Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Player FM - Podcast-app Gå offline med appen Player FM !
This week, in what might be the funniest episode yet, Molly and Emese are joined by co-stars Amy Schumer and Brianne Howey. They get candid about motherhood, career evolution, and their new film, Kinda Pregnant —which unexpectedly led to Amy’s latest health discovery. Amy opens up about how public criticism led her to uncover her Cushing syndrome diagnosis, what it’s like to navigate comedy and Hollywood as a mom, and the importance of sharing birth stories without shame. Brianne shares how becoming a mother has shifted her perspective on work, how Ginny & Georgia ’s Georgia Miller compares to real-life parenting, and the power of female friendships in the industry. We also go behind the scenes of their new Netflix film, Kinda Pregnant —how Molly first got the script, why Amy and Brianne were drawn to the project, and what it means for women today. Plus, they reflect on their early career struggles, the moment they knew they “made it,” and how motherhood has reshaped their ambitions. From career highs to personal challenges, this episode is raw, funny, and packed with insights. Mentioned in the Episode: Kinda Pregnant Ginny & Georgia Meerkat 30 Rock Last Comic Standing Charlie Sheen Roast Inside Amy Schumer Amy Schumer on the Howard Stern Show Trainwreck Life & Beth Expecting Amy 45RPM Clothing Brand A Sony Music Entertainment production. Find more great podcasts from Sony Music Entertainment at sonymusic.com/podcasts and follow us at @sonypodcasts To bring your brand to life in this podcast, email podcastadsales@sonymusic.com Learn more about your ad choices. Visit podcastchoices.com/adchoices…
Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
Innehåll tillhandahållet av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks. Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space. Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework. REVIEWER NOTES: This is a monstrous presentation and will absolutely require the 150-minute time slot. For a smaller version of this presentation, please see my other submission (System Cracking with Metasploit 3). The goal of this presentation is to show some of the non-standard ways of breaking into networks, methods that are often ignored by professional pen-testing teams.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. This leads to some interesting possibilities for hacking the kernel, such as code injection, hooking, forensics, sandboxing and more, all controlled from a separate non-windows machine.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are affected that detection is rapid... There is one approach to DNS cache poisoning that can control the attack surface and is particularly effective when executed from within the enterprise. Rather than attempting to poison the enterprise DNS server or other external caches, the internal DNS cache within a Windows PC is targeted. Additionally, forensic analysis of the infected PC is hindered by the TimeToLive and volatility of these cache entries. I will demonstrate this type of attack using two machines on a local lan, and include some analysis of the firewall and configuration issues needed to defend against this type of exploit.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding an approach to automated site access, and the implications of site structure. Associated tools and scripts will be explained. Additionally, investigative techniques with the recovered information will be covered.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc. This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the number of announced vulnerabilities on Mac OS X low is that not many researchers are interested in exploring this operating system due to low market share and not many researchers are familiar with the platform which can introduce a steep learning curve. The first of these reasons is going away as Apple?s market share continues to rise. This talk hopes to address the second reason. Namely, to provide researchers already familiar with Windows and Linux the knowledge and tools necessary to search for new security bugs in this operating system, specifically the new forthcoming release of ?Leopard?, the newest version of Mac OS X. Happily, there are plenty of bugs and some Mac-only tools which help to find them. This talk will announce the port of some popular tools including the release of PaiMei for Mac OS X and will demonstrate one or two 0-days (if they?re still around).…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web Server, Read Only Domain Controller, etc.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (RTP) are handled by two separate protocols, injecting audio into a stream is often the most damaging attack against RTP. RTP is vulnerable to audio injection due to its lack of integrity protection and its wide tolerance of sequence information. The presentation will demonstrate an easy to use GUI VoIP injection attack tool for RTP appropriately named RTPInject. The tool, with zero setup prerequisites, allows an attacker to inject arbitrary audio into an existing conversation involving at least one VoIP endpoint. RTPInject automatically detects RTP streams on the wire, enumerates the codecs in use, and displays this information to the user. The user can then select an audio file they wish to inject into the targeted RTP stream. The presentation will provide a walkthrough of the easy three step process: view, click, and inject.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapting quickly to stay ahead of the ever evolving security ecosystem. This team also provides forward looking security guidance to product teams within Microsoft, impacting products that have and have not shipped and ultimately helping to protect Microsoft customers from getting their systems compromised by building more resilient software. During past few years he has worked on some of the high profile security flaws, overseeing investigation, production and release of up to 20 Microsoft's security bulletins per year. Prior to joining Microsoft he was doing academic research in reverse engineering and code obfuscation techniques.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a fixed timeframe. Unlike the protocols that comprise the internet as a whole, these haven't been scrutinized to death for security flaws. They're written with performance in mind and security is often just an afterthought, if present at all. And there are dozens of them, with names you may have never heard of before... This talk will discuss the security implications of the protocols and technologies used by the financial industry to maintain the beating heart of capitalism. We'll take a look at some of the most popular protocols used by financials to execute billions (trillions!) of dollars worth of trades, discuss the flaws inherent in them, some of the implementation flaws in them, and discuss how hiding your money under your mattress might not be the worst idea. Jeremy Rauch For over 10 years Jeremy Rauch has been at the forefront of information security. An original member of the ISS X-Force and a co-founder of SecurityFocus, Jeremy is the discoverer of numerous security vulnerabilities in widely-deployed commercial products. Jeremy is also a former principal engineer for optical switching at Tellium.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security, home of BinDiff and BinNavi. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security. While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he's worked on include seminal research on generic unpacking. Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering tools such as pydot, pype, pyreml and idb2reml.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe a number of alternative analysis techniqes that leverages techniques adopted from statistics, AI, data mining, graphics design pattern recognition and economics. We will also show how security researchers can utilize tools from other disciplines to extract valuable findings to support security research work. This presentation hopes to be an eye opener for security practitioners that there are many more techniques, tools and options beyond the security research field that they can use in their work. Hopefully, this will be the groundwork for a cross-discipline collaborative project that will help identify more techniques for security research and analysis. Some techniques that we will talk about is the use of various clustering algorithms to classify attacks. Predicting attacks by using learning algorithms, detecting attacks through artificial intelligence, determining attack trends using pattern recognition and advanced visualization for attack analysis. Among the tools that we will demonstrate are readily available open source tools like WEKA, Tanagra, and R Project that have not been traditionally used in security research but has great potential in security research. This presentation will be useful for those in security research, honeypot development and forensics.…
B
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world.…
Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.
Gå med i världens bästa podcast-app och hantera dina favoritshower online och spela dem offline på våra Android och IOS-appar. Det är gratis och enkelt!