Security/BlackHat 2012: Difference between revisions
< Security
Jump to navigation
Jump to search
| Line 13: | Line 13: | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap] -''Who is attending, if anyone? Name here'' | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] -''Who is attending, if anyone? Name here'' | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] -''Who is attending, if anyone? Name here'' | ||
For Gaia/WebAPI folks some attacks on Chrome extensions that may | For Gaia/WebAPI folks some attacks on Chrome extensions that may | ||
| Line 37: | Line 29: | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Serna "The Info Leak Era on Software Exploitation"] (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) -''Who is attending, if anyone? Name here'' | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Serna "The Info Leak Era on Software Exploitation"] (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) -''Who is attending, if anyone? Name here'' | ||
New defensive features of Win8 we should consider using. Some may be | New defensive features of Win8 we should consider using. Some may be | ||
| Line 57: | Line 45: | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyros "PRNG: Pwning Random Number Generators (in PHP applications)"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyros "PRNG: Pwning Random Number Generators (in PHP applications)"] | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Alonso Owning bad guys and mafia with javascript botnets] - who doesn't love a botnet that uses javascript? | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Alonso Owning bad guys and mafia with javascript botnets] - who doesn't love a botnet that uses javascript? | ||
''July 26'' | ''July 26'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan Hacking with WebSockets] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Oh Recent Java Exploitation Trends and Malware] - Java malware, sandboxes, etc. | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Oh Recent Java Exploitation Trends and Malware] - Java malware, sandboxes, etc. | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Purviance "Blended Threats and JavaScript: A Plan for Permanent Network Compromise"] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Sabanal "Digging Deep Into The Flash Sandboxes"] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Philput Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance] - Makes sense for security folks | |||
=== DEFCON Sessions === | === DEFCON Sessions === | ||
Revision as of 00:57, 20 July 2012
Black Hat & DEFCON 2012
This is to track organization and attendees for Black Hat and DEFCON 2012 security conferences this coming Summer. Black Hat is at Caesars Palace and DEFCON is at the Rio.
Dates
Black Hat is from July 21 through 26, 2012. DEFCON 20 is from July 26 through 29.
Sessions to be covered
Black Hat sessions
July 25
- Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap -Who is attending, if anyone? Name here
- Google Native Client - Analysis Of A Secure Browser Plugin Sandbox -Who is attending, if anyone? Name here
For Gaia/WebAPI folks some attacks on Chrome extensions that may have relevance to types of attacks we face on apps.
- "Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil" -Who is attending, if anyone? Name here
For the B2G folks there are a couple that might help us with our phone designs. If nothing else they may inform our testing.
- "Advanced ARM exploitation" -Who is attending, if anyone? Name here
- "Scaling Up Baseband Attacks: More (Unexpected) Attack Surface" -Who is attending, if anyone? Name here
- "Don't Stand So Close To Me: An Analysis of the NFC Attack Surface" -Who is attending, if anyone? Name here
Defeating ASLR through info leaks, and how to cause them.
- "The Info Leak Era on Software Exploitation" (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) -Who is attending, if anyone? Name here
New defensive features of Win8 we should consider using. Some may be compiler/linker features that will help on other versions of windows, too.
For the privacy geeks -- decloaking "private browsing" among other ways to track people.
A wildcard... Math.random() isn't crytographically secure, could we be vulnerable to anything like these PHP issues? If you go bring your open mind and wear your brainstorming hat.
- "PRNG: Pwning Random Number Generators (in PHP applications)"
- Owning bad guys and mafia with javascript botnets - who doesn't love a botnet that uses javascript?
July 26
- Hacking with WebSockets -Who is attending, if anyone? Name here
- HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits -Who is attending, if anyone? Name here
- Recent Java Exploitation Trends and Malware - Java malware, sandboxes, etc.
- "Blended Threats and JavaScript: A Plan for Permanent Network Compromise" -Who is attending, if anyone? Name here
- "Digging Deep Into The Flash Sandboxes" -Who is attending, if anyone? Name here
- Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance - Makes sense for security folks
DEFCON Sessions
July 27
July 28
- Beyond the War on General Purpose Computing: What's Inside the Box? - Cory Doctorow Keynote
- Owning Bad Guys And Mafia With Javascript Botnets - Repeat of BH talk if you're interested and missed it.
July 29
dinners/meetups
Tuesday Night Dinner Sign Up
8:30 PM ??
- Joe Stevensen
- Eric Parker
- Guillaume Destuynder
- Gary Kwong
- Adam Muntner
- Ben Kero
- Brian Hourigan
- Anthony Hughes
- Jorge Villalobos
- Kevin Brosnan
- John Morrison
Wed Night Dinner Sign Up
8:30 PM ??
- Joe Stevensen
- Michael Herny :tinfoil
- Gary Kwong
- Ben Kero
- Brian Hourigan
- Anthony Hughes
- Jorge Villalobos
- Kevin Brosnan
- Marshall Moutenot
- John Morrison
Thurs Night Dinner Sign Up
8:30 PM ??
- Joe Stevensen
- Gary Kwong
- Ben Kero
- Brian Hourigan
- Anthony Hughes
- Jorge Villalobos
- Marshall Moutenot
Friday Night Dinner Sign Up
8:30 PM ??
- Joe Stevensen
- Gary Kwong
- Ben Kero
- Brian Hourigan
- Anthony Hughes
- Jorge Villalobos
- Marshall Moutenot
Sat Night Dinner Sign Up
8:30 PM ??
- Joe Stevensen
- Gary Kwong
- Ben Kero
- Brian Hourigan
- Anthony Hughes
- Jorge Villalobos
Attendees
Enter your name below if you plan on attending one or both conferences.
| Name | Black Hat? | DEFCON? | Arrival Date | Departure Date |
|---|---|---|---|---|
| Al Billings | Yes | Yes | ? | ? |
| Raymond Forbes | Yes | Yes | 2012-07-24 | 2012-07-30 |
| Joe Stevensen | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Gary Kwong | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Guillaume Destuynder | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Jorge Villalobos | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Adam Muntner | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Michael Henry :tinfoil | No (going to BSidesLV) | Yes | 2012-07-24 | 2012-07-30 |
| Jesse Ruderman | Yes | Yes | ? | ? |
| Anthony Hughes | Yes | Yes | 2012-07-24 | 2012-07-30 |
| John Morrison :jrgm | Yes | No | 2012-07-24 | 2012-07-27 |
| Kevin Brosnan :kbrosnan | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Ben Kero :bkero | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Brian Hourigan :digi | Yes | Yes | 2012-07-24 | 2012-07-29 |
| Marshall Moutenot :mmoutenot | Yes | Yes | 2012-07-24 | 2012-07-29 |
Conference registration numbers for attendees
hotel reservation confirmations
Flight planning
| Name | Outbound Flight | Return Flight | Notes |
|---|---|---|---|
| Joe Stevensen | VX906 Arrives 7/24 14:55 | VX905 Departs 7/29 11:00 | |
| Guillaume Destuynder | VX906 Arrives 7/24 14:55 | VX905 Departs 7/29 11:00 | |
| Kevin Brosnan | VX906 Arrives 7/24 14:55 | VX901 Departs 7/29 09:20 | |
| Al Billings | VX260 Arrives 7/24 13:35 | VX915 Departs 7/29 17:30 | |
| Jorge Villalobos | UA1608 Arrives 7/24 22:01 | UA1254 Departs 07/29 01:16 | |
| Ben Kero | AS620 Arrives 7/24 20:06 | AS621 Departs 7/29 20:50 | |
| Anthony Hughes | WJ1788 Arrives 7/24 12:53 | WJ1789 Departs 7/30 13:45 | |
| Marshall Moutenot | SW1797 Arrives 7/24 21:25 | SW2352 Departs 7/29 16:05 | |