BlackHat distributed binders with a good many of the slides from the presentations; these may or may not be available online. Some speakers have their presentations on their home websites, I think. Ask if you want to see the slides.
Blackhat was held at the Venetian
in Las Vegas, a new hotel/conference centre with an extravagantly opulent
decor (see the
However, the conference was marred somewhat by repeated alarm system tests
over the PA system, the casino (placed between the accommodation and the
conference centre) smelled strongly of something like hair oil, and I ended the second
day with a severe headache.
Here's a photo
of the large ballroom, used for Track A and keynotes.
I missed all the bad weather - as someone pointed out, casinos are supposed to insulate people from the outside world. When we emerged, water was cascading down the parkade stairs and they'd had to sandbag the elevators.
09:00 - 09:40
First Keynote Address - Dr. Jeffrey A. Hunker, Introduction by John Davis
12:00 - 13:20
Lunch + Richard Thieme - Remote Viewing, Actionable Intelligence, and Complex Networks
13:30 - 14:30 Track A - Simple Nomad - Modern NetWare Hacking
14:40 - 15:40
Track A - Rooster - DNS security issues
16:00 - 17:00
Track A - Brent Huston - Appliance Firewalls: A Detailed Review
17:10 - 18:10
Track A - Dominique Brezinski - Building a Forensic Tool kit That Will Protect You From Evil Influences
18:10 - 20:00
Catered Reception - Unwind with an open bar and food. A good starting point for the rest of your evening in Las Vegas!
09:00 - 09:40 Keynote Addresses
Track A, B & C - Dr. Mudge -
There's some old stuff on ZDnet with Mudge; see here.
11:00 - 12:00
Track A - Eric Schultze and George Kurtz - Over the Router, Through the Firewall, to Grandma?s House We Go
Track B - Adam Shostack - Towards a taxonomy of network security testing techniques
Track C - Rob Karas - Open Source Monitoring
13:30 - 14:30
Track A - Peter Shipley & Tom Jackiewicz - Security issues with implementing and deploying the LDAP directory system
Track B - Mike Schiffman - The Firewalk tool
14:40 - 15:40
Track A - David Bovee - VPN Architectures: Looking at the complete picture
Track B - Eugene Schultz - Security Issues with configuring and maintaining an IIS 4 server
Track C - Padgett Peterson - Overlooked Local Attack Techniques
18:20 - Closing
Monocultures are dangerous - Java, Windows, RedHat Linux
Schedule cribbed from the Speaking Schedule at defcon.org.
Cult of the Dead Cow - BO2K!
What will we be doing? R0xiN the HAU-aus, BIzaTch!!!@@!2121lf... But that goes with out saying. In addition to the rocking of the aforementioned house, we will also be releasing BO2k. We won't reveal our sekrets of BO-Fu, but trust me when we tell you that it will make BackOrifice v1.0 look like LOGO for the TI99/4a.
Founded in 1984, the Cult of the Dead Cow (cDc) is the oldest group still active in the computer underground; the only group (aside from a few layme p1RaT3 gR0oPzZz) with a female group member; the only group to host its own annual HoHoCon hacker convention; and, with over 300 text files in circulation, the most prolific group. cDc is definitely cooler than the Legion of Doom (LoD), and more importantly, our T-shirts are more colorful. We also have stickers.
Great, you may say, but have we ever disrupted communications on two continents by moving telecommunications satellites? Mhm. Hacked computing resources belonging to the three-letter agencies and the Pentagon? Yep. Altered environmental controls in local malls via modem? Done that. But unlike other hacker groups you've undoubtedly read about, we've never been caught.
With qualifications like these, it's not surprising that over the past few years, the media has looked to us as the darling boy (and girl) torch-bearers of the DIY-cyber-hacker-underground movement. It's our unfortunate cross to bear. But as the whole of Generation X follows our lead into the new millennium, we feel it is our duty to our peers to maintain the struggle and "raise high our freak flag," as it were. On their behalf, we intend to dominate and subvert the media wherever possible. Information is a virus. And we intend to infect all of you.
www.bo2k.com mcafee.com datafellows sophos iss.net norton.comIra Winkler - The myths associated with hiring hackers.
While Ira Winkler is not an advocate of hiring your off the street hacker, he has come to the opinion that many of them are more useful than people who call themselves security professionals. He believes that compounding the problems are bureaucrats who don't understand the problem, and try to form solutions without thinking. For example, the Critical Infrastructure Assurance Office (CIAO), formed by a Presidential Directive to help protect the Critical Infrastructure, was considering a plan to recruit a group of teenagers who they would guide through their college careers to be the Info Warriors of the future. Ira talks about the myths associated with hiring hackers and security professionals, as well as the problems with the efforts to supposedly protect the Infrastructure. An "Are you Clueless?" test for "Security professionals" is given. Also recommendations to excel in the corporate world are given for hackers who are really skilled.
Ian Goldberg - Zer0knowledge Network (zks.net) Using the Internet Pseudonymously: One Year Later
Jason Scott - TEXTFILES, G-PHILES, AND LOG FILES: Remembering the 1980's Through ASCII
In the 1980's, life started to move online, bringing with it all the wonder, terror, and breadth of human nature. Most markedly, an entire generation of teenagers turned their energies and efforts onto this growing culture and turned the world of Bulletin Board Systems into a combination street corner and clubhouse, sharing their knowledge, lying and bragging into infamy, and creating a shared experience that lasts in their hearts and minds to this day as they become the foundation of the Internet Society.
While the unique forces that combined to make BBSes the experience they were have since shifted and formed other cultures in the years since, a feel for the 1980's can be found in the Textfiles (also known as g-files or 'philes') that nearly every self-respecting BBS traded, offered, or created as a matter of gaining notoriety (and more importantly, callers) in a sea of similar voices. In these textfiles, readers can reminisce or learn anew about what the BBS experience meant to those who lived through it, and easy parallels can be drawn to the 'scenes' that are now thriving online today.
This talk will attempt to give historical perspective and narrative to the BBS 'scene' of the 1980's, presented by a user who was around for a good portion of it and took notes. Expect shouted refutations from the audience and eerily familiar battles waged across the message boards to live again.
Jason Scott (Formerly The Slipped Disk) has been an observer and participant in the world of BBSs since about 1982, cutting his teeth on Boards such as OSUNY, Sherwood Forest II and III, Milliways/Outland, The Dark Side of The Moon AE/BBS, as well as hundreds of others. His experience in BBS culture of the 80's ranges from Compuserve and The Source to Deversi-dials, AE Lines and anything else that gave a carrier when you called it. He is best known as the SysOp of The Works BBS, a textfile-only board that he ran from 1986-1988 before switching to SysOp-At-Large from 1989 to the present. Realizing an entire generation's shared lore was being diluted and lost, he has started the site www.textfiles.com, dedicated to preserving all things ASCII from the 1980's. This web site is slowly killing him.
Simple Nomad - Overview of activities at the Nomad Mobile Research Centre.
Simple Nomad will give an overview of activities at the Nomad Mobile Research Centre, provide status on several projects, and give a detailed overview of NMRC's latest Netware hacking tool, Pandora. The new version of Pandora sports a "point, click, and attack" GUI interface, and works against Novell Netware versions 4.x and 5.x.
Simple Nomad is the author of several FAQs on hacking, including "The Hack FAQ" which is a combined FAQ covering Netware, NT, Unix, and web technologies. The Nomad Mobile Research Centre is a non-profit organization dedicated to independent computer security research, with a focus on corporate-deployed commercial file servers.
Cyber - How to use BSD to set up a firewall/gateway.
This talk will cover the basics of using free software to setup a firewall/gateway machine. Basic concepts will be reviewed, and why certain things are important will be covered. Ideal setups as well as practical solutions will be discussed. Step by step instruction with examples will be given. Q/A will be done time permitting, slides will be availible online.
Erik has done computer security for a number of years. He has added crypto layers to existing products, as well as designed and implementedthe security authentication and authorization model for an internal account control system for a major US bank. He currently works as a consultant for KPMG LLP.
Freaky - Macintosh Security.
From the Author of Freaks Macintosh Archives, Freak will be hosting a topic this year at the con about macintosh security, the programs out there and their flaws. Some new programs will be released for the macintosh platform to help secure your MacOS. And more programs will be released to Exploit your mac and many other platforms.
John Q. Newman -
Security Experts Panel - Growing on the popularity of last years panel discussion of security issues and audience Q&A, this years panel will be organized by Alhambra, and currently includes the following speakers:
Sarah Gordon - Viruses on (and off) the Internet. Panel Session.
Computer viruses are currently freely available on the Internet, as well as via various mailing lists. The recent Melissa virus incident has focused attention on some issues surrounding the public availability of viruses. The panel (representing virus writers, antivirus product developers, open source advocates and academics) will represent a wide range of views on topics such as: "Is it cool to make viruses available via the Internet? Is posting of viral source code to mailing lists as a 'necessary evil' which can force developers to improve products. Should virus writing itself be illegal?". We want to hear *your* views, too, so the session will end with Q&A Interactive.
Sarah Gordon graduated from Indiana University with special projects in both UNIX system security and ethical issues in technology. She currently works with the anti-virus science and technology R&D team at IBM Thomas J. Watson Research Center. Her current research projects include development of antivirus product certification standards, test criteria, and testing models. She has been featured in publications such as Forbes, IEEE Monitor, The Wall Street Journal, and WIRED, and is published regularly in publications such as Computers & Security, Network Security Advisor and Virus Bulletin. She has won several awards for her work in various aspects of computing technology, and volunteers in an advisory capacity to Virus Bulletin, The WildList Organization, and The European Institute for Computer Antivirus Research.
Richard Thieme - Trust, Betrayal, and Nested Levels of Loyalty: Who Do We Think You Are and How Do We Think We Know?
"Spot the Fed" is a Def Con game, but anyone who has been invited to visit the local FBI office for a focused conversation or has watched helplessly as their hard drive is carried into the night, wrapped in a search warrant, knows it isn't just a game. The threat of hard core hacking in a wired world is not some trophy hunter hoping to impress his friends: it's the real threat to the infrastructure of nations and the global economy that can be used to leverage the power of blackmail, sabotage, and terrorism. Under the cloak of Y2K paranoia, in a world that is increasingly gray, it pays to know who we can trust. After all, we have to work in "trusted networks," a handshake is the basis for capitalism, and identity and self are decisions rather than discoveries in a digital environment. So who do we think you are, and how do we think we know? Who are you, anyway? And who in the hell are we?
Jericho- Fakes Walk Among Us.
The recent explosion of the security industry has found itself littered with newcomers, all 'experts' in the field. Unfortunately, many of these 'experts' are nothing more than self proclaimed windbags that are no more qualified to help you with security than your local 6 year old. How do these charlatans manage to find work? Why are they accepted? More important, how do you distinguish legitimate security professionals from the fakes? These are valid concerns in today's security community. Answers to follow?
Jericho is a security consultant (read: not an expert) working almost full time these days. His travel has taken him to standard corporate networks, to consulting for wacky spooks that everyone fears. On top of run-of-the-mill consulting, he has participated in network analysis via penetration testing, computer forensics and more. He hates crowds. :)
Prof. Feedlebom- Followup on Micropower Radio.
Last DefCon, Prof. Feedlebom led a discussion on Micropower Radio that kinda glossed over a lot of the technical details. This year, he returns to discuss in more detail some of the things required to place a micropower station on the air. Will also include a short synopsis on the current state of Micropower Radio, including the effort to legalize it in the United States. Handouts from last year's session will be available for those who did not recieve them in the mail (sorry).
Prof. Feedlebom has operated The Voice of Mercury and the Desert Crossing Radio broadcasts for the last five years. While he's taking the year off this year from the Big Broadcast, he has been responsible for strange radio emissions that have been heard in Los Angeles and Kern Counties on a variety of frequencies. He also acts as the chief engineer for Radio Invasion, a former micropower station now broadcasting through Real Audio.
Dr. Byte- IPv6: Who/What/When/Where/How/Why.
Christian Hedegaard-Schou - What is opensource?
This talk will focus on what opensource is, what it isn't, debunking some myths, showing some examples, and giving reasons why opensource is ready for the real world. This talk is primarily aimed at government and corporate IS/MIS/IT staff and managers, but anyone who's curious as to what this "open source" thing is they've heard so much about in the past months are encouraged to attend.
Christian Hedegaard-Schou I is a private contractor and consultant who first embraced opensource about 5 years ago when he discovered linux and installed it over his DOS partition. He's never gone back. Since he first discovered linux he also played with FreeBSD and NetBSD on various architectures, and has been a proponent of Free software, GNU, and the newly defined "open source" movement.
V1RU5 - Lock Picking explored
14 years as a professional magician, V1rus will assist on the Lock picking class and will talk about Hand cuffs, and how to improv picks.
Craig H. Rowland - How to be aware of security problems on your network.
Steven Alexander- Firewalls: Trends and Problems.
This talk will cover some of the new firewalling trends and how many of them are detrimental to security. The focus of this talk will be on how the discussed trends work and how they can be used by an attacker to defeat security, and how security problems can be avoided. The discussion will not cover specific products in order to allow anyone to apply the subject matter to their current configuration.
Steven works for a small ISP, attends his local college as a math major and spends his free time studying cryptography.
Robert Lupo -Introduction to computer Viruses.
This class covers how different virus work and how to defend agent them, including: Boot Sector Virus, File infecters, Multi parti, Macro, and Fakes in the world.
Michael J. Martinez - Hackers and the Media: A Love-Hate Thing.
For hackers, contact with the media is both exciting and frustrating. Everybody loves to grab that 15 minutes of fame and set the record straight, but the media has this annoying habit of getting things wrong, at least from a hacker's point of view. Mainstream reporters feel the same way -- hacking is cool, sexy, and guarantees readership. But hackers are so evasive, way too full of themselves, and then there's this godawful technology to try to understand. How can reporters and hackers work together, or at least understand each other?
Michael J. Martinez reports on technology for ABCNEWS.com. In addition to covering more mainstream issues, Martinez has written about hacker culture, the VX community, the Pentagon's "cyberwar" problems, and the Melissa virus. His articles have been featured on Slashdot and the Hacker News Network.
Steve Mann - Inventor of the so-called "wearable computer"
Cyber - What are public keys?
Peter Shipley - Intro to TCP/IP exploits.
Gh0st - Phreaking and PBX tricks
Dead Addict -After working for The Man (TM) for several years, DA is finally working for the little guy - implementing worldwide financial systems for
multinational banking corporations.
He will speak on currency systems, credit systems and associations, SET technology, its message flow, crypto usage, implementation issues, and surrounding industry issues. He will alsobriefly discuss security issues with current ecommerce implementations.
Winn Schwartau - HERF Guns, EMP Bombs and Weapons of Mass Disruption (UnClassified)
At DefCon III, Winn Schwartau talked about High Energy Radio Frequency Guns, Electromagnetic Pulse Bombs and assorted nefarious weapons. Trouble is, the government doesn?t admit to a thing. However, through constant research, he has found more than the government would like.
The August issue of Popular Science, due out on or about July 15 will feature Schwartau?s article on these emerging devices - but you will get an early peek at DefCon 7 on Saturday afternoon. Russian HERF and EMP devices for sale world wide. Some are even on the Internet! Terrorist level weapons made in a garage for less than $500 and put out an E field in excess of 1MV/meter. A video of real HERF at work. Be ready with your questions and Schwartau, as usual, will have answers.
Deanna Peugeot - Embedded systems hacking.
Bennett Haselton and possibly Brian Ristuccia - The "Anti-Censorship Proxy" and technological circumvention of Internet censorship.
Brian Ristuccia's Anti-Censorship Proxy (ACP) is a tool for circumventing network-level Internet censorship. It combines functionality of older software such as PGP, Anonymizer, and steganography software, enabling Internet users to bypass firewalls and proxy servers without detection. ACP can be used to circumvent firewalls used by China and Saudi Arabia to block criticism of their governments, or to bypass software used in American schools to censor pages about contraception, animal rights, and many non-Christian religions.
These countries and institutions are likely to crack down on the use of such software, provoking an "arms race" between ACP developers and their opponents. (The use of strong encryption in ACP may even conflict with some countries' import/export regulations.) This talk will describe the ACP and look at some of the directions that such an "arms race" might take, as well as describing real-world implementations of network-level censorship (in China, Serbia, the Middle East, as well as many U.S. schools), what kind of content is censored, and how the ACP could be used to bypass these restrictions. More information at http://ians.978.org or http://www.peacefire.org/bypass/Proxy/
Bennett Haselton has been publishing studies of Internet censorship software since 1996. His reports have been used as evidence in First Amendment court cases filed by the ACLU and People For the American Way, and he has been invited to speak on Internet censorship at Computers Freedom and Privacy 99, the American Library Association national conference, the ACLU of Ohio annual conference, InfoWarCon 99, and Spring Internet World 99. Peacefire's reports criticizing censorship software have been featured on CNN financial news, MTV, Court TV, and MSNBC.
R - The Defcon Proxy Server.
R will give an overview of the Defcon Proxy Server - what it is, how it came to be, and how to access and use it. Don't want your boss to know where you're surfing to on his dime? Would you like to anonymously view your artwork after the fact? If this is you, don't miss this informational talk. It will cover new features and access policies.
Rstarted out in life as a BBS operator in 1989. After setting up Unix boxes to provide Usenet and Email via UUCP for his customers, he gave out shell accounts on the same machines - and after cleaning up that mess, he was a Security Expert! He also authored the first Windows based email application and roaming code for American Mobile Satellite Corporation and the Trimble C/GPS transceiver, and was head of Network Security for Telegroup, Inc.
Mr Phillip J. Loranger - The United States Army. The ethics/morality/practicality/patriotism of hacking.
Angus Blitter - Fear and Loathing in Cyberspace: The art and science of enemy profiling
Quickly identifying your opponent, in any conflict, can mean the difference between success and failure. Knowing their capabilities, resources and limitations can
provide the tactical advantage. The lack of this type of decision support is a serious deficiency in most information warrior's arsenals. Relying on single source
intelligence is pure folly. Charlatans and carpetbaggers are salivating at the millions in government and corporate dollars earmarked for such a competitive advantage.
Our discussion will provide a working definition for "profiling", how it is used and why it effects everyone!
Angus Blitter is the founder and Grand Poopa of HSK.
Daremoe - The Firewall Appliance: Friend or Foe?
An introduction to appliance firewalls. What they are, how they work and what you can expect when you encounter them in the wild. These "new breed" firewalls are popping up everywhere, so be prepared when you meet them...
Daremoe is the Alpha-Dog of the WolfPak, a "614 based group of security minded individuals". He is an independent computer security consultant with over ten years experience in e-commerce. He has just completed a comprehensive evaluation of appliance firewalls and their market.
Charles Faulkner - Hacking Human Minds
Human expertise is not found in the sum of explicit practices or algorithms. It's in the experience, mental models and heuristics of individuals. Invisible to current Knowledge Engineering, psychology and (most) linguistics, these 'rules of thumb' are available (can be hacked) through specific pragmatic, syntactic, and semantic 'filters/handles' that can be detected, influenced, and transferred. Applications / instantiations to humans achieved. Computing and human/computer interface applications sought.
Charles Faulkner is a hacker (modeler, in polite society) of human experience and expertise whose projects have included language acquisition, futures trading, metaphoric communication, and object oriented software testing.
Michael Peros -Privacy Electronics - Detecting wiretaps
This year I would like to speak about how to identify body wires, recorders and government informants. Also I have verified from a very reliable source that President Clinton passed a wiretap bill through executive order of the White House allowing the Federal Government to Wiretap and intercept electronic-oral communication without a warrant. This came into law as of January of 1999. He did not have to go in front of the congress to bring this into law.
Michael Peros can be reached via email, Gail Thackeray - Maricopa Count Prosecutor,AZ - Kevin Higgins - Nevada Attorney General -
Each will do a brief thing on a topic near & dear to their hearts, and then open the session to an "ask the prosecutor" Q & A so people with Burning Questions can ask about whatever interests them.
James Jorasch - "Hacking Las Vegas."
If you missed it last year, don't miss it this year. Excellent.
Peter Stephenson - Principle consultant of the Intrusion Management and Forensics Group (IMF). Introduction to Cyber Forensic Analysis
The Anti Child Pornography Militia will be making a showing at the 7th Annual DefCon Conference in Las Vegas, Nevada on July 9th - 11th. The ACPM will be
actively recruiting individuals sympathetic to our cause and willing to take an active role in the battle to eliminate child pornography from the Internet.
"We have big plans for DefCon", says Natasha Gregori, founder of the ACPM, "Not only will we be recruiting from a Hospitality Suite at the Convention, and seeking sponsors and allies; Plans are in the works for ACPM to make a presentation during the three day event, and be introduced by a major personality in the community."
The Defcon Conference will also signify the commencement of operations for ACPM, after 5 months of preparation, organization, and amazing growth from its original one-woman cause.
"I feel confident that the kick-off will be a success," Lawless, Director of ACPM Education, "from there, we will begin entering the political arena, lobbying for tougher enforcement against child pornography online, while assisting in any way possible with current enforcement."
The Anti Child-Pornography Militia (ACPM) is an organization committed to removing child pornography from the Internet. Child Pornography is readily available on the Internet from Usenet, web sites, and chatchannels. These photographs of children, used to feed the grotesque sexual desires of pedophiles, contribute to the rising numbers in child sexual abuse cases world wide by emboldening and enticing potential perpetrators into committing acts of child abuse. The ACPM will be working to achieve its goal of Zero Child Pornography through legal, political, and legal technical means. The ACPM in no way promotes or condones illegal attacks against individuals or computers connected to the Internet.
Tom - from because-we-can.com. Security problems associated with client-side scripting in popular web-based services.
Kevin Poulsen & Jennifer Grannick - The Legalities and Practicalities of Searches and Interrogations.
You all know who Kevin Poulsen is. If you don't, please go learn.
Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California. She defends people charged with computer-related crimes, as well as other offenses. Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
Vic Vandal - Hacking Oracle 101
So you've hacked your way into your "test" O/S. What are you going to do now? All the really fun data is stored in a database, probably an Oracle database. This talk will discuss some of the gory details of Oracle security and insecurity. Vic
Vandal is a certified information security professional. He has been providing enterprise-level security design and implementation for U.S. government and military entities for the past 10 years. He currently works for a major consulting firm as a Senior Information Security Engineer. His areas of expertise are; O/S security, database security, network security, application security, firewalls, encryption, VPN's, and digital signatures.
David Sobel - General Counsel to the Electronic Privacy Information Center - "Internet Anonymity Under Assault: The 'John Doe' Lawsuits"
Rooster - Insecurities in Networking Devices
Routers and switches. These devices make up the core of what is networking. Devastatingly important, this infrastructure is key to a properly working environment. Amazingly, many administrators don't know the weaknesses and holes that are being exposed to the Internet. This talk will discuss the most common security issues in routers and switches, how they can be exploited, what a person gains from this, and how to prevent people from gaining access to your network equipment.
Rooster has extensive knowledge of systems and networking. his experience includes all manner of networking and systems including; ATM, BGP, GigabitEthernet, FDDI, etc. Rooster is currently a network engineer at a fortune 500 company where he maintains the Internet connectivity.
Jonathan Wignall - Extra Border Hacking - How a company can be hacked without the hacker ever picking on that companies machine.
It goes like this:
Find some guys in professional organisations (doctors, physicists...) with slightly unusual names (easier to search). Get a work address from the professional org. online registry. Get a home address from 411.com etc. Fly to the US. Buy a fake drivers licence. See e.g. sherlock, Internet DMV. Using the licence, rent an apartment. Obtain the guy's credit record. Using the apartment address, send off for credit cards to all the banks (s)he doesn't belong to, simultaeously, spreading the load across several credit reporting agencies. You may need to know the target's date of birth - phone them up, pretending to be from the professional organisation - "We need to update our records", "we're issuing tie clips to longtime members" etc. Open a bank account. When the credit cards arrive, use the convenience cheques to pay cash into the bank account. Buy counter cheques or money orders to your real name (or one of your aliases). Make sure each transaction is below the FBI radar of $20,000. Then move to another state and do it all over again.
Social Security Numbers in the US are a big source of problems - they were never intended as a universal database key.
Andrew Daviel, July 1999
For general network security tools, links etc. see my Security Page.