Skip navigation
6605 Views 2 Replies Latest reply: Aug 22, 2010 9:04 AM by wkandek RSS
Robert Dell'Immagine Level 4 251 posts since
Apr 26, 2010
Currently Being Moderated

Jul 13, 2010 12:48 PM

What are your Black Hat Top 5?

Let us know what you like best about Black Hat 2010 Las Vegas.

  • wkandek Level 4 150 posts since
    Jul 23, 2010
    Currently Being Moderated
    Aug 10, 2010 6:43 PM (in response to Robert Dell'Immagine)
    Re: What are your Black Hat Top 5?

    I had posted this originally under QualysGuard Suite, but it fits much better here:

     

    The Qualys Team is back from BlackHat and DefCon. We had a great time and introduced some of our new technologies in 3 talks:

     

    • Rami Kawach’s Neptune presentation on the inner workings of the new malware engine
    • Ivan  Ristic’s analysis of the SSL usage and general landscape
    • Patrick Thomas’ BlindElephant Web Fingerprinting talk (both at BlackHat and DefCon)

     

    The slides and Whitepapers for the talks can be found in tehri respective sessions on community.qualys.com.

     

    Beyond our own talks we attended many other presentations. Here is a list of some of the presentations that we attended and found useful and applicable to our interests. Please add the presentations that you found intersting to the comment section. We are looking forward to your suggestions.

     

    • How to Hack Millions of Routers - Craig Heffner

    https://media.blackhat.com/bh-us-10/whitepapers/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-wp.pdf

     

    This talk demonstrated how SOHO routers can be exploited via DNS re-binding to gain interactive access to the router's internal-facing Web based administrative interface. This attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, IP address, host name, etc, and does not use any anti-DNS pinning techniques. About 17 brands of commercial SOHO routers were found vulnerable. With the help of the DNS rebinding attack, paired with the “weak end system model” in TCP/IP stack and a link to malicious website, an attacker can get interactive access to the routers internal web interface.

     

     

    • These Aren't the Permissions You're Looking For - Anthony Lineberry, David Luke Richardson & Tim Wyatt

    http://www.defcon.org/html/defcon-18/dc-18-speakers.html#Lineberry

     

    This talk explored techniques for attacks based around abuse of the permission system in Android. When an Android app is downloaded it prompts the user for permission to use resources like internet or GPS. This talk demonstrated how an Android app can be developed to bypass the permissions system in Android. Since modern smart phones have GPS, contacts, text messages, e-mail and other sensitive data, I think security in smart phones will be exploited in the coming years.

     

     

    • Searching for Malware: A Review of Attackers’ Use of Search Engines to Lure Victims – David Maynor

    http://www.defcon.org/html/defcon-18/dc-18-speakers.html#Maynor

     

    For a few months, the presenter monitored top search engine keywords every hour and visited the links that the search keywords generated to find malware on those links. Google, Yahoo and Bing were used for the search. This talk showed how hackers manipulate search engine algorithm to get malicious links on the top in search results and use social engineering keywords for events like ‘BP gas disaster’, ‘FIFA 2010’ or some playboy playmate to lure victims to malicious websites. At the end of the talk the presenter invited a celebrity playboy playmate on the stage whose name resulted in links that had most amount of malware.

     

     

    • Hacking Oracle from Web Apps - Sumit Siddharth:

    Slides/Demos:  http://www.notsosecure.com/folder2/ Paper: http://7safe.com/assets/pdfs/Hacking_Oracle_From_Web_2.pdf

     

    In a nutshell, the talk on Hacking Oracle from Web Apps demonstrated various ways of exploiting the Oracle DB through SQL injection attacks.  The author Sumit Siddharth showed some interesting demos using “bsqlbf”, a free tool for blind SQL injection and how it co-relates with Metasploit to achieve OS code execution.  The tool has capabilities to upload and execute a Metasploit payload by exploitation of the SQL injection vulnerabilities from the Web application. From what I understood, the perspective of the talk was more focused on the fact that exploitation could be achieved by digging through loop holes at the application level itself without having to go much further.

     

    • DefCon Social Engineering Security Test

     

    During this contest, Defcon participants made calls to real employees of real companies in an effort to collect information about those companies,only five employees declined to give contestants the information they were seeking. Employees at every single company called gave away information about their company that they shouldn't have.

     

     

    • Nmap Scripting Engine by Fyodor and Fifield (

    https://media.blackhat.com/bh-us-10/presentations/Vaskovitch/BlackHat-USA-2010-Fyodor-Fifield-NMAP-Scripting-Engine-slides.pdf

     

    In the NSE demo, Fyodor launched SMB related NSE scripts for locating different vulnerabilities against Microsoft’s public IP space. During scanning process, he showed how Microsoft has machines that share their IPS$, C$ and D$ shares over the internet and in some cases allow full user enumeration.

     

    • mod_antimalware - A novel apache module for containing Web-based malware infections

    http://info.dasient.com/rs/dasient/images/mod_antimalware_white_paper_FINAL.pdf

     

    A proactive module for preventing malware propagation. Very much applicable to our own Malware scanning initiative

     

     

    Many others: Barnaby Jack's ATM hacking presentation, Dan Kaminsky's DNSSEC presentation, Dan Hubbard - CTO Websense - Poisioning of Realtime Search Results (Adhoc in the CSA track),

More Like This

  • Retrieving data ...

Bookmarked By (1)