There's a bounty of compelling content about penetration testing being presented at this years Black Hat USA conference and trade show.
As always, the Black Hat USA Conference promises to deliver an avalanche of cutting-edge IT vulnerability and exploit research during 2009, and Core Security Technologies experts will be on hand to both surface their own new findings, as well as to absorb as much of the intelligence being provided by our many colleagues, partners and peers across the industry who are participating in the show. Our CEO Mark Hatton also called out a number of the customer-oriented events that Core is sponsoring at the hacking summit is his blog posted last Friday.
At first glance, the 2009 iteration of Black Hat would appear to offer a particularly sizeable array of presentations that are certain to strike a chord with our customers and other people interested in, or operating in and around the penetration testing space. Of course, after drawing widespread interest with their advanced BIOS security research at the increasingly influential CanSecWest conference this Spring, some of our CoreLabs researchers will again take the stage at Black Hat to present some truly chilling discoveries that could affect millions of mobile computer users worldwide. A potent follow-up to CoreLabs’ breakthrough Cisco IOS rootkit presentation given at Black Hat 2008, we of course feel that the findings that will be presented by Core exploit writers Alfredo Ortega and Anibal Sacco on Thursday will be among the most compelling reports of the entire week. At the same time, it’s hard to ignore some of the other truly intriguing talks that are scheduled to commence Wednesday morning as Black Hat begins its briefings track in complement to its training programs, which are already in progress. Along with your predictable array of eye-opening Black Hat presentations planned by highly-recognizable industry researchers and experts, there will be a number that address issues directly of interest to the vulnerability analysis and penetration testing sector.
A Pen Tester’s Buffet
Among the planned speeches that would appear most relevant to pen testers, are presentations including those to be given by:
-Michael Eddington, who will address the notion of “Demystifying Fuzzers” as he reviews a number of both the commercial and open source fuzzing tools available on the market today and provides insight into their different strengths and use cases.
-Stefan Esser, who will talk about post exploitation techniques for pen testers working in hardened PHP environments, including challenges arising from the different protection mechanisms for PHP shellcode and the internal memory structures of PHP that are required to write stable local exploits.
-Riley Hassell, who will present on the topic of “Exploiting Rich Content” and show how vulnerabilities found in many advanced Internet applications can be used to carry out potential attacks.
-Vincenzo Iozzo and Charlie Miller, who will discuss the “jailbreaking” of mobile devices including Apple’s iPhone and run high level payloads on phones by defeating code signing protections after exploitation – thereby improving the efficiency of such efforts.
-Mike Kershaw, who will speak about techniques used to execute “hijacking” on Wifi networks inside the MSF framework and demonstrate client attacks against popular Web sites by poisoning the TCP stream, feeding MSF payloads to clients, and modifying previously transmitted TCP streams.
-Felix "FX" Lindner, who will focus on “Router Exploitation” and how the art of pen testing of networking equipment has evolved over the recent past to its present state, including via attacks on Cisco equipment. Hello Cisco IOS Rootkit!
-Moxie Marlinspike, who will share “More Tricks For Defeating SSL” during pen testing and highlight new tools and tricks aimed at various points of communication using SSL technology and attacks on SSL/TLS connections themselves.
-John McDonald and Chris Valasek, who will offer practical tips for carrying out Windows XP/2003 heap exploitation, specifically techniques for attacking application data and heap meta-data, as well as tactics for creating predictable patterns in heap memory for use in supplying rogue data structures as part of exploitation.
-Charlie Miller and Collin Mulliner, who will outline how to find vulnerabilities in smart phones using fuzzing techniques and present tactics which allow researchers to inject SMS messages into iPhone, Android, and Windows Mobile devices.
-Michael Tracy, Chris Rohlf and Eric Monti, who will discuss the use of Ruby by pen testers, including everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications.
Use of the Metasploit open source pen testing framework has also gained its own presentation track at Black Hat 2009, with a number of different talks planned. So, considering that there will also be pen testing content at the Defcon show later this week and at the ongoing, alternative Security B-Sides conference – launched to give a platform to researchers who didn’t make the cut at Black Hat – there should be no shortage of great intelligence to tap into this year. Now, good luck finding the time to see them all, or even half of them. And I’ll be manning the booth for Core, so stop by and say hello if you’re here on site.