Black Hat Digital Self Defense
Current Organization and Media Sponsors for Black Hat Briefings Asia 2002
Jay Beale

Shaun Clowes

Stephen Dugan

Riley "Caezar" Eller

Halvar Flake


Jeremiah Grossman

Greg Hoglund

Dan Kaminsky

Martin Khoo

Larry Leibrock


David Litchfield

Haroon Meer

Tim Mullen

Saumil Udayan Shah

Thomas C. Waszak

main speakers schedule sponsors training hotel & venue

detailske me to..
Topic descriptions are listed alphabetically by speaker.

Attacking and Securing UNIX FTP Servers
Jay Beale, Founder & Principal Security Consultant, JJB Security Consulting & Training

The Unix FTP servers have been called 'the IIS of the Unix world' for their frequent and potent vulnerabilities. Each has provided remote exploits, usually at the root privilege level, on a consistent and frequent basis. WU-FTPd is the most popular Unix FTP server by far, shipping by default on most Linux distributions, and even on Solaris, and being installed most commonly on the rest of the Unix platforms. This talk will demonstrate working exploits on WU-FTPd, then show you how to configure WU-FTPd to defeat them. While the talk will use WU-FTPd as the primary example, we'll also discuss ProFTPd, the other major FTP daemon for Unix.

Jay Beale is the founder and principal security consultant for JJB Security Consulting and Training. He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX. Jay is the author of a number of articles on computer security, along with the upcoming book "Locking Down Linux the Bastille Way" to be published in the second quarter of this year by Addison Wesley. You can learn more about his articles, talks, courses and consulting via

Return to the top of the page

Phase II - 2nd Generation Honeynet Technologies
The Honeynet Project, Jay Beale, Founder & Principal Security Consultant, JJB Security Consulting & Training

Honeynets are a sophisticated type of honeypot used to gather information on the enemy. The Honeynet Project has made extensive advances in Honeynet technologies, what we call GenII systems. These technologies are easier to deploy, harder to detect, and capture
greater levels of information. The Project will discuss in detail how these technologies work, examples of deployments, and our findings. We will also discuss the Honeynet Research Alliance, an organization of Honeynets distributed around the world.

We will also be covering the Reverse Challenge and the binary in question.

We will conclude our presentation with a discussion panel. You will have the chance to ask Honeynet members question about Honeynets, how they work, their value, their findings, and the blackhat community in general.

The Honeynet Project is a non-profit, all volunteer security research organization dedicated to researching the blackhat community, and sharing the lessons learned. Made up of thirty security professional, the Project deploys Honeynet around the world to capture and analzye blackhat activity. These lessons are then shared with the security community. The Honeynet Project began in 1999 and continues to grow with the founding of the Honeynet Research Alliance. You can learn more about the Project at

Jay Beale is the founder and principal security consultant for JJB Security Consulting and Training. He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX. Jay is the author of a number of articles on computer security, along with the upcoming book "Locking Down Linux the Bastille Way" to be published in the second quarter of this year by Addison Wesley. You can learn more about his articles, talks, courses and consulting via

Return to the top of the page

Fixing/Making Holes in Binaries: the Easy, the Hard, the Time Consuming
Shaun Clowes, IT Director, SecureReality

The ability to modify a binary while on disk or as a running process provides an amazing array of opportunities for the systems programmer or blackhat/whitehat since it is then possible to modify a program to:

  • Insert debugging/profiling code
  • Render it invulnerable to a known security issue
  • Add malicious code (e.g a backdoor)

However, traditionally both in file and runtime binary modification have been sufficiently complex to limit their use to virus writers, black hats and others with a reasonably intimate understanding of systems level programming.

This talk will attempt to demystify both binary and runtime program modification, focusing on the modification of ELF binaries under Linux and Solaris. In particular a variety of methods will be discussed and demonstrated including:

  • Binary patching
  • Process memory patching
  • Library interception
  • Run time library interception

The talk will cover the basic approach behind each of the methods along with their advantages and disadvantages. The demonstrations will show how the methods can be used for evil but more importantly how they can empower administrators and systems programmers to protect applications for which they do not have the source from known security vulnerabilities (rather than falling at the mercy of the software vendors).

A substantial amount of the talk will be devoted to discussion about and demonstration of injectso, a recently released tool by the speaker that allows for simple run time patching of processes under Solaris (Sparc) and Linux (IA32 and Sparc) through the injection of shared libraries.

Shaun Clowes is the IT Director of SecureReality, a small cutting edge security consultancy based in Sydney, Australia. Shaun holds an honors degree in Computing Science from the University of Technology Sydney and has a wide technical background in IT including Unix systems programming, networking and systems/security administration. Shaun leads the vulnerability research arm of SecureReality which is broadly exploring the security landscape testing both the obvious targets and the glue that holds everything together.

Return to the top of the page

Cisco Security
Stephen Dugan, CCSI

This talk will focus on tying together your security within a well designed campus network. Understanding the layer 2 and layer 3 attacks against your Cisco network is one thing, learning how to apply methods to stop them within a structured design is another matter. Practical application of these security measures brings many challenges, compromises, and common mistakes.

We will tackle this from a couple different approaches. First we will look at some design models and show some possible security issues inherent with the model itself. What specific commands will be needed, and where will they be applied, within your network. Second we will look at some proactive testing. Start some sniffing at the user’s connection at look for things we shouldn’t see. If we see protocols like L3 Routing updates, CDP, STP or others where could we apply commands to stop the user from seeing network management protocols? Third we will look at some configurations and point out some common mistakes that lead to opening various security holes.

Stephen Dugan is currently an independent contract instructor and network engineer. He has been teaching Cisco networking for the last 3 years focusing on Router and Switch configuration, Voice/Data integration, and Network Security. His students come mostly from Fortune 500 companies and large service providers. He also teaches private internal classes to Cisco Employees. As a Sr. Network Engineer he has worked on the design and implementation of large enterprise, government contractor, and service provider networks. He is also working on a new series of security books entitled "Hacker Attacktecs." The first three planned books will cover Windows, Unix/Linux, and Cisco exploits and how to defend against them.

Return to the top of the page

Aggressive Security Revisited
Riley "Caezar" Eller, Principal Architect, Cenzic, Inc.

Defensive security models were adopted in the past in many cases because they were cheap. Over time the value proposition has changed but much of the world has failed to reevaluate their position. White-list security models can be undervalued due to misconceptions about the relative costs involved. With recent advances in help-desk automation, even the original cost concerns can be allayed.

We will discuss self-maintaining white lists, automated password recovery, and shared-list web filtering as exemplify the 'default deny' mindset deemed impractical in days gone by.

Riley "Caezar" Eller is the principal architect for CenziC, a firm devoted to providing a platform for security and reliability assurance. Products containing his code are deployed in every corner of the globe for every purpose from vending machine to ruggedized handhelds for couriers.

Mr. Eller specializes in analysis of lexical systems, social networks and artificial life. His work is key to four patents, a half dozen award-winning products and a series of excellent parties.

Return to the top of the page

Graph-Based Binary Analysis
Halvar Flake, Reverse Engineer, Black Hat Consulting

Though many Servers run Open-Source solutions these days, a lot of the critical infrastructure consists of commercial closed-source software: From IDS Sensors over VPN Gateways and Enterprise Database Servers to large Firewalls: Closed Source is still everywhere. An attacker who is proficient at reverse engineering can - given the right amount of time - find bugs in these critical programs and then attack the network with undisclosed bugs - which is every administrators Nightmare.

Binary analysis is a time-consuming and tedious process, and few people outside of government agencies are proficient at it. Even fewer people realize that a large part of the analysis process can be automated, and that binary analysis can at times even come up to the speed of source code analysis.

This presentation will explain some concepts & tools which can drastically improve the performance of a the reverse engineer when trying to find security-critical vulnerabilites such as buffer overruns. Various ideas and their implementation will be discussed- from graph-coloring using an interface to running a debugger to analysis of flowgraphs to automatically find buffer overruns.

The tools & methodologies presented will be tested 'in the wild' by letting them run over a few major commercial software packages.

Halvar Flake is Black Hat's new resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.

Return to the top of the page

Attacking Networked Embedded Systems
FX, Phenoelit

Every device on a network that has a processor, some memory and a network interface can become a target. Using printers as an example, the talk will show how a seemingly innocent device can be used by attackers, ranging from attacks on the device to the point where the embedded system becomes an attack platform itself.

The second part will cover software vulnerabilities in embedded systems and the fact that they can ideed be exploited - with a lot less efford then most people still think. As an example, a walk through of a real remote Cisco IOS exploit will be presented.

FX of Phenoelit is the leader of the German Phenoelit group. His and the group's primary interests are in security implementations and implications of standards or less-known protocols. FX works as a Security Solution Consultant at n.runs GmbH.

Return to the top of the page

Identifying Web Servers: A First-look Into the Future of Web Server Fingerprinting
Jeremiah Grossman, Founder & Chairman of WhiteHat Security, Inc.

Many diligent security professionals take active steps to limit the amount of system specific information a publicly available system may yield to a remote user. These preventative measures may take the form of modifying service banners, firewalls, web site information, etc.

Software utilities such as NMap have given the security community an excellent resource to discover what type of Operating System and version is listening on a particular IP. This process is achieved by mapping subtle, yet, distinguishable nuances unique to each OS. But, this is normally where the fun ends, as NMap does not enable we user's to determine what version of services are listening. This is up to us to guess or to find out through other various exploits.

This is where we start our talk, fingerprinting Web Servers. These incredibly diverse and useful widespread services notoriously found listening on port 80 and 443 just waiting to be explored. Many web servers by default will readily give up the type and version of the web server via the "Server" HTTP response header. However, many administrators aware of this fact have become increasingly clever in recent months by removing or altering any and all traces of this telltale information.

These countermeasures lead us to the obvious question; could it STILL possible to determine a web servers platform and version even after all known methods of information leakage prevention have been exhausted (either by hack or configuration)?

The simple answer is "yes"; it is VERY possible to still identify the web server. But, the even more interesting question is; just how much specific information can we obtain remotely?

Are we able to determine?

  • Supported HTTP Request Methods.
  • Current Service Pack.
  • Patch Levels.
  • Configuarations.
  • If an Apache Server suffers from a "chunked" vulnerability.

Is really possible to determine this specific information using a few simple HTTP requests? Again, the simple answer is yes, the possibility exists.

Proof of concept tools and command line examples will be demonstrated throughout the talk to illustrate these new ideas and techniques. Various countermeasures will also be explored to protect your IIS or Apache web server from various fingerprinting techniques.

General understanding of Web Server technology and HTTP. 

Jeremiah Grossman is the founder and CEO of WhiteHat Security, Inc. and former Yahoo! Information security officer.

As information security officer at Yahoo!, Jeremiah designed, audited, and penetration-tested the company's web applications. As one of the world's busiest web properties, all of these applications demanded the highest level of security available.

Continuing his work of the past 5 years, Jeremiah researches and applies his expertise to information security with special emphasis on prevention of web application intrusion. Grossman is one of the principal developers of widely-used WhiteHat Arsenal as well as presented Web Application Security talks at many security conventions including the BlackHat Briefings, the Air Force and Technology Conference, Defcon and ToorCon. He is considered to be among the world's foremost web security experts. Jeremiah is also contributing member to Center for Internet Security Apache Benchmark Group.

Return to the top of the page

Exploiting Parsing Vulnerabilities
Greg Hoglund, Founder, Cenzic, Inc.

This talk will focus on reverse engineering parsing code using a combination of IDA-Pro and runtime debugging tools. Several important techniques are revealed that will assist the practitioner in locating and exploiting user input problems in software. The author will present a custom debugging tool called 'The Pit' which automates data input tracing in runtime executables. To make the most of this talk, attendees should have a basic understanding of software debugging and assembly language.

Greg Hoglund has focused his career on the issues facing the security community. Capitalizing on his growing security knowledge, he wrote one of the earliest security scanners, which he sold to WebTrends, Inc. and joined the company in a strategic product-development role. Today, his scanner is renamed the WebTrends Security Analyzer and is installed in over half of the Fortune 500 companies. Hoglund later joined Tripwire, Inc. in a key R&D role at the computer security company.

Hoglund steadily expanded the breadth and intensity of his security knowledge, emerging as a recognized expert on many facets of security technology. He has been a frequent speaker at computer security conferences - including Black Hat, DefCon, Infosec, and SANS in the US, Europe and Asia-Pacific - and has authored several respected papers on security topics.

Hoglund's experience and expertise led directly to co-founding Cenzic Inc. with Penny Leavy in May of 2000 to provide a true security-QA platform that will effectively enable security risk management.

Return to the top of the page

Black Ops Of TCP/IP: Advanced Network Disconstruction
Dan Kaminsky, Cryptotheorist, DoxPara Research

There's more to your network then you might have assumed. Intelligent, active devices litter the paths between hosts that themselves have unexplored and underutilized code paths. You know this from the number of flat out attacks that use mangled packets to destroy; what is becoming apparent however is that there's an entire class of functionality used when specially constructed packets are employed *not* to destroy, but to create. As the author of the recently released Paketto Keiretsu, I will be discussing and unveiling work relating to the following:

  • Methods for multicasting into subnets behind NAT firewalls
  • Alternative strategies for multiplexing globally addressable IP addresses, with end-to-end packet integrity if need be.
  • Useful and academic methods of establishing connection streams between two NATted hosts
  • Secure and immediate strategies for large scale service scanning of IP networks
  • Integration of OpenSSH into packet-level engineering
  • Implications of newly found capacity for data reflection and metadata tunneling in existing network protocols

The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. He recently wrote the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.

Return to the top of the page

Computer Forensics - Tracking the Cyber Vandals
Martin Khoo, Assistant Director, SingCERT, IDA Singapore

Computer forensic capabilities have become a critical skill of security practitioners as part of their arsenal to combat cyber security incidents. To be an effective investigator, we need to look beyond what is obvious and hence the necessity to dig deeper into the "crime scene" to uncover hidden evidence. This presentation endeavors to share with you the process, techniques and tools that are employed by computer forensic investigators in their continuing tussle with cyber security incidents.

  • What is an Incident response toolkit?
  • Setting up a forensic analysis workbench
  • Forensic process
  • Tools of the trade
  • Case study
  • Forensic failure

Martin Khoo is an Assistant Director of infocomm security with the Infocomm Development Authority (IDA) of Singapore. He leads a department charged with providing security profiling, monitoring and incident management to the government agencies and organizations. Martin is also the founder and Assistant Director of the Singapore Computer Emergency Response Team (SingCERT), which is the national security incident response center, charged with the prevention, detection and resolution of computer security incident. He manages a group of Security Consultants providing incident resolution and security awareness promotion to the local IT industry and general public. Martin has over 10 years of experience in the IT industry with the last 7 years specializing in IT security. He is a Certified Information System Security Professional (CISSP). Martin is a frequent speaker at security conferences on subjects regarding security and incident handling. He spoke at the Black Hat Asia, 2001 security conference in Hong Kong and Singapore in April 2001 and was the keynote speaker at the recent National Network Security 2002 conference in March 2002. He is the current Vice President of the Information Security Association, Singapore.

Return to the top of the page

Java and Java Virtual Machine Security Vulnerabilities and Their Exploitation Techniquess
LSD, Last Stage of Delirium Research Group

The presentation would be divided into two parts.

Part 1: Fundamental information about Java and JVM security will be presented in order to understand the second part of the presentation. In this introductory part we will briefly present Java language built-in security features, applet sandbox model,security manager and bytecode verifier.

Part 2: Will be focused on actual JVM security vulnerabilities and attack techniques. In this second part we will present common attack techniques that can be used against JVM. Along with that applet sandbox escaping techniques will be also discussed in the context of Internet Explorer and Netscape Communicator web browsers.

Next, a detailed discussion of several known (though unpublished) JVM security vulnerabilities along with their exploitation techniques will be presented. It will be followed by a presentation of some new and not yet published security vulnerabilities in Microsoft, SUN and Netscape's JVM implementations. At the end of the talk some thoughts will be given with regard to JVM security, the threats posed by its vulnerabilities and possible implication they might have for users of all kind of mobile equipment.

Last Stage of Delirium Research Group is a non-profit organization established in 1996 in Poland. Its main fields of activity cover various aspects of modern network and information security, with special emphasis on analysis of technologies for gaining unauthorized accesses to systems (including the actual search for vulnerabilities, developing reverse engineering tools, proof of concept codes as well as general technologies for exploitation of vulnerabilities). The group has significant experience in performing penetration tests (based upon own codes, tools and techniques) as well as in design and deployment of security solutions for complex network infrastructures including experiments with Intrusion Detection and Prevention Systems.

The group consists of four members, all graduates (M.Sc.) of Computer Science from the Poznan University of Technology. For the last six years they have been working as Security Team at Poznan Supercomputing and Networking Center. As the LSD Research Team, they have also discovered several vulnerabilities for commercial systems and provided proof of concept codes for many others. More information including samples of their work can be found at the LSD website.

Return to the top of the page

Forensics Tools and Processes for Windows XP Platforms®
Larry Leibrock, Ph.D, Associate Dean, CTO, McCombs School of Business Administration, The University of Texas

This overview will involve case investigation procedures and a set of advanced tools for the imaging, forensics review and reporting processes involving Windows client platforms. The course will include use of a set of tool to analyze digitally stored case evidence on exclusively Windows XP systems.

These items of evidence are becoming increasingly important in a wide variety of administrative, civil and criminal cases, and numerous law enforcement agencies, which have trained personnel, to retrieve this evidence from computers. To increase the effective investigation and prosecution of criminals who utilize computers, it is critical for systems professionals and investigators to understand the basic concepts of information technology, computer security, evidence controls and the forensic examination of digitally stored information.

In this intensive talk, attendees will receive vital information on the processes and tools used to collect and analyze digital evidence on Windows XP. In addition to reviewing the typical areas where digital evidence may be located or hidden within a computer a range of forensics tool kits will be used to extract such information.

Larry Leibrock, Ph.D., is a member of the McCombs Business School – The University of Texas faculty and serves as the Associate Dean and Technology Officer for the McCombs Business School. He has held or currently holds clinical teaching and research appointments at McCombs Business School, Institute for Advanced Technology, The University of Texas Law School, Emory University, Helsinki School of Economics and Monterrey Technologica in Mexico City and Monterrey. He is a member of IEEE, ACM, Internet Society, FIRST and USENIX/SAGE. He is also a member of the Department of Defense Software Engineering Institute and a participant in the Air Force Software Technology Conference. He is the founder and CTO for eForensics LLC, a private technical services firm.

He has experience in enterprise systems support, offensive/defensive systems security measures, systems security audits, and IT deployment projects in both governmental and corporate settings.

In clinical practice, he has served as the project manager in over IT projects in several US and international sites. He holds professional certifications in IT project management, Windows“, UNIX“, systems performance, computer security and networking. He has authored papers in the topics of information systems attacks, encryption, public key infrastructures, privacy, systems survivability and systems forensics.

He has won several University teaching awards and has served as an expert in a range of legislative matters, judicial testimony, and legal disputes. Larry has served as a Special Master for a Texas Court in the areas of systems management, systems survivability, security and protection of systems mechanisms.

Larry has delivered expert digital evidence testimony at both civil and criminal trials. He has testified for the Presidential Commission for Protection of Critical Information Infrastructure and the Senate Science Committee. He recently presented forensics testimony at an invitational conference for the Executive Office of the President. He presently serves on the Texas Infrastructure Protection Advisory Committee formed by the Attorney General of Texas. He is also appointed to the Board of Directors - Texas Department of Information Resources. Larry is active in IT industry and government systems consulting projects in the areas of systems forensics, enterprise IT operations, security and incident investigations.

Return to the top of the page

Database Security - The Pot and the Kettle.
David Litchfield, Managing Director & Co-Founder, Next Generation Security Software

This talk will examine the database server offerings from both Microsoft and Oracle and show that, regardless of certification, market campaigns and slurs, each would be better spending their time writing a more secure product.

This will cover two new vulnerabilities that allow full compromise of a system running MS SQL Server 2000 with a single UDP packet and without needing to authenticate.

This will cover two format strings vulnerabilities and a buffer overrun that can be exploited without authentication.

The talk will end with what steps one can take to help prevent database system compromise.

David Litchfield is a world-renowned security expert specializing in Windows NT and Internet security. His discovery and remediation of over 100 major vulnerabilities in products such as Microsoft's Internet Information Server and Oracle's Application Server have lead to the tightening of sites around the world. David Litchfield is also the author of Cerberus' Internet Scanner (previously NTInfoscan), one of the world's most popular free vulnerability scanners. In addition to CIS, David has written many other utilities to help identify and fix security holes. David is the author of many technical documents on security issues including his tutorial on Exploiting Windows NT Buffer Overruns referenced in the book "Hacking Exposed".

Return to the top of the page

Neutralizing Nimda: Technical, Moral, and Legal discussions of an Automated Strike-back
Timothy Mullen, CIO, AnchorIS.Com

This session is more about questions than it is about answers. Though almost a year old, Nimda continues to propagate while it consumes bandwidth and resources in the process. Patches have been available since before Nimda struck and clean-up utilities are provided for free; yet we continue to log attacks against our servers on a daily basis. Nothing effective is being done: If you are lucky enough to get a response from an ISP, they will claim their hands are tied, and know-nothing administrators shrug as they delete notification emails.

So, what are your rights when it comes to defending yourself from attack? What are your rights to stop an attacking box from consuming your resources?

We have developed an automated strike-back method where a system can now defend itself against an attacker by neutralizing an attacking box. Currently, deployment of such a system would be considered illegal by many and immoral by others.

This session will discuss several technical methods one can use to stop such an attack (in varying degrees of "finality"), the moral and ethical ramifications of utilizing such a system, and will also attempt to broach legal questions such as "how much is too much," and discuss the application of physical law, i.e. "self defense," to internet events such as worm attacks. [Note- Mr. Mullen is not a lawyer. Though opinions and content may be contributed by practicing attorneys, this session is not an attempt to educate the public to the interpretation of law or provide legal guidance in any way.]

Timothy Mullen is CIO and Chief Software architect for AnchorIS.Com, a developer of secure enterprise-based accounting solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles.  A.k.a. Thor, he is the founder of the "Hammer of God" security coop group.

Return to the top of the page

Top Ten Web Attacks
Saumil Udayan Shah, Director, Net-Square

Saumil Shah holds a designation as a Certified Information Systems Security Professional (CISSP). Saumil has had over 6 years of experience with system administration, network architecture, integrating heterogenous platforms and information security, and has performed numerous ethical hacking exercises for many significant companies in the IT arena. Saumil has been employed by Foundstone, working in ethical hacking and security architecture. Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young where he was responsible for their ethical hacking and security architecture solutions. 

Saumil graduated from Purdue University with a Masters in Computer Science and a strong research background in operating systems, computer networking, information security and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in Computer Engineering from Gujarat University, India. Saumil has also authored a book titled "The Anti-Virus Book" published by Tata McGraw-Hill India. Saumil has also worked at the Indian Institute of Management, Ahmedabad as a research assistant.

Return to the top of the page

Setiri: Advances in Trojan Technology
Haroon Meer, Technical Security Specialist, SensePost

The presentation will describe the inner workings of the Trojan "Setiri". Setiri leads a new wave of Trojan Horse technology that defeats most conventional security devices including personal firewalls, NAT, statefull inspection firewalls, IDS, proxy type firewalls and content level checking. The presentation will focus on the setting up of a bi-directional communication stream in non-conducive environments, rather than describing the features of the Trojan.

The presentation will include an online demonstration - a well-protected PC located inside a heavily protected environment will be Trojaned with Setiri. The computer will be taken over by a Controller that is situated outside of the network. At the same time network traffic will be manually inspected.

Haroon Meer joined SensePost as a Technical Security Specialist after over 7 years in the Networking/Security industry. He has a wide background in security & networking from writing code to administration of large Campus networks. He is currently heavily involved in the development of additional security tools and proof of concept code and has been a speaker at the recent Black Hat Windows Briefings in New Orleans.

Return to the top of the page

Information Security
Thomas C. Waszak, Information Security Special Projects Leader, Washington Mutual Bank

Thomas Waszak is currently an Information Security Special Projects Leader and a CSIRT Investigator for Washington Mutual Inc. in Seattle, Washington. He is a CISSP and has been an information security professional for a number of years. He contributed a chapter to the recently published information security book called "The Secured Enterprise; Protecting Your Information Assets". 

Return to the top of the page

Black Hat Logo
(c) 1996-2007 Black Hat