Black Hat Windows Security 2003
details Current Sponsors for Black Hat Briefings Europe 2003
Topic descriptions are listed alphabetically by speaker.

Vivisection of an Exploit Development Process: What To Do When It's Not Easy
David Aitel, Immunity, Inc.

Dave will take you from beginning to end in the development of the Microsoft Content Server buffer overflow vulnerability. This talk will go over each stage of the attack, with each problem directly addressed, including shellcode, unicode filtering, and executing multiple stage attacks.

Prerequisites: Basic knowledge of x86 assembly or the ability to learn it on the fly.

Dave Aitel has spent 3 years in the private sector researching vulnerabilities, after six years working with the NSA. He is currently running Immunity, Inc., a NYC based consulting and security services firm. Immunity is best known for its donations of SPIKE and SPIKE Proxy to the security community.

Return to the top of the page

Lawful Interception of IP: The European Context
Jaya Baloo

Lawful Interception (LI) is currently in development internationally and the area of IP interception poses significant regulatory, as well as implementation, challenges. The presentation attempts to elucidate major legal and technical issues as well as citing the vendors, operators and governments involved in creating the standards and solutions.

In the European context, all EU countries have been mandated to have LI capabilities in place and be able to provide assistance to other member states when tracking transborder criminals. Public Communications Providers must tread warily between privacy concerns and LI requirements. Especially with the new talks concerning Interpol, Enfopol, & Data Retention, communication over public channels is anything but private. The conditions for interception and the framework for oversight are not widely known.

As LI in Europe presents an example for the rest of the world attention should be given to the changing face of EU legislation. This is relevant not only to the EU expansion but also concerns EU influence over her eastern and western allies.

Jaya Baloo (CCNP, CISSP) has been working in InfoSec for 5 years, starting at Unisource in The Netherlands. After moving to KPN Telecom, she has worked internationally for the Dutch Telecom Operator in Namibia, Egypt, Germany, and Costa Rica designing secure IP infrastructures for national operators. More recently she has worked in Prague for Czech Telecom on Lawful Interception.

Return to the top of the page

BSD Heap Smashing

Many recently reported vulnerabilites involve heap corruption. Their exploitability under the BSD family of operating systems is rarely discussed, because such a discussion would most of the time require a deep understanding of the BSD memory allocator.

The aim of this speech is to provide the audience with such an understanding. The inner workings of the Poul-Henning Kamp's allocater will be detailed, and sample heap corruption exploitation techniques discussed. An exploitation technique for a real life flaw will at last be rediscovered, and the code of an exploit for the vulnerability will be commented.

BBP developed his programming skills by coding tiny demos during several years. He then discovered networking technologies, the Internet, and the Unix like operating systems as a voluntary administrator of a campus network and free software contributor. He currently works for a security company, performing pen-tests and writing exploits.

Return to the top of the page

Generic Technical Defences
Shaun Clowes, IT Director, SecureReality

It seems like the flow of new serious vulnerabilities in common software never stops. Administrators are getting caught up in an endless patch race, trying to keep their critical systems safe from known vulnerabilities without applying patches that break their important applications. They're caught trying to catch up when there are unknown numbers of holes that aren't even public yet being exploited. All the while their homogenous, unarmoured operating systems and applications provide a soft target for even point and click exploits.

It doesn't have to be that easy. In recent years a large number of new technologies and products have been introduced that try to generically stop attacks against applications. These solutions, alone or together can form a very effective shield from both known and unknown attacks. This speech will examine a number of generic defence products, describing how they work, what they achieve and where their strengths and weaknesses lie.

The second part of the speech takes a different tack, based on the idea that simple userland tools and kernel modules can remove some of the homogenity that makes systems so easy to attack. By making the target behave in strange and unexpected ways, attacks can be confused and stifled, while having little to no impact on the system itself. Though not the equal of the heavy armour of the technical protections described in the first portion of the speech, these approaches can help deter less determined attackers using automated exploits.

Shaun Clowes is the IT Director of SecureReality, a small cutting edge security consultancy based in Sydney, Australia. Shaun holds an honors degree in Computing Science from the University of Technology Sydney and has a wide technical background in IT including Unix systems programming, networking and systems/security administration. Shaun leads the vulnerability research arm of SecureReality which is broadly exploring the security landscape testing both the obvious targets and the glue that holds everything together.

Return to the top of the page

Security Issues in P2P File Distribution
Bram Cohen, author, BitTorrent File Distribution System

There are three major types of security concerns in any file distribution system - denial of service, attacker corrupting the file, and opening up of a remote exploit. This talk will go over how even HTTP-based file distribution is susceptible to all three, and how Napster-style p2p distribution makes the possibilities of all three worse. However, it will encouraging new results in the security implications of using BitTorrent, and show how BitTorrent results in a modest increase in susceptibility to denial of service without significantly changing the other risks when compared to HTTP.

Bram Cohen is the author of the highly successful BitTorrent file distribution system, and formerly worked on Mojo Nation. He has extensive experience with both cryptography and networking protocols.

Return to the top of the page

Pocket PC Phone Security
Job de Haas, Technical Director, ITSX

The use of PDA's has seen a huge increase in corporate businesses over the last few years. The latest developments are the integration of mobile phones and PDA's. This presentation will discuss the use such devices are seeing and the risks associated with it. Both hypothetical as real scenarios will be shown. As example the XDA (also known as T-mobile PDA, Qtek or Siemens SX 45 ) will be used. Internal aspects of the ARM based PocketPC Phone Edition are shown as well as how the phone part is connected to it. Examples from simple applications such as unlocking the phone to more complicated attacks will be demonstrated.

Job de Haas got involved in the area of Internet and security in 1991, during his studies in Electrical Engineering, when he responded to internet providers offers to hack their sites and win a free account. Following post-graduate studies in Control Engineering and three years of work in aerospace robotics at the Netherlands National Aerospace Laboratory, he worked for DigiCash, where he acquired experience in cryptographic techniques used in secure, anonymous payment systems for the Internet. Now, after leading ITSX for five years, Job moved to the position of Technical Director where he leads and supervises the penetration testing teams.

Return to the top of th page

$tea£ing with BGP
Stephen Dugan, CCSI

This talk will illustrate the vast amount of harm that could be done IF the BGP routing tables were manipulated. BGP, the routing protocol used between ISPs, is used to maintain the routing and Autonomous System Path information throughout the entire internet. Currently there are around 120,000 networks, subnets, and aggregates in the BGP tables. The inadequacies of BGP-4 have been obvious since a time shortly after being drawn up on a napkin. If we continue to use BGP as-is we will suffer much bigger problems than what happened with AS7007 (Florida ISP took down most /24 prefixes). S-BGP has been in draft form for much too long. BGP can be effectively used for DoS attacks, Server Masquerading, or bring down large sections of the internet. By illustrating the most harmful possibilities of BGP misuse, we might be able to push for a better BGP solution today.

Stephen Dugan is currently an independent contract instructor and network engineer. He has been teaching Cisco networking for the last 3 years focusing on Router and Switch configuration, Voice/Data integration, and Network Security. His students come mostly from Fortune 500 companies and large service providers. He also teaches private internal classes to Cisco Employees. As a Sr. Network Engineer he has worked on the design and implementation of large enterprise, government contractor, and service provider networks. He is also working on a new series of security books entitled "Hacker Attacktecs." The first three planned books will cover Windows, Unix/Linux, and Cisco exploits and how to defend against them.

Return to the top of the page

DDoS Mitigation and Analysis at the Infrastructure Level
Nicolas Fischbach, Senior Manager, European IP Security Engineering, COLT Telecom & Co-founder Sécurité.Org

Denial of Service attacks are shifting from end systems towards the core devices of large (Cisco) networks. Even if these devices are designed to forward a large number of PPS (packets per second), they usually tend to be much more sensible to high rates of packets or attacks targeted
at the router itself.

We will look at how to prepare the core to make it more attack resistant so that when an end system is under attack the impact on the transit network is reduced:

  • "ACLs in the core" 101 and the new IP receive ACL feature
  • Packet queueing strategy
  • Software (CPU) vs hardware (ASIC) path for packets
  • Engines, etc.

To detect attacks, most of the deployments rely on Netflow data. We'll look at alternatives like in-line devices (infrastructure vs data center approach), how to improve Netflow scalability by using sampled data, and also pros and
cons of Netflow depending on the hardware in use.

After looking at the routers as targets, we'll look at router misuses to launch attacks. Cisco router forensics (and vulnerabilities) are becoming more and more important, and forensic readiness for these devices is key for traces availability. We'll go through the preparations steps, analysis steps and which evidence to look for.

Nicolas Fischbach is a Senior Manager, in charge of the European IP Security Engineering team at COLT Telecom, a leading provider of high bandwidth data, Internet and voice services in Europe.

He also manages the Swiss IP Engineering team, and after participating to the deployment of the Swiss IP network and Internet Solution Center, he helped to create the security and network unit of the Professional Services departement. He holds an Engineer degree in Networking and Distributed Computing.

Nicolas is also co-founder of Sécurité.Org a French speaking portal on computer and network security. He's a frequent speaker at technical and security conferences, teaches networking and security courses at various universities and engineering schools, and also publishes articles. More details and contact information on his homepage.

Return to the top of the page

Data Flow Analysis
Halvar Flake, Reverse Engineer, Black Hat Consulting

Description to follow

Halvar Flake is Black Hat's new resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.

Return to the top of the page

Design and Software Vulnerabilities in Embedded Systems
FX, Phenoelit

The speech covers design issues and software vulnerabilities in embedded systems. The exploitation of design failures will be presented using HP network printers as an example - including getting access up to the point where the printer becomes an attack platform itself. Additionally, exploitation of software vulnerabilities will be covered by discussing multiple ways to write actual exploits for Cisco Internetwork Operating System (IOS).

FX of Phenoelit is the leader of the German Phenoelit group. His and the group's primary interests are in security implementations and implications of standards or less-known protocols. FX works as a Security Solution Consultant at n.runs GmbH.

Return to the top of the page

Runtime Decompilation
Greg Hoglund, HBGary, LLC.

Pure static analysis of machine code is both time consuming and, in many cases,incapable of determining control flow when branching decisions are based on user-supplied input or other values computed at runtime. Other problems include the lack of type information or the inability to identify all instructions. Although difficult if not impossible to solve using static analysis, many specific problems can be solved by running the program and observing its behavior. Hoglund presents a strategy that combines static analysis with runtime sampling to determine data flow and, more importantly, trace data from the point of user input to potentially vulnerable locations in code. His focus is directly on security auditing and techniques to significantly reduce the amount of time it takes to audit a binary executable. To get the most from this talk, attendees should have experience debugging code.

Greg Hoglund is a recognized speaker and business person working out of California. His work is focused on reverse engineering and exploiting software. Hoglund has developed several automated tools and commerical products. Hoglund most recently developed the fault-injection product called 'Hailstorm' and has now moved on to form a new company, HBGary, LLC. In his spare time, Hoglund hosts the popular internet site and takes his dog, Oreo, for walks on the beach.

Return to the top of the page

Honeynet Technologies: the Latest Technologies
The Honeynet Project: Job de Haas & Lance Spitzner

Focusing on Sebek and the latest advances in Honeynet Technologies. Includes a general overview of the Honeynet Project and Honeynet Technologies.

Return to the top of the page

Digital Information, User Tokens, Privacy and Forensics Investigations: The Case of Windows XP Platform
Larry Leibrock, Ph.D, Associate Dean, CTO, McCombs School of Business Administration, The University of Texas

Incident Response and IT Security practitioners are aware that normal user interactions with digital devices create, delete and typically leave a range of data, metadata and residue (termed tokens) on differing systems media. We seek to explore the Microsoft Windows XP as an illustrative platform to review how these tokens are created, discovered and perhaps cleaned using some generally available privacy tool sets.

This paper explores a field study that intends to review extant knowledge, determination of the range of user tokens and current forensics used to discover evidentiary findings. The field study focuses solely on two variants (Windows XP Professional and Windows Tablet PC) commercially available Windows XP platforms in networked settings.

The paper describes the Windows XP platform from these perspectives: files, registry, system folders, special folders, media and forensics processes. A review of present data-hiding techniques (cryptography and steganography) is presented and demonstrated. Finally a set of data destruction algorithms and tools are described.

Lastly in the context of a teaching case, a set of public policy perspectives are presented for discussion. The purpose of the case is to set out a dialogue about individual privacy rights, privacy of information, ownership of data, protection of sensitive information and legal investigative processes in democratic settings.

Discussion topics in the presentation include the following:

  • Investigation and Privacy of Digital Data and Introductory
    Forensics Investigations: Practices/Procedures
  • An International Forensics Case discussion - law - privacy - ethics - law enforcement
  • Microsoft Windows XP - Media typology and morphology of data
  • Data Caches - files - registry - folders - metadata derivatives
  • Networking artifacts and residue
  • Introduction to information hiding techniques, data wiping tools - special hardware - some special tools
  • Extant political - public policy - legal systems perspectives

Larry Leibrock, Ph.D., is a member of the McCombs Business School – The University of Texas faculty and serves as the Associate Dean and Technology Officer for the McCombs Business School. He has held or currently holds clinical teaching and research appointments at McCombs Business School, Institute for Advanced Technology, The University of Texas Law School, Emory University, Helsinki School of Economics and Monterrey Technologica in Mexico City and Monterrey. He is a member of IEEE, ACM, Internet Society, FIRST and USENIX/SAGE. He is also a member of the Department of Defense Software Engineering Institute and a participant in the Air Force Software Technology Conference. He is the founder and CTO for eForensics LLC, a private technical services firm.

He has experience in enterprise systems support, offensive/defensive systems security measures, systems security audits, and IT deployment projects in both governmental and corporate settings.

In clinical practice, he has served as the project manager in over IT projects in several US and international sites. He holds professional certifications in IT project management, Windows“, UNIX“, systems performance, computer security and networking. He has authored papers in the topics of information systems attacks, encryption, public key infrastructures, privacy, systems survivability and systems forensics.

He has won several University teaching awards and has served as an expert in a range of legislative matters, judicial testimony, and legal disputes. Larry has served as a Special Master for a Texas Court in the areas of systems management, systems survivability, security and protection of systems mechanisms.

Larry has delivered expert digital evidence testimony at both civil and criminal trials. He has testified for the Presidential Commission for Protection of Critical Information Infrastructure and the Senate Science Committee. He recently presented forensics testimony at an invitational conference for the Executive Office of the President. He presently serves on the Texas Infrastructure Protection Advisory Committee formed by the Attorney General of Texas. He is also appointed to the Board of Directors - Texas Department of Information Resources. Larry is active in IT industry and government systems consulting projects in the areas of systems forensics, enterprise IT operations, security and incident investigations.

Return to the top of the page

All New Oracle Ø-day: Attacking & Defending Oracle
David Litchfield, Founder, Next Generation Security Software

All new Ø-day.

David Litchfield is a world-renowned security expert specializing in Windows NT and Internet security. His discovery and remediation of over 100 major vulnerabilities in products such as Microsoft's Internet Information Server and Oracle's Application Server have lead to the tightening of sites around the world. David Litchfield is also the author of Cerberus' Internet Scanner (previously NTInfoscan), one of the world's most popular free vulnerability scanners. In addition to CIS, David has written many other utilities to help identify and fix security holes. David is the author of many technical documents on security issues including his tutorial on Exploiting Windows NT Buffer Overruns referenced in the book "Hacking Exposed".

Return to the top of the page

Security Analysis of Microsoft Encrypted File System (EFS)
Andrey Malyshev, ElcomSoft Co.Ltd.
Serg Vasilenkov, ElcomSoft Co.Ltd.

This speech covers security aspects of using Microsoft Encrypted File System (EFS). A complete security analysis of EFS will be presented. A very serious security hole is the result of this analysis. Any EFS-encrypted file could be decrypted without Administrator permission, only several files from Windows installation are needed. There will be a demonstration of EFS files decryption and a presentation of the new software product which does it automatically.

Key subjects/topics this talk covers:

  • What’s the EFS and how does it work.
  • Encryption algorithms used in the EFS.
  • Possible attacks to decrypt EFS-encrypted files
  • Demonstration of EFS security hole
  • Tools for EFS files decryption

Andrey Malyshev, Chief Technical Officer of ElcomSoft Co.Ltd. Graduated from Moscow Aviation University. Works for ElcomSoft about 5 years, 3 years as CTO.

Return to the top of the page

Designing Useful Privacy Applications
Len Sassaman, The Shmoo Group

During the past decade, the field of privacy enhancing technology has overcome many obstacles: from interference on behalf of numerous governments, to technological hurdles and deployment challenges.

We have entered the 21st Century with many of these challenges eliminated, but widespread use of privacy enhancing technology has yet to occur.

This talk will explain the reasons for this failure in user adoption of privacy technology, and will scrutinize several key areas that designers of PET systems have failed to address, including common protocol design mistakes, user interaction problems, and incorrect threat model assessments.

Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Len has been a strong defender of personal rights through technology. As a volunteer, he has lent his expertise to human rights organizations, victim support groups, and civil liberties organizations.

Len is an anonymous remailer operator, and is currently project manager for Mixmaster, the most advanced remailer software available. Previously, he was a software engineer for PGP Security, the provider of the world's best known personal cryptography software. A returning Black Hat speaker, Len is also a frequent contributor to online discussions of electronic privacy issues, and has contributed to the development of free software privacy utilities.

Return to the top of the page

Hunting Flaws in JDK
Marc Schöenefeld

Java DK 1.4.1 JRE from Sun has been found to contain a locally exploitable Denial of Service. This affects standalone java programs as well as hosted environments such as servlet engines based on Jakarta tomcat or JRUN.

Java DK 1.4.1 JRE from Sun has been found to contain a locally exploitable Denial of Service. The problem appears difficult to exploit, but hackers have a history of discovering and releasing exploit code for exploitable flaws. It even underlines the riskyness to run java software in shared environments like ISP running servlet hosting. A malicious user or an attacker could insert the described exploitable API code to force JVM crashes in the ISPs runtime environment. This will cause outage of the JSP or Java Servlet service the JVM is running for.

The Effects
Java DK 1.4.1 like its predecessors has entry points to native libraries. These entry points can be called with parameters (java simple types or objects). If an object value is null and the native routine does not provide appropriate check for null values, the JVM reaches an undefined state and typically ends of in a JVM crash. The following proof of concept code describes the problem stated above. If you are interested for details about JVM security see the presentation of Marc Schoenefeld at Black Hat 2002 and Black Hat Windows Security 2003.

Marc Schöenefeld: As an experienced Java programmer and former nerd in C64 assembly I tried to bundle these both ends of experiences together.During work time I am busy being software architect for a large data centre in the finance field. My upcoming phd thesis is targeted to the topic of reengineering of legacy systems. Marc Schoenefeld has been a software developer and an software architect since during university time and after he became Master of Business Informatics in 1997. He specializes in large scale application development (CORBA) and was involved in a OMG success story describing the adaptation of CORBA principles to a large-scale high volume banking application as part of his future phd thesis. Bytecode hacking on the other hand is his hobby since he got his C64 in 1983. Therefore his interest for Java securiy is a rendezvouz of these both major interest areas.

Return to the top of the page

Will People Ever Pay for Privacy?
Adam Shostack, Founder and CTO, Informed Security

Throughout the internet bubble, privacy regularly topped polls of American's concerns. Despite that, many high profile companies offering privacy products have struggled in the marketplace. In addition, people seem willing to give up their privacy for a Big Mac. How can we reconcile these contradictory stances? Attendees of this talk will learn to answer these questions, gain a more nuanced view of privacy, and learn how to design their products and services with a sensitivity towards consumer opinion. This allows businesses to avoid privacy-driven boycotts such as those currently afflicting Delta (

In addition, designers of security services will be better able to reason about the way that their systems interact with privacy. This will lead to more privacy-protective, and socially acceptable, security systems.

Adam Shostack is founder and CTO of Informed Security. Previously, he spent three years as Most Evil Genius at Zero-Knowledge Systems, building privacy technology that remains ahead of its time. He writes and speaks on a variety of security and privacy topics, with a focus on security, privacy, and economics. He has been an active cypherpunk, involved with issues of privacy, security, and cryptography for over a decade.

Return to the top of the page

Honeypots: Tracking Hackers
Lance Spitzner, Senior Security Architect, Sun Microsystems

Honeypots are an exciting, yet relatively unexplored, security technology. A security resource that is designed to be attacked, honeypots have many unique advantages (and disadvantages) when compared to other technologies. This presentation will define what a honeypot is, how it works, its values, and some demonstrations of different types of honeypots. It is hoped you will gain a better understanding of what honeypots are, the many different types and what they can do, and how they can apply to your organization.

Lance Spitzner, is a geek who constantly plays with computers, especially network security. He loves security because it is a constantly changing environment, your job is to do battle with the bad guys. This love for tactics first began in the Army, where he served for seven years. He served three years as an enlisted Infantryman in the National Guard and then four years as an Armor officer in the Army's Rapid Deployment Force. Following the Army he received his M.B.A and became involved in the world of information security. Now he fights the bad guys with IPv4 packets as opposed to 120mm SABOT rounds. His passion is researching honeypot technologies and using them to learn more about the enemy. He is founder of the Honeynet Project, moderator of the honeypot maillist, author of Honeypots: Tracking Hacker, co-author of Know Your Enemy and author of several whitepapers. He has also spoken at various conferences and organizations, including Blackhat, SANS, CanSecWest, the Penta!gon, NSA, the FBI Academy, JTF-CNO, the President's Advisory Board, the Army War College, and Navy War College.

Return to the top of the page

The Role of Non Obvious Relationships in the Foot Printing Process
Charl van der Walt, Founding Member, SensePost
Christoff Breytenbach, SensePost

During perimeter testing it is becoming more and more finding the one vulnerable server on a large network perimeter rather than finding a bug in one server. Many security companies spend huge amounts of time finding this bug - they search deep and not wide. With networks becoming more interconnected every day many large companies don't even know how many networks or hosts are connected to them. The process of obtaining a proper foot print of a company is overlooked in many cases. Footprinting starts with obtaining a list of domains related to the company. The task of obtaining a list of domains related to a specific institution is tedious as the relationship between the institution and their domains is not always obvious. Footprinting is not an exact science - large amount of domains (which translates to pieces of networks or paths into a private network) are typically overlooked during a blind penetration test. The presentation is on footprinting large institutions with focus on an automated technique of finding the "hidden" relationships between domains and institutions.

  • A method has been developed that will automatically provide a list of related domains (given an initial "seed" domain) with relevant "vector lengths" to the source.
  • The code (source and binary) to the project will be released. A paper on the subject and method will be written and released with the tool.

The presentation will include a section on a methodology developed for further domain enumeration. The method allows a user to submit one domain name and a minimum number of keywords and returns a list of domains that are also owned by the institution (over and above the list of related domains (which might not belong to the institution). The method is much more complex that a simple whois query - it makes use of following modules:

  • Link extraction (both to and from) with dynamic weighting
  • Whois selective brute forcing expansion
  • Normalizing of data to represent relevance decay graphically
  • TLD expansion
  • MX record vetting (both true and non-false methods)
  • Web site splash page fingerprint vetting (for getting rid of template sites)

Charl van der Walt is a founder member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.

Christoff Breytenbach

Return to the top of the page

Masters of the Unseen: The Art of Information Warfare
Richard Thieme,

The technical details of information security can be described, checklists generated, policies approved ... but true mastery of the art of information warfare - both offense and defense - is much more subtle than that. Drawing on conversations with some of the best and brightest in the infosec field, Richard Thieme illuminates the heuristics of this subtle art and craft and shows why wisdom is often found in out-of-the-way places. He discloses what it takes to become truly expert, why real geniuses are frequently multi-disciplinary, and why it pays to leverage the perspectives of many domains.

How do you live vibrantly? How do you free the mind? How do you live when you realize there are no walls? These questions, posed by an infosec veteran, frame this inquiry, and the answers will be found in the white space between the fields of your own habitual thinking ...

Richard Thieme ( is a Contributing Editor for Information Security Magazine and, according to The Linux Journal, a "hacker philosopher journalist sage&Mac226; whose presentations at security and hacking conventions are always well-attended and well-received. He speaks eloquently about the relationships between technology, people, and spirituality and always speaks straight to the heart of important matters right at the front of the audience's collective mind. He is very subtle ... and extremely deep."

Thieme consults, writes, and speaks about "life on the edge," in particular the human dimensions of technology and the work place. His focus these days is on security and identity - how to play chess while the board is disappearing.

Thieme has published widely. Translated into German, Chinese, Japanese, Slovene, Danish and Indonesian, his articles are taught at universities in Europe, Australia, Canada, and the United States. His column, "Islands in the Clickstream," has been published in Singapore, Toronto, and Capetown and is distributed to subscribers in 60 countries. Archives are at

Return to the top of the page

Man In The Middle Attacks
Marco Valleri, co-creator "ettercap project"
Alberto Ornaghi,
Security Engineer & co-creator "ettercap project"

Many powerfull tools have focused the attention on MITM attacks that are no longer considered as only theoretical. Starting from a basic knowledge of standard network protocols, this presentation will lead the audience through many of the tricks used by hackers to intercept and manipulate network connections in a LAN or in a remote scenario. Each attack will be discussed and possible countermeasures will be explained to make our connections safer. The second part of the presentation will show what an attacker can do once "in the middle" and how he can use "the middle" to manipulate traffic, inject malicious code, and break widley used cypher and VPN suites (if they aren't used in a conscious way).

Marco Valleri works in the Ethical Hacking Department of an italian IT security company. He collaborates with many italian groups to improve research in many field of the IT security world. He is one of the creators of the "ettercap project"

Alberto Ornaghi has recently got the bachelor degree at the university of
milan, department of coputer science. Now he works in an italian IT security company as Security Engineer. He is one of the creators of the "ettercap project".

Return to the top of the page

Deploying DNSSEC
Paul Wouters, in close collaboration with NLnetlabs, RIPE NCC and the FreeSwan Project.

Although DNSSEC is still a moving target, it has matured enough for large scale experimenting. The first part of the presentation explains the new concepts in DNSSEC and the new record types introduced. Rudimentary knowledge of DNS is required.

The second part of the presentation is a step-by-step guide using Bind to secure an existing zone. Participants who which to secure their own domain need to have the latest Bind9 snapshot and a copy of the zones they wish to secure.

The third part of the presentation will demonstrate the interaction between the Registrant and the Registrar. The Dutch SECREG system will be demonstrated for securing .nl domains at the ccTLD. The VeriSign experiment will also be shown on how to secure the generic TLD's. Time permitting, participants are invited to try and compromise the Speaker's secured zones.

Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP "Xtended Internet" back in 1996. His first article about network security was published in LinuxJournal in 1997 Since then, he has written mostly for the Dutch spin-off of the German "c't magazine", focussing on Linux, networking and the impact of the digital world on society. He has presented papers at SANS, OSA, CCC and HAL.

He is currently involved with the FreeS/WAN project, a Linux IPsec stack that aims to bring Opportunistic Encryption to everyone. For this feature, a secure DNS is needed, which triggered his interest in assisting the widespread use of DNSSEC. Wouters received his Bachelors degree in Education in 1993

Return to the top of the page

David Aitel

Jaya Baloo


Shaun Clowes

Bram Cohen

Stephen Dugan

Job de Haas

Nicolas Fischbach

Halvar Flake


Greg Hoglund

Honeynet Project

Larry Leibrock

David Litchfield

Andrey Malyshev

Haroon Meer

Alberto Ornaghi

Len Sassaman

Marc Schöenefeld

Adam Shostack

Lance Spitzner

Roelof Temmingh

Richard Thieme

Marco Valleri

Charl van der Walt

Serg Vasilenkov

Paul Wouters

Black Hat Logo
(c) 1996-2007 Black Hat