Memorias del Black Hat USA 2009

Memorias Black Hat

Se ha liberado la documentación oficial del Blackhat USA, una de las conferencia de seguridad más importantes a nivel mundial, a continuación les dejo los contenidos expuestos en estas conferencias:

BHUSA09 webdoc Memorias del Black Hat Usa 2009 = Paper

BHUSA09 webdeck Memorias del Black Hat Usa 2009 = Diapositivas de la presentacion

= Video Presentacion

= Codigo Fuente

Alessandro Acquisti

Índice
  • I Just Found 10 Million SSN's
  • Fighting Russian Cybercrime Mobsters: Report from the Trenches
  • Sniff Keystrokes With Lasers/Voltmeters Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage
  • MD5 Chosen-Prefix Collisions on GPUs
  • Anti-Forensics: The Rootkit Connection
  • Embedded Management Interfaces: Emerging Massive Insecurity
  • BitTorrent Hacks
  • Exploratory Android Surgery
  • Reversing and Exploiting an Apple® Firmware Update
  • SADE: Injecting Agents into VM Guest OS
  • Advanced Mac OS X Rootkits
  • Lockpicking Forensics
  • Psychotronica: Exposure, Control, and Deceit
  • The Language of Trust: Exploiting Trust Relationships in Active Content
  • Advanced MySQL Exploitation
  • Demystifying Fuzzers
  • Using Guided Missiles in Drive-by's: Automatic browser fingerprinting and exploitation with Metasploit
  • Gizmo: A Lightweight Open Source Web Proxy
  • State of the Art Post Exploitation in Hardened PHP Environments
  • Hacking the Smart Grid
  • Internet Special Ops: Stalking Badness Through Data Mining
  • Breaking the "Unbreakable" Oracle with Metasploit
  • A 16 bit Rootkit and Second Generation Zigbee Chips
  • "Smart" Parking Meter Implementations, Globalism, and You
  • Computer Crime Year In Review: MySpace, MBTA, Boston College and More
  • Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way
  • How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession
  • Weaponizing the Web: More Attacks on User-Generated Content
  • Win at Reversing: Tracing and Sandboxing through Inline Hooking
  • Exploiting Rich Content
  • The Conficker Mystery
  • Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone
  • Something about Network Security
  • Stoned Bootkit
  • Cloudburst: Hacking 3D (and Breaking Out of VMware)
  • Attacking SMS
  • Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe
  • Router Exploitation
  • Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices
  • More Tricks For Defeating SSL
  • Practical Windows XP/2003 Heap Exploitation
  • Clobbering the Cloud!
  • Managed Code Rootkits: Hooking into the Runtime Environments
  • Fuzzing the Phone in your Phone
  • A Black Hat Vulnerability Risk Assessment
  • Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances
  • Long-Term Sessions: This Is Why We Can't Have Nice Things
  • Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries
  • Deactivate the Rootkit
  • Hacking Capitalism '09: Vulnerabilities In Markets And Trading Platforms
  • Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization
  • Your Mind: Legal Status, Rights and Securing Yourself
  • Automated Malware Similarity Analysis
  • Metasploit Autopsy: Reconstructing the Crime Scene
  • MetaPhish
  • Breaking the security myths of Extended Validation SSL Certificates
  • Worst of the Best of the Best
  • Defensive Rewriting: A New Take on XSS/XSRF/Redirect-Phishing Defense
  • What the hell is inside there?
  • Global Spying: Realistic Probabilities in Modern Signals Intelligence
  • Ruby for Pentesters
  • Metasploit Telephony
  • Our Favorite XSS Filters and How to Attack Them
  • Fast & Furious Reverse Engineering with TitanEngine
  • Unraveling Unicode: A Bag of Tricks for Bug Hunting
  • Enterprise Java Rootkits
  • I Just Found 10 Million SSN's


    Dmitri Alperovitch, Keith Mularski

    Fighting Russian Cybercrime Mobsters: Report from the Trenches


    Andrea Barisani, Daniele Bianco

    Sniff Keystrokes With Lasers/Voltmeters

    Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage


    Marc Bevand

    MD5 Chosen-Prefix Collisions on GPUs


    Bill Blunden

    Anti-Forensics: The Rootkit Connection


    Hristo Bojinov, Dan Boneh, Elie Bursztein

    Embedded Management Interfaces: Emerging Massive Insecurity


    Michael Brooks, David Aslanian

    BitTorrent Hacks


    Jesse Burns

    Exploratory Android Surgery


    K. Chen

    Reversing and Exploiting an Apple® Firmware Update


    Matt Conover

    SADE: Injecting Agents into VM Guest OS


    Dino Dai Zovi

    Advanced Mac OS X Rootkits


    Datagram

    Lockpicking Forensics


    Nitesh Dhanjani

    Psychotronica: Exposure, Control, and Deceit


    Mark Dowd, Ryan Smith, David Dewey

    The Language of Trust: Exploiting Trust Relationships in Active Content


    Muhaimin Dzulfakar

    Advanced MySQL Exploitation


    Michael Eddington

    Demystifying Fuzzers


    Egypt

    Using Guided Missiles in Drive-by's: Automatic browser fingerprinting and exploitation with Metasploit


    Rachel Engel

    Gizmo: A Lightweight Open Source Web Proxy


    Stefan Esser

    State of the Art Post Exploitation in Hardened PHP Environments


    Tony Flick

    Hacking the Smart Grid


    Andrew Fried, Paul Vixie, Dr. Chris Lee

    Internet Special Ops: Stalking Badness Through Data Mining


    Chris Gates

    Breaking the "Unbreakable" Oracle with Metasploit


    Travis Goodspeed

    A 16 bit Rootkit and Second Generation Zigbee Chips



    Joe Grand, Jacob Appelbaum, Chris Tarnovsky

    "Smart" Parking Meter Implementations, Globalism, and You


    Jennifer Granick

    Computer Crime Year In Review: MySpace, MBTA, Boston College and More



    Jeremiah Grossman, Trey Ford

    Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way


    Peter Guerra

    How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession


    Nathan Hamiel, Shawn Moyer

    Weaponizing the Web: More Attacks on User-Generated Content


    Nick Harbour

    Win at Reversing: Tracing and Sandboxing through Inline Hooking


    Riley Hassell

    Exploiting Rich Content


    Mikko Hypponen

    The Conficker Mystery


    Vincenzo Iozzo, Charlie Miller

    Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone


    Dan Kaminsky

    Something about Network Security


    Peter Kleissner

    Stoned Bootkit


    Kostya Kortchinsky

    Cloudburst: Hacking 3D (and Breaking Out of VMware)


    Zane Lackey, Luis Miras

    Attacking SMS


    Aaron LeMasters, Michael Murphy

    Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe


    Felix "FX" Lindner

    Router Exploitation


    Kevin Mahaffey, Anthony Lineberry, John Hering

    Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices



    Moxie Marlinspike

    More Tricks For Defeating SSL


    John McDonald, Chris Valasek

    Practical Windows XP/2003 Heap Exploitation


    Haroon Meer, Nick Arvanitis, Marco Slaviero

    Clobbering the Cloud!


    Erez Metula

    Managed Code Rootkits: Hooking into the Runtime Environments


    Charlie Miller, Collin Mulliner

    Fuzzing the Phone in your Phone


    David Mortman

    A Black Hat Vulnerability Risk Assessment


    Graeme Neilson

    Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances


    Steve Ocepek

    Long-Term Sessions: This Is Why We Can't Have Nice Things


    Jeongwook Oh

    Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries


    Alfredo Ortega, Anibal Sacco

    Deactivate the Rootkit


    Thomas H. Ptacek, David Goldsmith, Jeremy Rauch

    Hacking Capitalism '09: Vulnerabilities In Markets And Trading Platforms


    Danny Quist, Lorie Liebrock

    Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization


    Tiffany Strauchs Rad, James Arlen

    Your Mind: Legal Status, Rights and Securing Yourself


    Daniel Raygoza

    Automated Malware Similarity Analysis


    Peter Silberman, Steve Davis

    Metasploit Autopsy: Reconstructing the Crime Scene


    Val Smith, Colin Ames, David Kerb

    MetaPhish


    Mike Zusman, Alexander Sotirov

    Breaking the security myths of Extended Validation SSL Certificates


    Kevin Stadmeyer, Garrett Held

    Worst of the Best of the Best


    Bryan Sullivan

    Defensive Rewriting: A New Take on XSS/XSRF/Redirect-Phishing Defense


    Chris Tarnovsky

    What the hell is inside there?


    Steve Topletz, Jonathan Logan and Kyle Williams

    Global Spying: Realistic Probabilities in Modern Signals Intelligence


    Michael Tracy, Chris Rohlf, Eric Monti

    Ruby for Pentesters


    Dustin "I)ruid" Trammell

    Metasploit Telephony


    Eduardo Vela Nava, David Lindsay

    Our Favorite XSS Filters and How to Attack Them


    Mario Vuksan, Tomislav Pericin

    Fast & Furious Reverse Engineering with TitanEngine


    Chris Weber

    Unraveling Unicode: A Bag of Tricks for Bug Hunting


    Jeff Williams

    Enterprise Java Rootkits

    Subir