Black Hat Media Archives


Black Hat 2004 Multimedia Archives Quick-link
USA Europe Asia Windows Security
Europe 2004


Black Hat Asia 2004
Only audio is available for this show.
Interested in obtaining a conference CD with all the presentations and tools? Contact store at blackhat.com

Many Black Hat talks are available in audio and video formats. While we reorganize the site to include
direct links, please peruse our RSS feed for links to those talks currently online.
Track/Speaker/Topic Presentation (PPTs) Presentation (PDFs) Notes/Tools
Keynote Presentation - Black Hat Japan 2004

Raisuke Miyawaki



Japanese Language Slides Only
Speakers - Black Hat Japan 2004

Shunichi Arai
Thinking Techie's Social Responsibility - Lessons Fom Winny Case



Japanese Language Slides Only

Chris Eagle
Attacking Obfuscated Code with IDA Pro

 PPT: Chris Eagle: Attacking Obfuscated Code with IDA Pro PDF: Chris Eagle: Attacking Obfuscated Code with IDA Pro


tool

Riley "Caezar" Eller
Capture the Flag Games: Measuring Skill with Hacking Contests

 PPT: Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests PDF: Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests XCL: Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests

Gerhard Eschelbeck
The Laws of Vulnerabilities for Internal Networks

 PPT: Gerhard Eschelbeck-The Laws of Vulnerabilities for Internal Networks PDF: PPT: Gerhard Eschelbeck-The Laws of Vulnerabilities for Internal Networks

Joe Grand
Understanding Hardware Security

 PPT: Joe Grand: Understanding Hardware Security PDF: Joe Grand: Understanding Hardware Security


notes

David Litchfield
Oracle PL/SQL Injection

 PPT: David Litchfield, Oracle PL/SQL Injection PDF: David Litchfield, Oracle PL/SQL Injection


Johnny Long
You got that with GOOGLE?

 PPT: Johnny Long: You got that with GOOGLE? PDF: Johnny Long: You got that with GOOGLE?

Hisamichi Okamura
Cybercrime Treaty and Legal Environment of Japanese Computer Crime and Laws


Hisamichi Okamura: Cybercrime Treaty and Legal Environment of Japanese Computer Crime and Laws
Japanese Language Slides Only

Russ Rogers
The Keys to the Kingdom: Understanding Covert Channels of Communication

 PPT: Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication PDF: Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication

Daiji Sanai & Hidenobu Seki
Optimized Attacking for NTLM2 Session Response

Daiji Sanai & Hidenobu Seki: Optimized Attacking for NTLM2 Session Response
Japanese Language Slides Only

 Daiji Sanai & Hidenobu Seki: Optimized Attacking for NTLM2 Session Response

Yuji Ukai
Environment Dependencies in Windows Exploitation

 PDF: Yuji Ukai: Environment Dependencies in Windows Exploitation

Charl van der Walt-Sensepost
When the Tables Turn

 PPT: Charl van der Walt-Sensepost: When the Tables Turn PDF: Charl van der Walt-Sensepost: When the Tables Turn Charl van der Walt-Sensepost: When the Tables Turn


Black Hat Europe Briefings & Training 2004
Black Hat USA 2004
audio & video files are available from the Sound of Knowledge this conference
Interested in obtaining a conference CD with all the presentations and tools?
contact store<a>blackhat.com
Track/Speaker/Topic Presentation Notes/Tools
Keynote Presentation - Black Hat USA 2004

Paul Simmonds, Global Information Security Director (CISO), Jericho Forum/ICI Plc.
Deperimeterisation: This Decade's Security Challenge

PDF: Paul Simmonds, Deperimeterisation: This Decades Security Challenge
Application Security - Black Hat USA 2004

Nitesh Dhanjani & Justin Clarke
Hacking Without Re-inventing the Wheel

 PDF: Nitesh Dhanjani & Justin Clarke, Hacking Without Re-inventing the Wheel


Rakan El-Khalil
Information Hiding in Executable Binaries

 PDF: Rakan El-Khalil, Information Hiding in Executable Binaries


Seth Fogie
Pocket PC Abuse

 PDF: Seth Fogie, Pocket PC Abuse

ZIP: Seth Fogie, Pocket PC Abuse Tools
tools (.zip)

Sarah Gordon
Antivirus Security Software Tests

 PDF: Sarah Gordon, Antivirus Security Software Tests

Cameron Hotchkies
Blind SQL Injection Automation Techniques

 PDF: Cameron Hotchkies, Blind SQL Injection Automation Techniques

ZIP: Cameron Hotchkies, Blind SQL Injection Automation Techniques Tools & References
tools & references

Upated Presentations

Dan Kaminsky
The Black Ops of DNS

 PPT: Dan Kaminsky, The Black Ops of DNS

Upated Presentations

Brett Moore
Shoot the Messenger

 PDF: Brett Moore, Shoot the Messenger

Upated Presentations

Michael Shema
Web Application Session Strength

 PDF: Michael Shema, Web Application Session Strength

Ralf Spenneberg
IKE-Test

 PDF: Ralf Spenneberg, IKE-Test

ZIP: Ralf Spenneberg, IKE-Test Tool
tool

Panel
The Black Hat Testimonies

Panel
Web Application Security Crossfire

Computer Forensics & Log Analysis

Peter Feaver & Kenneth Geers
Cyber Jihad and the Globalization of Warfare
PDF: Peter Feaver & Kenneth Geers, Cyber Jihad and the Globalization of Warfare

Curtis Kret
Nobody’s Anonymous—Tracking Spam and Covert Channels
PDF: Curtis Kret, Nobody’s Anonymous—Tracking Spam and Covert Channels

Kevin Mandia
The Evolution of Incident Response
PDF: Kevin Mandia, The Evolution of Incident Response

Rebecca Mercuri, Ph.D & Bev Harris
Managing Election Data: The California Recall



K.K. Mookhey
Evasion and Detection of Web Application Attacks
PPT: K.K. Mookhey, Evasion and Detection of Web Application Attacks

Upated Presentations

Michael Raggo
Steganography, Steganalysis, & Cryptanalysis
PDF: Michael Raggo Steganography, Steganalysis, & Cryptanalysis

Deep Knowledge

Tzi-cker Chiueh
Program Semantics-Aware Intrusion Detection

 PDF: Tzi-cker Chiueh Program Semantics-Aware Intrusion Detection

Chris Eagle
Attacking Obfuscated Code with IDA Pro

 PDF: Chris Eagle, Attacking Obfuscated Code with IDA Pro

FX
Vulnerability Finding in Win32—A Comparison

 PDF: FX, Vulnerability Finding in Win32—A Comparison

Halvar Flake
Diff, Navigate, Audit

 PDF: Halvar Flake, Diff, Navigate, Audit

David Maynor
Trust No-one, Not Even Yourself OR The Weak Link Might Be Your Build Tools

 PDF: David Maynor, Trust No-one, Not Even Yourself OR The Weak Link Might Be Your Build Tools
Layer 0
Joe Grand
Introduction to Embedded Security		 PDF: Joe Grand, Introduction to Embedded Security

PDF: Joe Grand, Introduction to Embedded Security
Handouts
Joe Grand
A Historical Look at Hardware Token Compromises		 PDF: Joe Grand, A Historical Look at Hardware Token Compromises

PDF: Joe Grand, A Historical Look at Hardware Token Compromises Handouts
Handouts
Lukas Grunwald
RF-ID and Smart-Labes: Myth, Technology and Attacks		 PDF: Lukas Grunwald, RF-ID and Smart-Labes: Myth, Technology and Attacks

ZIP: Lukas Grunwald, RF-ID and Smart-Labes: Myth, Technology and Attacks Tool
tool
spoonm & HD Moore
Metasploit

Paul Wouters
Windows WaveSEC Deployment		 PDF: Paul Wouters, Windows WaveSEC Deployment

ZIP: Paul Wouters, Windows WaveSEC Deployment
tool

Policy, Management, and the Law

Brad Bolin
Information Security Law Update

 PPT: Brad Bolin, Information Security Law Update

Gerhard Eschelbeck
The Laws of Vulnerabilities for Internal Networks

Upated Presentations

Jennifer Granick
Legal Liability and Security Incident Investigation

 PPS: Jennifer Granick, Legal Liability and Security Incident Investigation

Panel
Hacker Court ’04: Pirates of the Potomac

 PPT: Panel, Hacker Court ’04: Pirates of the Potomac PPT: Panel, Hacker Court ’04: Pirates of the Potomac

Panel
Hacking with Executives

Privacy & Anonymity

Dr. Alessandro Acquisti
Privacy, Economics and Immediate Gratification

 PDF: Dr. Alessandro Acquisti, Privacy, Economics and Immediate Gratification

Roger Dingledine
Putting the P back in VPN

 PDF: Roger Dingledine, Putting the P back in VPN

Adam Laurie & Martin Herfurt
BlueSnarfing The Risk From Digital Pickpockets

ZIP: Adam Laurie & Martin Herfurt, BlueSnarfing The Risk From Digital Pickpockets
mgp

Johnny Long
You got that with GOOGLE?

 PDF: Johnny Long, You got that with GOOGLE?

ZIP: Johnny Long, You got that with GOOGLE?
paper + tool

Bruce Potter & Brian Wotring
Tracking Prey in the Cyberforest

 PDF: Bruce Potter & Brian Wotring, Tracking Prey in the Cyberforest

ZIP: Bruce Potter & Brian Wotring, Tracking Prey in the Cyberforest
tool

Len Sassaman
The Anonymity Toolkit

Turbo Talks

Upated Presentations

Patrick Chambet
Google Attacks

 PDF: Patrick Chambet, Google Attacks

Upated Presentations

Patrick Chambet
Managing MSIE Security in Corporate Networks by Creating Custom Internet Zones

 PDF: Patrick Chambet, Managing MSIE Security in Corporate Networks by Creating Custom Internet Zones

Himanshu Dwivedi
Insecure IP Storage Networks

 PDF: Himanshu Dwivedi, Insecure IP Storage Networks

James C. Foster
Managing Hackers

 PDF: James C. Foster, Managing Hackers

Sarah Gordon
Privacy: Do As I Say...Not as I Do

 PDF: Sarah Gordon, Privacy: Do As I Say...Not as I Do

Chris Hurley
WorldWide WarDrive 4

 PDF: Chris Hurley, WorldWide WarDrive 4

Gregory S. Miles & Travis Schack
Introduction to the Global Security Syndicate

 PDF: Gregory S. Miles & Travis Schack, Introduction to the Global Security Syndicate

Robert Morris
The Future of History

Upated Presentations

Laurent Oudot
Digital Active Self Defense

 PDF: Laurent Oudot, Digital Active Self Defense

Andrew Stevens
How Next Generation Application Proxies Protect Against The Latest Attacks & Intrusions

Richard Thieme

Jeff Waldron
Introduction to the Certification and Accreditation Process (C&A) Within the US Government

 PDF: Jeff Waldron, Introduction to the Certification and Accreditation Process (C&A) Within the US Government

David Worth
Cryptographic Port-Knocking

 PDF: David Worth, Cryptographic Port-Knocking

Zero Day Attack

Upated Presentations

Thorsten Holz & Maximillian Dornseif
NoSEBrEaK - Defeating Honeynets

 PDF: Ralf Spenneberg, IKE-Test

David Litchfield
All New Ø-Day

Saumil Udayan Shah
Defeating Automated Web Assessment Tools

Derek Soeder, Ryan Parmeh, Yuji Ukai
Advanced Return Address Discovery using Context-Aware Machine Code Emulation

 PDF: Derek Soeder, Ryan Parmeh, Yuji Ukai, Advanced Return Address Discovery using Context-Aware Machine Code Emulation

Eugene Tsyrklevich
Attacking Host Intrusion Prevention Systems

 PDF: Eugene Tsyrklevich, Attacking Host Intrusion Prevention Systems

Zero Day Defense

Phillip Hallam-Baker
Phishing— Committing Fraud in Public

 PDF: Ralf Spenneberg, IKE-Test

Dominique Brezinski
Acting in Milliseconds-Why Defense Processes Need to Change

ZIP: Dominique Brezinski, Acting in Milliseconds-Why Defense Processes Need to Change
.zip of html

Jamie Butler & Greg Hoglund
VICE - Catch the Hookers!

 PDF: Jamie Butler & Greg Hoglund, VICE - Catch the Hookers!

ZIP: Jamie Butler & Greg Hoglund, VICE - Catch the Hookers!
tool

Sensepost
When the Tables Turn

 PDF: Sensepost, When the Tables Turn

Peter Silberman & Richard Johnson
A Comparison Buffer Overflow Prevention Implementations & Weaknesses

 PPT: Peter Silberman & Richard Johnson, A Comparison Buffer Overflow Prevention Implementations & Weaknesses

Stefano Zanero
Detecting 0-days Attacks With Learning Intrusion Detection Systems

 PDF: Stefano Zanero, Detecting 0-days Attacks With Learning Intrusion Detection Systems


Black Hat Europe Briefings & Training 2004
Black Hat Europe 2004
there are no audio or video files available for this conference
Interested in obtaining a conference CD with all the presentations and tools?
contact store<a>blackhat.com
Track/Speaker/Topic Presentation Notes/Tools
Keynote Presentations - Black Hat Europe 2004

Upated Presentations

Paul Simmonds, Global Information Security Director (CISO), Jericho Forum/ICI Plc.
De-Perimeterisation: Border Security Is Obsolete- The Security Challenge For This Decade

PDF: Jamie Butler, DKOM (Direct Kernel Object Manipulation)


Speakers - Black Hat Europe 2004

Jamie Butler
 DKOM (Direct Kernel Object Manipulation)

 PDF: Jamie Butler, DKOM (Direct Kernel Object Manipulation)

Patrick Chambet & Eric Larcher
 Security Patches Management On A Windows Infrastructure

 PDF: Patrick Chambet & Eric Larcher Security Patches Management On A Windows Infrastructure

Job de Haas
Reverse Engineering ARM Based Devices

 PDF: Job de Haas, Reverse Engineering ARM Based Devices

ZIP: Job de Haas Resource Files
resource files (.zip)

Upated Presentations

Luc Delpha & Maliha Rashid
Smartphone Security Issues

 PDF: Luc Delpha & Maliha Rashid, Smartphone Security Issues

PDF: Luc Delpha & Maliha Rashid, Smartphone Security Issues white paper
white paper

Upated Presentations

Eric Detoisien & Eyai Dotan
Old win32 Code For A Modern, Super-Stealth Trojan

 PDF: Eric Detoisien & Eyal Dotan Old win32 Code For A Modern, Super-Stealth Trojan

ZIP: Eric Detoisien & Eyal Dotan Old win32 Code For A Modern, Super-Stealth Trojan Demo
demo (.zip)

Eli O
Security Within A Development Lifecycle

 PDF: Eli O Security Within A Development Lifecycle

Gergely Erdelyi
Hide 'n' Seek? Anatomy of Stealth Malware

 PDF: Gergely Erdelyi- Hide 'n' Seek? - Anatomy of Stealth Malware

PDF: Gergely Erdelyi- Hide 'n' Seek? - Anatomy of Stealth Malware
white paper

FX
Practical Win32 and UNICODE Exploitation

 PDF: FX-Practical Win32 and UNICODE Exploitation

Upated Presentations

Nicolas Fischbach
Building an Early Warning System in a Service Provider Network

 PDF: Nicolas Fischbach, Building an Early Warning System in a Service Provider Network

Joe Grand
Introduction to Embedded Security

 PDF: Joe Grand, Introduction to Embedded Security

Joe Grand
Introduction to Mobile Device Insecurity

 PDF: Joe Grand, Introduction to Mobile Device Insecurity

the grugq
The Art of Defiling: Defeating Forensic Analysis on Unix File Systems

 PDF: the grugq, The Art of Defiling: Defeating Forensic Analysis on Unix File Systems

Seth Hardy
Pseudorandom Number Generation, Entropy Harvesting, and Provable Security in Linux

 PDF: Seth Hardy, Pseudorandom Number Generation, Entropy Harvesting, and Provable Security in Linux

Upated Presentations

Larry Korba
Privacy Rights Management Using DRM: Is This A Good Idea?

 PDF: Larry Korba, Privacy Rights Management Using DRM: Is This A Good Idea?

Upated Presentations

David Litchfield
Oracle PL/SQL Injection

 PDF: David Litchfield, Windows Heap Overflows


Upated Presentations

Russ Rogers
The Keys to the Kingdom – Understanding Covert Channels

 PDF: Russ Rogers, The Keys to the Kingdom – Understanding Covert Channels

Upated Presentations

SensePost
When the Tables Turn

 PDF: SensePost, When the Tables Turn

Saumil Udayan Shah
HTTP Fingerprinting and Advanced Assessment Techniques

 PDF: Saumil Udayan Shah, HTTP Fingerprinting and Advanced Assessment Techniques
httprint

Eugene Tsyrklevich
Dynamic Detection and Prevention of Race Conditions in File Accesses

 PDF: Eugene Tsyrklevich, Dynamic Detection and Prevention of Race Conditions in File Accesses

TGZ: Eugene Tsyrklevich, raceprot.tgz
raceprot tool (.tgz)

Upated Presentations

Paul Wouters
Windows WaveSEC Deployment

presentation

pdf

TGZ: Eugene Tsyrklevich, raceprot.tgz
Wavesec for Windows

Upated Presentations

Stefano Zanero
Detecting Ø-days Attacks With Learning Intrusion Detection Systems

 PDF: Stefano Zanero, Detecting Ø-days Attacks With Learning Intrusion Detection Systems


Black Hat Windows 2004 Briefings & Training
Black Hat Windows Security 2004
there are no audio or video files available for this conference
Interested in obtaining a conference CD with all the presentations and tools?
contact store<a>blackhat.com
Track/Speaker/Topic Presentation Notes/Tools
Keynote Presentations - Black Hat Windows 2004

Dan Geer Jr., Sc.D, Principal, Geer Risk Services, LLC & VP/Chief Scientist, Verdasys, Inc.



Richard Thieme, Thiemeworks.com
Broken Windows: What Security Looks Like When Gollum Gets the Ring

Application Security - Black Hat Windows 2004

Jamie Butler
DKOM (Direct Kernel Object Manipulation)

 PDF: Jamie Butler, DKOM (Direct Kernel Object Manipulation)

Upated Presentations

Jeremiah Grossman
The Challenges of Automated Web Application Scanning

 PDF: Jeremiah Grossman, The Challenges of Automated Web Application Scanning

Matt Hargett
Integrating Security Into Agile Development/Testing

 PDF: Matt Hargett, Integrating Security Into Agile Development/Testing

Drew Miller
Application Intrusion Detection

 PDF: Drew Miller, Application Intrusion Detection

Upated Presentations

Gunnar Peterson
Security in the Development Lifecycle

 PDF: Gunnar Peterson, Security in the Development Lifecycle
Deep Knowledge - Black Hat Windows 2004

Cesar Cerrudo
Auditing ActiveX Controls

 PDF: Cesar Cerrudo, Auditing ActiveX Controls ZIP: Cesar Cerrudo, Examples

Halvar Flake
Automated Binary Reverse Engineering

 PDF: Halvar Flake, Automated Binary Reverse Engineering

Curtis Kret
Nobody’s Anonymous – Tracking Spam

 PDF: Curtis Kret, Nobody’s Anonymous – Tracking Spam

Saumil Shah
HTTP Fingerprinting and Advanced Assessment Techniques

 PDF: Saumil Shah, HTTP Fingerprinting and Advanced Assessment Techniques
MS Specific Attack - Black Hat Windows 2004

David Aitel
MOSDEF

 PDF: David Aitel, MOSDEF

Upated Presentations

Harlan Carvey
Data Hiding On A Live (NTFS) System

 PPT: Harlan Carvey, Data Hiding On A Live (NTFS) System

Upated Presentations

David Litchfield
Windows Heap Overflows

 PPT: David Litchfield, Windows Heap Overflows RTF: David Litchfield, Code

Upated Presentations

Sergey Polak
Capturing Windows Passwords Using the Network Provider API

 PDF: Sergey Polak, Capturing Windows Passwords Using the Network Provider API ZIP: Sergey Polak, TooI

Upated Presentations

Hidenobu Seki
Fingerprinting through Windows RPC

 PDF: Hidenobu Seki, Fingerprinting through Windows RPC
MS Specific Defend - Black Hat Windows 2004

David Blight
Trusted Computing 101

 PDF: David Blight, Trusted Computing 101 ZIP: David Blight, papers

Mark Burnett & James Foster
Without a Trace: Forensic Secrets for Windows Servers

 PDF: Mark Burnett & James Foster, Without a Trace: Forensic Secrets for Windows Servers ZIP: Mark Burnett & James Foster Tools

Bryan Glancey
WinCE PDA Insecurity

 PDF: Bryan Glancey, WinCE PDA Insecurity

Derek Milroy
Hardening Windows Servers

 PDF: Derek Milroy, Hardening Windows Servers ZIP: David Milroy, EXE

Steve Riley
Windows XP: Improving Resiliency

 PDF: Steve Riley-Windows XP: Improving Resiliency
Policy & Law - Black Hat Windows 2004

Upated Presentations

Chris Conacher
Information Security in Mergers & Acquisitions

 PPT: Chris Conacher, Information Security in Mergers & Acquisitions

Jennifer Stisa Granick
Legal Risks of Vulnerability Disclosure

 PDF: Jennifer Stisa Granick, Legal Risks of Vulnerability Disclosure

Curtis Karnow
Digital Security: Policies & The Law

 PDF: Curtis Karnow, Digital Security: Policies & The Law

Russ Rogers
Addressing Complete Security to Save Money

 PDF: Russ Rogers, Addressing Complete Security to Save Money

Upated Presentations

Adam Shostack
Terrorism and Immigration: The Economics of Secure Identity

 PPT: Adam Shostack, Terrorism and Immigration: The Economics of Secure Identity
Routing & Infrastructure - Black Hat Windows 2004

Stephen Dugan
"They'll never see it coming!"

Upated Presentations

FX
Lessons Learned When The Cisco Guys Went to Windows land

 PDF: FX
Upated Presentations

Jim Harrison & Jim Edwards
ISA Server: Best Practices from the Field

 PPT: Jim Harrison & Jim Edwards, ISA Server: Best Practices from the Field

Steve Hofmeyr
Preventing Intrusions and Tolerating False Positives

Laura Robinson
Win2K3 Terminal Server


Media Server Hosted By:

Complex Drive

Complex Drive - Reliable, Secure, and Responsive Business Internet


Black Hat Logo
(c) 1996-2007 Black Hat