    Joe Grand, Jacob Appelbaum, Chris Tarnovsky

    "Smart" Parking Meter Implementations, Globalism, and You

    Jennifer Granick

    Computer Crime Year In Review: MySpace, MBTA, Boston College and More


    Jeremiah Grossman, Trey Ford

    Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way

    Peter Guerra

    How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession

    Nathan Hamiel, Shawn Moyer

    Weaponizing the Web: More Attacks on User-Generated Content

    Nick Harbour

    Win at Reversing: Tracing and Sandboxing through Inline Hooking

    Riley Hassell

    Exploiting Rich Content

    Mikko Hypponen

    The Conficker Mystery

    Vincenzo Iozzo, Charlie Miller

    Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone

    Dan Kaminsky

    Something about Network Security

    Peter Kleissner

    Stoned Bootkit

    Kostya Kortchinsky

    Cloudburst: Hacking 3D (and Breaking Out of VMware)

    Zane Lackey, Luis Miras

    Attacking SMS

    Aaron LeMasters, Michael Murphy

    Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe

    Felix "FX" Lindner

    Router Exploitation

    Kevin Mahaffey, Anthony Lineberry, John Hering

    Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices


    Moxie Marlinspike

    More Tricks For Defeating SSL

    John McDonald, Chris Valasek

    Practical Windows XP/2003 Heap Exploitation

    Haroon Meer, Nick Arvanitis, Marco Slaviero

    Clobbering the Cloud!

    Erez Metula

    Managed Code Rootkits: Hooking into the Runtime Environments

    Charlie Miller, Collin Mulliner

    Fuzzing the Phone in your Phone

    David Mortman

    A Black Hat Vulnerability Risk Assessment

    Graeme Neilson

    Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances

    Steve Ocepek

    Long-Term Sessions: This Is Why We Can't Have Nice Things

    Jeongwook Oh

    Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries

    Alfredo Ortega, Anibal Sacco

    Deactivate the Rootkit

    Thomas H. Ptacek, David Goldsmith, Jeremy Rauch

    Hacking Capitalism '09: Vulnerabilities In Markets And Trading Platforms

    Danny Quist, Lorie Liebrock

    Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization

    Tiffany Strauchs Rad, James Arlen

    Your Mind: Legal Status, Rights and Securing Yourself

    Daniel Raygoza

    Automated Malware Similarity Analysis

    Peter Silberman, Steve Davis

    Metasploit Autopsy: Reconstructing the Crime Scene

    Val Smith, Colin Ames, David Kerb

    MetaPhish

    Mike Zusman, Alexander Sotirov

    Breaking the security myths of Extended Validation SSL Certificates

    Kevin Stadmeyer, Garrett Held

    Worst of the Best of the Best

    Bryan Sullivan

    Defensive Rewriting: A New Take on XSS/XSRF/Redirect-Phishing Defense

    Chris Tarnovsky

    What the hell is inside there?

    Steve Topletz, Jonathan Logan and Kyle Williams

    Global Spying: Realistic Probabilities in Modern Signals Intelligence

    Michael Tracy, Chris Rohlf, Eric Monti

    Ruby for Pentesters

    Dustin "I)ruid" Trammell

    Metasploit Telephony

    Eduardo Vela Nava, David Lindsay

    Our Favorite XSS Filters and How to Attack Them

    Mario Vuksan, Tomislav Pericin

    Fast & Furious Reverse Engineering with TitanEngine

    Chris Weber

    Unraveling Unicode: A Bag of Tricks for Bug Hunting

    Jeff Williams

    Enterprise Java Rootkits

    Hotel Barato en Manizales y Descuento
    Subir