Black Hat USA 2014 Trainings are filling fast!

Register now so you don't miss out on the Training course you want | more info

In our increasingly network-reliant age, distributed denial of service attacks can have massive real-world consequences, so defending against -- and perpetrating! -- DDoS attacks are both big businesses. Black Hat USA 2013 has three stellar DDoS-related Briefings lined up, covering the topic from multiple angles.

Commercial DDoS-mitigation technologies range from malformed traffic checks to traffic profiling/rate limiting to CAPTCHA-based authentication, but Tony Miu, Albert Hui, and Wai Leng Lee seem to have poked holes in all of them. In Universal DDoS Mitigation Bypass the trio will reveal how they emulate legitimate traffic characteristics to bypass all current DDoS mitigators, and will release a potent tool that translates all of their ideas into real-world DDoS attacks. They'll wrap by proposing a next-generation mitigation technique that might be effective against their tool's powerful exploits.

Next up, so-called "booter" services allow anyone with a bit of money to DDoS any other person or website off the Internet. These shady enterprises are so mainstream that many accept PayPal. In Spy-Jacking the Booters Brian Krebs and Lance James will take a deep dive into the booters' world, revealing what they've learned about their functioning and exposing both booter proprietors and the customers who use them. They'll also discuss vulnerabilities they've found in many booter websites, as well as lessons we can draw about how booter targets can defend themselves.

Finally, the largest DDoS attack yet climaxed on March 23, 2013, when the anti-spam organization Spamhaus was allegedly barraged with over 300 gigabits per second of traffic that simultaneously targeted Layer 3, 4, and 7. Join Matthew Prince for Lessons from Surviving a 300Gbps Denial of Service Attack, where he will share the story of what happened that day, from his perspective. How did they measure this much traffic? How did they pick apart and mitigate the attacker’s methodologies? How did Spamhaus remain online? Join Prince to see how, and what key vulnerabilities were exposed by the massive DDoS attack that will have repercussions in future, inevitably larger attacks.

LatestIntel

  • Black Hat USA 2014: Digital Forensics (aka CSI Online) | more info
  • Black Hat USA 2014: Pentesting? Thought You'd Never Ask | more info
  • Black Hat Asia 2014: Clever Network
    Tricks | more info
View More

UpcomingEvents

ShowCoverage

StayConnected

Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

Email*
First Name
Last Name
Subscription Group

Sustaining Sponsors