The Black Hat Briefings USA 1999
The following people spoke at the Black Hat Briefings USA '97.
Note: 03/12/2000: All speechs converted to new real media
formats, and the links were verified and updated
Dominique Brezinski - Security posture assessment (SPA) of Windows NT networks.

Though the level of security in a computer system should reflect the policies of the organization, a baseline reasonable policy will be used as the foundation for discussion of the methods, techniques, and tools used in doing a SPA for NT networks.  Common and not so common attacks against Windows NT networks will be discussed, as well as possible defenses that can be used to uphold the security policy.  There will as so be a small discussion about what and how information should be preserved in the case that a security incident occurs.  Some assessment tools will be provided. 

Mr. Brezinski has been researching Windows NT security for three years, which lead him to release a paper entitled "A Weakness in CIFS Authentication" that described, in detail, a fundamental flaw in the authentication protocol used in Windows NT. He has a background in network protocols, authentication, and intrusion detection.

Miles Connley - Firewalls: Not enough of a good thing

How the firewall fits into the corporate landscape.  While a firewall is a critical part of a companies security model, it is by no means the solution.  All too often, once an organization has realized that they need to secure themselves from Internet attacks, the response is to buy and install a firewall.  This is the right first step, but it ignores several important issues:  Many firewall products have their own failings, both obvious and subtle.  Firewalls are good at stopping known attacks, but not as good at detecting imminent attacks, or maintaining enough information to obtain a conviction.  Most firewalls are sold with the assumption that there is one inside and one outside.  This isn't as quite as simple in a world where most companies on the Internet have remote workers, partners who may also be connected to the Internet, and a company web site that anyone can get to.  This presentation will be an exploration of these problems,  the tools, products and techniques to overcome them. 

Mr. Connley has been an Internet and network security consultant for 5 years.  His customers have included Northwest venture capital and legal firms, as well as top 10 software companies. He currently works for the security consulting branch of a nationally recognized ISP. 

Chris Goggans - Internet attack methodologies.

This talk will be broken into three major parts, and will act as an introduction into the various aspects of computer security and intrusion detection concerns.  First, internet attack profiles  will cover network mapping, informational services, bug exploitation, advanced attacks, denial of service (DoS) attacks, and masking the intrusion. 

The second section will focus on defensive strategies and will covers three areas.  Firewalling techniques, application proxy firewalls, and intrusion detection.  Finally, a summary will talk about what to do to stay on top of your newly secured network. 

Mr. Goggans is a senior network security engineer at WheelGroup Corporation, a San Antonio, Texas-based company specializing in network intrusion detection products and information security consulting services. Mr. Goggans has performed security audits for some of America's largest corporations and has worked with federal authorities on some of the nation's most notorious computer crime cases. His work has been referenced in Time, Newsweek and Computerworld, and has been featured on CNN and CNBC. Goggans is a frequent lecturer on computer security and has held training seminars for NATO, the United States Department of Defense, and various law enforcement bodies. He was a co-author in "Implementing Internet Security" and "Internet Security Professional Reference" by New Riders Publishing, and "Using the Internet, 2nd Edition" by Que Corporation. His latest book, "The Complete Internet Business Toolkit" was published by Van Nostrand Reinhold.

Ray Kaplan - Meet The Enemy

Generally, "hackers" are regarded as criminals by the "legitimate community."  Who are these "hackers" that seem to keep whacking on our systems and networks? Are they merely scumbag reprobates that should be purged from the society?  Is there anything to learn from them?  This session is intended to introduce the two sides of the security equation to one another in a forum which fosters open, detailed, honest communication.  Bring your questions. 

Who are the enemies of computer and network security?  What techniques do they employ against us?  Are those that attack our  systems all just a bunch of slime balls that are devoid of morals,  ethics, and common sense?  While in the minority of reported  computer crime statistics, the skilled outsider still represents a  significant threat. 

This session explores who they are, their attitudes, their techniques, their successes and their failures from the  perspective of what we have to learn from them to better protect your systems and networks.  This classic session allows you to interact directly with members of the computer underground.   Join us for some stimulating conversation with those who computer security professionals consider to be their enemies. 

Mr. Kaplan has been actively involved with system and network security as a consultant for over half of his more than 20 years in the industry.  There is no question that he hacks.  However, he is not a criminal.  His clients have included the world's largest financial institution, smallest commodities broker and a wide variety of organizations, including multinational and Fortune 100 companies from all segments of the economy, and public institutions all over the world. 

Mr. Kaplan is a very prolific lecturer, instructor and writer.  He consults, lectures and teaches technical system and network-related topics all over the world.  His articles are frequently published in major computer journals and magazines.  In over ten years of public speaking and audio/video conference production, he has given over 2,000 technical, tutorial-style presentations and lectures in forums such as professional societies, seminars and his consulting.  As a frustrated inventor, he is forever trying to rid the world of inefficiency, frustration and waste by pursuing new paradigms in the delivery of training, education and technical information.

Mudge - Secure coding practices and source code analysis. 

Mudge works for a 3 letter organization that deals heavily with security, cryptography, and various other insundary fun projects.  He has been involved with computers and computer security for over 20 years. 

Mudge has given presentations and seminars for various government agencies.  His material and projects have been mentioned in interviews ranging from cryptography to intrusion techniques in major publications such as Wired Magazine, EE-Times, Lan-Times, OEM Magazine, Halting-The-Hacker (Prentice Hall).  Some of Mudgeās programs and tools have been reviewed at Usenix Security and IETF meetings (in particular the OTP meeting where Cheswick and Bellovin reviewed and analyzed Monkey,  the S/Key cracker).  Mudge has been responsible for 3 CERT advisories, and multiple Vendor patches / advisories.

QMaster - Secure implementations of  ActiveX in a corporate environment.

This talk will deal with the considerations of implements an ActiveX policy, issues of signed vs. unsigned ActiveX controls, and implementation strategies for use in firewall environments. 

Q Master currently a independent contractor at a large West coast software company and is currently designing and building future Internet technologies using Microsoft's ActiveX technologies as a primary delivery vehicle.

Jeremy Rauch - Security implications of distributed network management.

There are security implications and concerns involved with distributed network management protocols such as SNMPv1, SNMPv2, and DCE.  What are the risks with allowing remote management of your network, and how can these risks be minimized? 

Mr. Rauch has been involved in Computer Security as an independent security consultant and researcher for a number of years, specializing in Unix and network based security analysis and penetration techniques.  His latest research involves the analysis of network management protocols and implementations.  He recently began working for a major northwest computer security company. 

Route - TCP/IP insecurities.

This talk will including a brief introduction to TCP/IP, then a detailed discussion of several weaknesses, flaws, and vulnerabilities.  Some of the topics covered will be: ethernet packet sniffing (as the basis for many other attacks), IP address forgery, protocol tunneling, and TCP hijacking. 

Route is the editor of Phrack Magazine, the undergroundās largest electronic journal of computer hacking.  He is probably best known for making TCP SYN flooding such a popular topic last fall.  Route performs tiger team analysis of corporations as well as auditing and custom programming solutions in the unix environment. 

Bruce Schneier - Why Cryptograpy is harder than it looks.

Bruce Schneier is president of Counterpane Systems, a Minneapolis-based consulting firm specializing in cryptography and computer security.  Counterpane Systems designs and analyzes hardware and software cryptographic systems, advises on products and markets, and gives technical and business courses.  He also designed the Blowfish algorithm, still unbroken after years of cryptanalysis. 

Mr. Schneier is the author of Applied Cryptography (John Wiley & Sons, 1994 & 1996), the seminal work in its field. Now in its second edition, Applied Cryptography has sold over 60,000 copies world-wide and has been translated into four languages.  His papers have appeared at several international conferences, and he has written dozens of articles on cryptography for major magazines.  He is a contributing editor to Dr. Dobbs Journal where he edited the "Algorithms Alley" column, and a contributing editor to Computer and Communications Security Reviews. 

Mr. Schneier serves on the board of directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the Board of Directors of the Voter's Telcom Watch.  Mr. Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester. He is a frequent writer and lecturer on the topics of cryptography, computer security, and privacy. 

Peter Shipley - Securing your network with free utilities.

Contrary to popular managerial belief, there is a plethora of free and useful utilities and software packages for establishing, maintaining and monitoring secure systems and networks.  The trick is knowing where to find them, and implementing them in the most appropriate fashion.  This session will cover:  SSH,  S/KEY, Tripwire, Satan 2.X,  tcp_wrappers, toneloc, scotty, FreeBSD, SWAN, and other freeware solutions used to fill in a complete security picture. 

Mr. Shipley is an independent consultant from the San Francisco's Bay Area.  Mr. Shipley has been doing security for nearly thirteen years and is one of the few that is well known and respected in both the professional world as well as the underground and hacker community.  He has extensive experience in system and network security as well as programming and project design. Clients have included  TRW, DHL, Claris, USPS, Well Fargo, KPMG.  Currently his work is concentrating on completing a book as well as several personal research projects. 

Adam Shostack - Code Reviews: Making them worthwhile

The practice of reviewing code before deployment to detect problems has a long academic history.  The process is seen as too time consuming, too academic, and and no producing useful results. All three of these perceptions are wrong. 

Code reviews can be usually done quickly, if they are part of a goal oriented process.  What to look for, how to target the review on the right parts of the code, and how to use training and automated tools to speed the process will be covered. 

Mr. Shostack is an independent consultant from the Boston area.  He has recently taught an intensive two day course in computer and network security at the Financial Cryptography Workshop, and published papers exposing flaws in the SecurID system.  His clients have included large networking, financial and medical companies.

Sluggo - Denial of service attacks, and defensive strategies.

Ping of death, mass mail bombings, email attachment virii, SYN/ACK floods, what services are vulnerable, and what can be hardened?  This talk will focus on what the threat is, how to detect an attack and how to prepare a defense. Sluggo is currently working for a large corporation dealing in information security, and specializes in network attack methods and defenses, policy development and social engineering. He has consulted for the Canadian Security Intelligence Service, NATO, and miscellaneous agencies of the US Government. 

Richard Thieme - Keynote speech Thursday.

A "prominent American techno-philosopher" (LAN Magazine), Mr. Thieme is in demand as a speaker on the impact of technology on people and organizations.  His articles about the Internet -- more than 40 last year -- have been published in six countries.  He writes regularly for Wired and Internet Underground in the USA.  Mr. Thiemeās column, "Islands in the Clickstream," is published by numerous chapters of the Society of Professional Engineers, the Association of Multimedia Communication, the  Business News of Singapore, and on the Internet by Computer-Mediated  Communication and CTHEORY.  He speaks on everything from life in virtual organizations to security, privacy, and trust on networks.

Ira Winkler - Who are the real Black Hats?

When people hear about computer hacking and industrial espionage they think of those evil genius computer hackers and slick James Bond types.  They think that even if they were a target of these people, there is nothing people can do to stop them.  Nothing is further from the truth.  The real Black Hats are far from smart and slick. 

This presentation tells you who you really have to worry about, and most importantly how you would stop and catch them.  While a fair portion of this talk focuses on the biggest threats, which include simple errors and your own employees, the threats from competitors (both foreign and domestic), foreign countries, and yes those dreaded computer hackers are discussed in detail to put the true threats companies face in perspective. 

Mr. Winkler, CISSP, is the Director of Technology for the National Computer Security Association.  In his position he provides technical support to vendor and user consortia.  He  also consults to some of the largest companies in the world, helping them to define their security programs.  He has also investigated multi-million dollar computer crimes.  He is considered to be a World Leader in the fields of information warfare, industrial espionage, penetration testing and incident response. 

Mr. Winkler sits on several national advisory panels involved with the critical infrastructure protection.  He is also on the faculties of the Johns Hopkins University and the University of Maryland.  He is author of the book, Corporate Espionage, and is in the process of writing a book on incident response for O'Reilley & Associates. Mr. Winkler has appeared on Good Morning America, CNN, C|Net, and Building America.  He has also been on the Derek McGinty Show, and various radio shows throughout the country.  Mr. Winkler has been used as an expert on information related crimes, information warfare, and industrial espionage, and information security in general.

Priest Building the business case for management for increased security.

Hobbit -  Microsoft LM athentication, CIFS, and all kinds of password peoblems.