Last week an impressive crowd of security professionals, high profile speakers, hackers as well as incognito individuals going only by their first name, gathered at the Moevenpick Hotel Amsterdam City Centre in the Netherlands to attend one of the most important security events in the world – Black Hat Briefings & Training Europe.
The most intensive part of Black Hat is certainly the training and new for this year were Metasploit 3.0 Internals (by Matt Miller, aka skape), Web Application (In)security (by NGS Software) and Live Digital Investigation -Investigating the Enterprise (by WetStone Technologies).
The Briefings were filled with fascinating presentations covering a variety of topics, here are some of them:
- RFIDIOts!!! – Practical RFID hacking (without soldering irons) by Adam Laurie.
- SCTPscan – Finding Entry Points to SS7 Networks & Telecommunication Backbones by Philippe Langlois.
- Data Seepage: How to Give Attackers a Roadmap to Your Network by David Maynor & Robert Graham.
- Software Virtualization Based Rootkits by Sun Bing.
- GS and ASLR in Windows Vista by Ollie Whitehouse.
- Attacking the Giants: Exploiting SAP Internals by Mariano Nuñez Di Croce.
- Making Windows Exploits More Reliable by Kostya Kortchinsky.
A variety of IT companies watch closely the materials presented at Black Hat as they are always very cutting-edge and sometimes present holes in very popular software and operating systems.
This year, a plethora of attention was focued towards Nitin Kumar and Vipin Kumar that presented “Vboot Kit: Compromising Windows Vista Security”. They got an invitation to dinner from Microsoft and we could see they were very excited about it. After all, they came from India to get a job in the industry.
Under the microscope were Dror-John Roecher and Michael Thumann since they spoke about Cisco in their “NACATTACK” presentation. Cisco wasn’t tearing up conference material and we learned that they just had a pleasant conversation with the authors. Some change from the 2005 incident with Michael Lynn from ISS where Cisco acted like a bully. Lessons learned!
For all of you that are eager to get more knowledge I suggest you the material that was presented at Black Hat. Keep in mind that it does require quite a bit of advanced knowledge.
If you need credits towards a certification, you’d be glad to know that ISC2 credits are available to everyone that attends. The large growth in the number attendees (from 300 to around 450 this year) and the high quality of the presented material, Black Hat Europe is proving to be the best event of its kind in this part of the world. If that’s not enough, the Google folks with the “Hiring Squad” T-shirts should be enough for anyone having the skills and looking for a high-profile job offer.
Photos are a courtesy of Gohsuke Takama.