BlueHat Security Briefings: Spring 2008 Sessions and Interviews
The spring Microsoft BlueHat Security Briefings event was held on May 2, 2008. View interviews with the presenters, and read the session descriptions and speaker bios below.
Find out more about BlueHat.
This talk will expose the tools and tactics used by the phishing underground. It's really a new look at an old problem. Follow us as we track real life phishers hiding in the shadiest corners of the Internet, analyze the tools used by phishers, see how phishers "phish" other phishers, and discover the sites where real life identities are being bought and sold…
The specific topics covered by this talk will include: how phishers set up a phishing site, a look at the backdoors used by phishers, determining how phishers get identity information, a thorough look at the tools used by phishers, and a detailed look at the sites used to buy and sell stolen identities.
Billy Rios lives in a phish bowl and is constantly being sent e-mails from acquaintances all over the world. Billy has won the Internet lotto several times, is expecting large sums of abandoned money from a long lost relative in the Congo, and has received checks accidentally made out for $30,000 instead of $30.
Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at Ernst & Young LLP where he leads their Application Security Services efforts. Dhanjani is responsible for evangelizing new application security service lines, ensuring current service lines stay bleeding edge, and helping enterprises develop world-class application security strategies.
Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed and taught Foundstone's Ultimate Hacking security courses.
Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security"(Osborne McGraw-Hill). Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, and OSCON.
Dhanjani graduated from Purdue University with both a Bachelor’s and a Master’s degree in Computer Science.
|Web browsers are becoming almost as complex as operating systems, and just as prevalent, and yet we know so little about them. This talk will examine the parts of browsers and plug-ins that lead to Web applications being exploitable on the client-side.|
Alex *kuza55* K.
Alex *kuza55* K. has been an active member of the Web application security research community for the past several years, publishing several well-regarded papers and presenting his findings recently at the 24th Chaos Communications Congress computer security conference in Berlin. Alex is an Associate at SIFT where he gets paid to break things, and in his spare time as an independent security researcher, breaks things for the fun of it. Alex's current fascination is with the serious, the fun, and the crazy functionality creeping into Web browsers, and the ancient functionality that is not being removed.
A Resident in My Domain
No downloading required, no user confirmation, no ActiveX. In other words: no strings attached. We will examine the power of a resident script and the power of a global cross-domain. Also, we will go through the steps of how to find cross-domains and resident scripts.
Manuel Caballero is a security researcher with particular interest in Web browsers and plug-ins. He has worked for an online ad agency as the developer of all "evil" tricky scripts: cross-domains, popup blocker bypasses, resident scripts, etc. He is currently working at Microsoft as a Penetration Tester of products like Internet Explorer, Silverlight, Gadgets, etc.
Fukami works as a security consultant for a Cologne (Germany) based company, SektionEins. His main focus is Web application security. He is founder of a project dedicated to RIA, and especially Adobe Flash security-related topics, called FlashSec.
Unweaving Silverlight from Flash
The second part of the talk will be a step-by-step analysis comparing the security of Silverlight and Flash. Similarities and differences such as security sandboxes, requests and sockets handling, cross-domain policies, and persistent storage will be discussed, including attack scenarios.
This presentation is about a new technique for elevating privileges on Windows, mostly from services. This technique exploits design weaknesses in Microsoft Windows XP, Windows Server 2003, Windows Vista, and even Windows Server 2008.
The presentation will explain how it’s possible in Windows XP and Windows Server 2003 to elevate privileges to LOCAL SYSTEM from any process that has impersonation rights, and how it's possible in Windows Vista and Windows Server 2008 to elevate privileges to LOCAL SYSTEM from processes running under NETWORK SERVICE and LOCAL SERVICE accounts, demonstrating that running code under NETWORK SERVICE or LOCAL SERVICE is nonsense since it's always possible to end up running code under LOCAL SYSTEM account. It will also show zero-day code for elevating privileges in SQL Server 2005 and Internet Information Services 6 and 7.
Cesar Cerrudo, is a security researcher and consultant specializing in application security. Cesar runs his own company, Argeniss ( www.argeniss.com). Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database, application security, attacks, and exploitation techniques, and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, and HITB. Cesar collaborates on and is regularly quoted in articles in online publications such as eWeek, ComputerWorld, etc.
|This is perhaps the first comprehensive presentation that combines two important topics: how to exploit antivirus software, and how to audit it. People have indeed talked about antivirus security before; however, talks have either been from the reverse engineering point of view, or they have failed to mention exploitations and tended to lack technical detail.|
This talk will concentrate on: why antivirus security is critical; why antivirus software is full of holes; what are the ways in which attackers can exploit antivirus vulnerabilities; how to audit antivirus software; and what exactly the vendors, researchers, and end-users should do. This talk will also seriously question the security of "security products": AV, firewall, IPS, IDS, etc.
Sowhat says: "I hope the developers can learn something from my presentation and know how to make Forefront and Antigen more secure than the other antivirus software."
Sowhat is a Technical Lead at Nevis Labs. His emphasis is on uncovering vulnerabilities and analyzing them. He has discovered over 30 vulnerabilities in popular applications from companies like Microsoft, Symantec, Apple, Trend Micro, HP and Real Networks, among others.
Sowhat is also a frequent speaker at conferences and has presented at XCON 2005. He was scheduled to present at 22C3 and PACSEC, but unfortunately had to cancel due to personal reasons. He will give a presentation on Blackhat Europe 2008, Holland, on March 26th.
|In the interest of improving the transparency of Microsoft processes within the security community — and having been offered complete immunity from any disciplinary action — Bryan will be talking about his experiences in his first 30 days as a Microsoft employee. Is "Microsoft Security Grunt" really the 6th worst job in the world (just slightly better than elephant vasectomist)? Come find out the truth firsthand.|
Bryan Sullivan is a Security Program Manager at Microsoft. He is a frequent speaker at industry events including RSA Conference and Black Hat, and is a published author on Web application security topics. His first book, "Ajax Security," was published by Addison-Wesley in 2007.
|The Vulnerability Economy Panel takes an in-depth look into the world of buying and selling vulnerabilities with diverse perspectives from our various panelists. The panel will provide an overview of the current market while explaining the differing roles panelists play within this market. Microeconomics, macroeconomics and efficient markets will all be touched upon.|