.

Black Hat USA 2007

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 14, 2007 12:07 am

Black Hat USA 2007

Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas • July 28-August 2, 2007


Training: July 28-29 (Weekend) & July 30-31 (Weekday)
Briefings: August 1-2

Black Hat USA 2007 Briefings Schedule. There will be 10 different tracks, over 2 days comprised of over 90 renown information and computer security professionals. Topic titles, abstracts and speaker bios may be found here.

Caesars Palace, Las Vegas, NV, USA
Address: 3570 Las Vegas Blvd South, Las Vegas, NV 89109
Telephone: +1 702 731 7110

For more info:
http://www.blackhat.com/html/bh-usa-07/ ... index.html

Although much more commercial than it used to be, this has become the premier event for hackers. Anyone attend in the past or plan on going this year, let us know. Keep in mind, this hsow and DEFCON (Aug 3 - 5) are purposely scheduled together in Vegas. As mentioned on their site:

Paid delegates of the Black Hat Briefings USA will receive free admission to DEFCON 15.


2 for the price of 1!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Mar 20, 2007 12:47 am

Re: Black Hat USA 2007

Black Hat USA 2007 has become the second of many events that EH-Net will be sponsoring. Needless to say, we are very happy that we are going to be a part of the largest and most well known hacker event in the world.

Among other items like logo placement at the event, literature placement, press coverage, etc. Black Hat has also agreed to sponsor the Free Monthly Giveaway for June. The prize? How about a passport ticket to the briefings worth $1595. Although this is not the highest monetary value prize we have offered, I'm confident it will be one of the most coveted.

So start participating in the forums now! All participation from now until the end of June will be watched carefully to pick just the right representative from EH-Net.

Hope you're as excited as we are,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Tue Mar 20, 2007 8:00 am

Re: Black Hat USA 2007

Thats friggin awesome man!! I've never been to either conference, because something always seems to come up. I need to start pressuring my boss today so I can go this year
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jul 30, 2007 10:34 pm

Re: Black Hat USA 2007

Well, I'm off to BH tomorrow. Should be a blast. I'm very tired as I designed a full page, full color handout for ChicagoCon and new business cards for The Digital Construction Company. The people at Black Hat were nice enough to allow us to place the handouts on the literature tables at their event. And with the BeerCall, I figured that I might as well attempt to look professional with new stuff.

Let us know if you're going to Black Hat, even if you can't make the BeerCall with us and LSO on Thursday night. PM me and I'll let you know where we'll be.

Congratulations again for the free ticket, Kev. See you there!!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Tue Jul 31, 2007 12:25 am

Re: Black Hat USA 2007

Looking forward to meeting every one and thanks again for the ticket.  Don, we are planning on hacking the casino slot machines while we are there right?  Ha Ha, just kidding, I don’t plan on getting any where near those things.
;)
<<

LSOChris

Post Tue Jul 31, 2007 8:46 am

Re: Black Hat USA 2007

play blackjack instead
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Jul 31, 2007 3:05 pm

Re: Black Hat USA 2007

I am in town now.. :)
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

LSOChris

Post Tue Jul 31, 2007 3:08 pm

Re: Black Hat USA 2007

i'll be there tomorrow. whoo hoo ;D
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri Aug 03, 2007 12:22 pm

Re: Black Hat USA 2007

Lucky bastards ... How was it?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 03, 2007 9:34 pm

Re: Black Hat USA 2007

I'll be posting some thoughts soon on both Black hat Days 1 and 2 as well as DefCon.

Suffice it to say that we are having a blast, and it's awesome to meet a lot of the people face-to-face that I converse with often through electronic means.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Sat Aug 04, 2007 3:42 pm

Re: Black Hat USA 2007

I will write a review of my impressions of the event were.  It was great meeting up with Don, Brian and Chris as well as a number of others. Thanks again guys and I look forward to hooking up with you all again in the future.
<<

Kev

Post Sun Aug 05, 2007 9:05 pm

Re: Black Hat USA 2007

Black Hat was an interesting event and I enjoyed a lot.  It differs from Defcon in a number of ways.  Mostly by the people attending and awesome food they made available.
As far as I could tell, most people attending seemed like a little more seasoned and professional than the mix you get at Defcon.  Defcon has a huge range from teenage script kiddies to high level hackers and everything in between.  Other than that, I couldn’t say as far as speakers go, one is tremendously better than the other and Black Hat is the kind of convention you should attend if you have someone else paying for it. I didn’t attend Defon this time and I am making those statements based on past experiences.

The convention began with a lecture from Richard Clarke, former advisor to the US National Security Council and it seemed to play well to the audience. His lecture was a mix of government bashing along with hopes for great strides in technology that might take place in the future.

My first briefing was “Understanding the heap by breaking it” by Justin Ferguson.  He spent a lot of time on Double Free ( ) limitations and possibilities and the advantages of fast bin chunks over normal chunks. Perhaps a bit too much time and it was unfortunate he was unable to show any code, which he did apologize for.

Next briefing was “Database Forensics” by David Litchfield.  His lecture was centered on Oracle and he did a good job showing the difficulty in analyzing that database when breached. He mentioned that there are no data specific forensic tools available on the market Most everything he displayed was in hex and he said he hoped to soon have a tool written to help eliminate so much manual forensic inspection which can be very tedious.  He did a SQL injection attack and then did a forensic on the database.

Certainly one of the most popular briefings was “Tactical Exploitation” by H.D. Moore of Metasploit fame.  He did a nice walk through of compromising an organization without the use of normal exploit code. A number of tools are not available yet but should be soon as new modules for Metasploit.

For me the most interesting lecture was “Simple solutions to complex problems from the lazy hackers handbook” by David Maynor and Robert Graham. Robert Graham gave his Web 2.0 hijacking presentation to a packed audience . The audience erupted with applause and laughter when Graham used his tools to hijack someone’s Gmail account during an unscripted demo. The victim in this case was using a typical unprotected Wi-Fi Hotspot and his Gmail account just popped on the large projection screen for the audience to see.  I was wondering if he had just committed a felony by opening up the unsuspecting victim’s email account, lol?  First he captures the Wi-Fi signals using his laptop and a tool called Ferret which he wrote earlier this year. The tool grabs Cookies and Session IDs from your Web Browser session sent over the air and stores it.  Then, Graham fires up his new tool called Hamster which will process those Session IDs and Cookies so that they’re ready to clone. Once the identity is cloned, the attacker is able to jump on to online services like Gmail masquerading as the victim with full access to read and send email on behalf of the victim.  Also, the attacker can go to maps.google.com and find the victim’s personal information like home address if it’s saved in to Google Maps. Since the session key doesn’t expire in email accounts like yahoo or hotmail, it doesn’t matter if the victim changes his password. Graham claims he can still log in, even for years later. 

In reality the highlight was meeting up EH-net members Don, Brian and Chris. Also, Don and I had a great lunch with the people from Backtrack-Offensive Security, Muts and Ziplock.  2 great guys and they are working on getting Backtrack 3 out as soon as they can. 
Last edited by Kev on Mon Aug 06, 2007 1:50 pm, edited 1 time in total.
<<

Ashu

Post Sun Aug 05, 2007 9:21 pm

Re: Black Hat USA 2007

black hat event?r u all black hat or white hat???coz i saw the community name  is ethical hacker...so pls tell me...
<<

Kev

Post Sun Aug 05, 2007 10:02 pm

Re: Black Hat USA 2007

I think they call it Black Hat for marketing reasons because its really for security professionals involved in protecting networks,etc... I would be surprised if there were too many real "Black Hats" there.
<<

Ashu

Post Mon Aug 06, 2007 3:36 am

Re: Black Hat USA 2007

oh okei.... ;)

Return to Calendar Of Events

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software