rss feed link header graphic


The Black Page is always looking for interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules.




A Message from Vincenzo Iozzo

contributed by Vincenzo Iozzo

During my presentation at this year Black Hat DC conference, I promised to show in the demo my attack applied to Safari. Unfortunately I forgot to patch a small bug in the code and wasn't able to show that part of the demo. This blog post serves for three key reasons:

To explain the problem that was encountered during the demo...



Black Hat Training

contributed by Jeff Moss

At Black Hat Training, we take pride in the quality of instruction we make available. We know that there are plenty of shows available in the field of information security, and we believe that the loyalty shown by our delegates is based in large part on the timely, technical and relevant training that we offer...


The Halvar Conundrum

contributed by Darington Forbes

Thomas Dullien, known in security circles as Halvar Flake, was scheduled to conduct a training class and a briefing at this year's Black Hat USA. Both were highly anticipated, both because Halvar is one of the foremost reverse engineers in the world and because he's been a popular speaker at the conference for the past seven years...



contributed by Darington Forbes

Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" This talk was removed from the schedule at the request of the presenters. The topic generated quite a great deal of interest and its removal from the schedule without comment has generated some confusion and controversy...



Mark Dowd, John McDonald, Neel Mehta, Paul Vincent Sabanal

Have you ever noticed that nearly all discussions regarding finding vulnerabilities or secure programming for C/C++ focus almost exclusively on C? The reasoning for this is most likely that the authors want to capture behavior that affects both of the languages, thus providing knowledge applicable to more developers/auditors and can be applied to more projects. This has resulted in an in-depth knowledge base of C-based issues that most security professionals know and an ever-increasing number of developers are aware of...



by Dominique Brezinski, Justin Ferguson, Ariel Waissbein & Damian Saura, Jonathan Afek, Haroon Meer & Marco Slaviero

It is that time again: Black Hat in the hot LV summer. It always comes sooner than I expect. We have been working like mad to get the schedule together, which is basically done. One of the underlying themes this year is timing. I don't pick these things; it is really a reflection of the direction of research in our community. Another theme is nuance...




by Dominique Brezinski, Chuck Willis, Dr. Neal Krawetz, Johnny Long and Kevin Mandia

I am so relieved. It has finally happened: the forensic field is transitioning from techniques that satisfy the needs of law enforcement to techniques that satisfy the needs of everyone else...


VOIP Security

by Dominique Brezinski, Doug Mohney, David Endler, Hendrik Scholz, Jay Schulman

In 2000 a co-worker brought an early Cisco VoIP phone into my office. He was tasked with doing a security review prior to a potential deployment in the company. His summation after five minutes with the docs, “It uses bootp and tftp to retrieve its operating image and unencrypted UDP to carry the audio stream...


Enterprise Networks vs. Cisco Vulnerabilities

by Paul Proctor

First, some context. I've been in security for 20 years and started my career as a kernel programmer. However, at Gartner, my job is to serve large enterprise clients (revenue $1B and up). It‚s fun to play both sides with technical knowledge and the big, strategic business context but let me be up front about one thing; I gave up my hands on technical skills long ago and now I talk for a living...


Advances in Anomaly Detection

by Tzi-cker Chiueh & Stefano Zanero

Since we published the PAID paper in 2004, people have asked whether the same approach could be extended to the Windows® platform where only application binaries are available. Originally, we thought it was just a matter of applying a state-of-the-art disassembler such as IDA Pro to a Windows binary to obtain its intermediate form, and then using the original PAID compiler to derive its sandboxing policy...


Abusing the Foundation

by Barnaby Jack & John Heasman

I’ve always been fascinated by hardware. We live in a world that revolves around being “connected”. From automobiles to home appliances, there is no shortage of Internet-connected devices. Has anyone ever thought about the possible mayhem that could ensue with a remote “oven overflow”?


Taking Apart Black Boxes

by Mikko Kiviharju, Philippe Biondi and Fabrice Desclaux

There is growing emphasis on reverse engineering in the security community. There is also an increasing interest in hardware hacking. As more people gain understanding of the art and techniques of these disciplines, they are collectively revealing soft spots in the security of what were previously opaque systems. From closed-sourced, proprietary software to peripheral devices, we are finally seeing in-depth, third-party security reviews...


Information in Unusual Places

Mariusz Burdach and Simson Garfinkel

Simson Garfinkel has purchased 500 hard drives on eBay and analyzed them to learn interesting things about their previous owners. He gave a presentation of his tools and techniques. Amazing...


Disinfecting Your Phone Without Lysol?

Jarno Niemelä

Historically, only file systems were considered as storage where evidence could be found. But what about the volatile memory that contains a huge amount of useful information? Why not dump the content of the memory during data collection from a suspicious computer? How do you analyze the physical memory? Is it possible? I will try to find the answer...


Post-Exploit Automation?

spoonm and skape

We have recently been on a new shellcode kick, but this time it's not about making them smaller. We're currently working on building very powerful new post-exploitation shellcode and toolkits, and a very powerful unified API to expose their functionality. ..


Worm Evolution

David Aitel and Billy Hoffmann

Jose Nazario, editor of, has this to say about my Nematode research: “What is interesting out of Dave's talk is the nematode generation tools he wrote. They work well, and they get around the problem of a lot of boilerplate code that has to be written for any worm. This is potentially a scary development, as more sophisticated attackers will begin improving their worms with these kinds of tools and dropping in exploits in a matter of minutes...



Invisible Incidents

Kevin Mandia


Implications of the Lynn Cisco Research, and Moving Forward

Jeff Moss


Insecure Countermeasures

David Maynor and Alex Wheeler


Blackmail and Bribery War Stories

Robert Morris and Renaud Bidou


SQL Injection v. Input Validation - New Theories

Robert Hansen and Michael Pomraning


Hardware Guys

Joe Grand and Darrin Barrel


Poking at Protocols: SSH and SPA

Adam Boileau and MadHat


New Doors To Your Network

Beetle, Alex Stamos and Scott Stender


Psychology and Organized Crime,

Mudge and Kenneth Geers


Above the Law

Jennifer Granick and Robert Clark


Smile You're on P2P

Ian Clarke and Oskar Sandberg


Big Companies, Big Targets

j0hnny long

1997-2008 Black Hat ™