.

Black Hat Europe 2010

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Apr 08, 2010 9:54 am

Black Hat Europe 2010

Black Hat Europe 2010
Training: April 12 - 13 | Briefings: April 14 - 15
Barcelona, Spain


The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment.

Venue

Hotel Rey Juan Carlos
Avinguda Diagonal 661
08028 Barcelona, Spain

For more info:
http://www.blackhat.com

Don
Last edited by don on Thu Apr 08, 2010 9:58 am, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

jose.pico

Newbie
Newbie

Posts: 1

Joined: Wed Apr 21, 2010 6:48 am

Post Wed Apr 21, 2010 6:57 am

Re: Black Hat Europe 2010

I had the opportunity to attend the Barcelona Black Hat Europe 2010 briefings, in April 14th and 15th 2010, enjoying a distinct international-nature event, eleven talks with a very strong technical background and a knowledge-sharing speaker attitude, and a quality and respectful audience. If you combine that with a diligent and professional organization, you will have a very interesting security event, that I’m summarizing in this post.
We started day 1 with Max Mosley’s talk about Facebook’s security strategy and his strong message: they will diligently pursuit every attack against them. After that “warning to sailors”, I attended all the sessions I could; in order not to extend this post, I will only comment a few of the talks.
Christopher Tarnovsky told us about his 6-months work Hacking the Smart Card Chip, it was amazing to see how he broke into the SmartCard HW looking for a data bus that could hold the data “in clear”. After a tremendous effort identifying the micron-width cables that hold such data and making a map of these areas of the chip, then he had to connect needles into these tracks and listen to the traffic. He told how difficult and delicate this task could be. Once the hardware problem was solved, he showed how he not only can listen, but also modify the bits that are running into it in order to get rid of some SW protections (like the introduction of random idle cycles). Finally, he showed us the assembler code obtained from the chip. At that point, someone asked where the exploit was… Well I think that after all his HW work, extracting the right data from the assembler flow would appear as a toy play for Cristopher. This man has my admiration, not only for the good work, but for his faith in the idea that he will find what he was looking for, that he didn’t loose during his 6-months research.
The last presentation that I attended on day 1 was State of Malware, from Peter Silberman and Ero Carrera. What I would like to remark from this presentation is the approach of these gentlemen to the problem of classifying malware into families, thus trying to be able to answer, without analyze it, some questions: the behavior of the malware or its characteristics, the way and reasons they evolve, code re-utilization, etc. They use automatic code analysis to find similarities between code and classify them into families. They presented their results in a very transparent way: they don’t’ claim to have definite or conclusive results, but some conclusions regarding commonalities and relationships between malware families are interesting…
On day 2 one of the talks that I enjoyed most was the one performed by Haifei Li and Guillaume Lovet on Adobe Reader’s Custom Heap Management Exploitation. In this talk, the audience followed this guys in the way they exploited the heap management implemented in Adobe Reader in order to be able to execute code in the target machine. Audience could see the technical deep details of the technique used, explained in a way easy to follow for everyone.
The last talk I would like to summarize is the one of Moxie Marlinspike about Changing Threats to Privacy. The first interesting thing was the structure of the talk: the speaker started with a social approach to the problem of privacy to guide the audience to a point where a solution to annonymize our access to Google and to change the way we use PGP is needed. After that point, he explained some solutions related to that problem.
All related materials are –or will shortly be- in the BlackHat home page, so if you’re interested you can access them and go in-depth on every topic.

Jose
Jose Pico
Founder & Senior Security Analyst
Taddong
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Wed Apr 21, 2010 9:27 am

Re: Black Hat Europe 2010

One day I will go there too :) (when money allows)
Thanks for the review!
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Apr 21, 2010 9:41 am

Re: Black Hat Europe 2010

Hey Jose,

Glad you could take advantage of Raul's free ticket from EH-Net and thanks for the write-up.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Calendar Of Events

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software