What is the cutting edge of Ø-day attack techniques? How are these vulnerabilities found and exploited? This track will focus on topics including applied attack methodologies, using but not loosing your Ø-day attack, new classes of vulnerabilities just discovered or under development, trends in the Ø-day underground community, etc. Attacks against devices or systems that were previously thought to be either too secure or obscure fit this track as well. Past examples would include attacks using new root kit hiding techniques, Mike Lynn's attack against Cisco's IOS, DMA memory exploits using a USB or Fire Wire device, defeating XP / Vista memory protection schemes, etc.
"Ø-day" vulnerabilities are a fact of life, but how we deal with them vary greatly. Some build elaborate multi-layer defense in depth systems. Some accept the risks and invest in response strategies. This track will deal with the strategies and technologies that have evolved to deal with the Ø-day. Topics might include how to defend against unknown vulnerabilities using system call tracing, randomized stack or heap memory, process sandboxes, tools for code auditing, MAC policies, etc. Lessons learned stories may include case studies of how your organization reacted to a 0-day Malware attack or how you reversed a malicious binary. What worked and what didn't.
As network routers, fire walls, and operating systems become more mature, the security surrounding applications have become one of the most popular attack vectors. Format string problems, improper input validation testing, improper authentication, and buffer overflows abound. How do we find or fix these problems? Presentations may cover strategies for auditing web applications, reverse engineering binaries to find or fix vulnerabilities, source code analysis, secure coding practices, black box testing tools, and configuration best practice guidelines would all be appropriate for this track
In depth presentations on a variety of topics. Not for the faint of heart. If your topic requires a minimum of 150 minutes, this track with give you the time necessary to cover your technical topic in depth.
Forensics & Anti-Forensics:
So, you think you have been hacked? This track will deal with what you should do after you suspect a system or network compromise. Topics could include log analysis of HIDS or NIDS alerts, disk and memory imaging and forensics, system baseline analysis, etc. would be examples of the forensics portion of this track. On the anti-forensics front, techniques for hiding your processes in memory, strategies for never touching the disk to avoid drive analysis tools, 'evidence-eliminator' type tools and their limitations would all be appropriate.
Issues surrounding the network. What network you ask? Any network! SS7, x.25, IPv6, or maybe something is wrong with 802.11n or SCADA? As more networks are built and legacy systems integrated we are discovering all kinds of unintended consequences. Talks could cover network scanning, mapping, transient trust problems, driver issues, implementation disasters, or spoofing for example.
Identification and Evasion:
This track is for tools and techniques that deal with discovery and evasion, from kernel space to the wire. Tools that can discover and map networks, hosts, or devices. New fingerprinting strategies, both active or passive, or timing attacks would be an example. On the evasion side techniques or tools used to evade HIDS, NIDS, or Honeypots as well as confuse or misrepresent your systems to scanners or the operating system integrity checks. Don't forget to discuss the limits of your strategy that would impact its use.
Policy, Management, and the Law:
How does the law deal with the security issues that are discovered? What legislation do businesses need to comply with? What are the social responsibilities of security practitioners? Analysis of current or future laws and legislation, management trends, and policy development would fit in this track.
Privacy & Anonymity:
In the world of ever increasing surveillance of the public Net, what are the issues privacy-conscious people and administrators should be aware of? Talks could cover topics such as "What can we do to increase personal privacy?" Technology talks could cover tools related to network privacy such as pseudo-anonymous networking systems like TOR or JAP and anonymous re-mailers. For mobile users it might relate to full device encryption or encrypted text messaging tools. At Black Hat Federal 2006 an excellent presentation by Paul Syverson and Lasse Øverlier dealt with attacks against the TOR network, confirming previously speculation. Have you built an RFID jammer or a zero-footprint live file system? This track would be for you.
The Turbo Talks track will consist of 20 minute talks covering subjects that do not require a full length presentation slot. Topics can range widely, and there are no specific guidelines for what must be included. Examples might include the announcement of a new security project or initiative, the release of research data, a quick tip or techniques talk on a very specific topic, a call for participation in a study, a question and answer session surrounding a new law, etc. Please note: Because of the nature of this track Black Hat will not pay a speaking, hotel, or airfare fee. Selected presenters receive a full conference pass only.