Black Hat 2009 Summary

Posted by Sebastian Klipper at August 5th, 2009. Share this article on Twitter or Xing.

This year’s Black Hat conference in Las Vegas is over – time to sum up. On the documents page you can download 109 files with 620 MB of content about hacking, attacking and vulnerabilities. Who should read all this? I will give you some hints on interesting topics, although it is hard to find none interesting ones.

Let’s start with the anti-forensic speech of Bill Blunden. He gave a very good overview on tactics and countermeasures against forensic analysis: Anti-Forensics: The Rootkit Connection. Interesting for Mac OS user: Advanced Mac OS X Rootkits. What was really new is, that there are rootkits for keyboards. In the slides Reversing and Exploiting an Apple® Firmware Update you can find the details. A first approach on getting rid of rootkits was presented by Anibal Sacco and Alfredo A. Ortega in their speech Deactivate the Rootkit.

My this year’s favorite is the speech on sniffing keystrokes with lasers and voltmeters via side channel attacks. It’s one of the oldest computer security topics, but it’s often fallen into oblivion. Because this is a technique every intelligence unit worldwide is able to do blindfolded. This comes close – few text, many pictures: Lockpicking Forensics. Here is a video out of my personal bookmarks on how lockpicking works: Lockpicking Demo.

Another very interesting Speech was on Embedded Management Interfaces: Emerging Massive Insecurity. The authors attacked more than 20 embedded management interfaces, such as in switches or VoIP telephones. They found more than 50 vulnerabilities within the analyzed interfaces.

One of my most common topics is Business Case Information Security. Of major interest is the Black Hat part of cash-flow. One speech was on the Mo’ Money Mo’ Problems: Making A LOT More Money on the Web the Black Hat Way. Some nice views on cybercrime economics were presented here: How Economics and Information Security Affects Cyber Crime.

I like the speech of 18 year old Peter Kleissner about Stoned Bootkit and how to break TrueCrypt. Black Hat 2009 was also very productive in defeating security of certificates: More Tricks For Defeating SSL and Breaking the security myths of Extended Validation SSL Certificates

These are the speeches I like most, but there could be more interesting ones. I didn’t had the time to go through all the documents by detail.

Search this blog with the most used words in this year’s document-headlines (Most of my Articles are written in German):
Security Attack Rootkit Exploit Metasploit Crime Phone Money Network SSL Malware XSS Forensic

Dino Dai Zovi

Advanced Mac OS X Rootkits

Caterory: Comunity.
Tags: No tags for this article.

Leave a comment

By posting this comment you agree, that your name, Email address and your IP address is stored with your comment. View details in the pricacy statement.