"So now we have two large organizations using what I like to call a 'two time pad'"

[dave <dave () immunitysec com>]

It was certainly cool listening to Robert Morris talk. Defiantely one of 
the highlights of BlackHat for me this year was listening to him ask 
Halvar questions about Germany. In German, sometimes. Mr. Morris speaks 
quite a few langauges. As someone once said: To hack in a country, you 
have to speak the language.

Following is my review of the talks I went to. I try to do this after 
every convention. Obviously, other opinions are welcome.

All New Ø-Day

David Litchfield 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#Litchfield>

This talk dissapointed a lot of people, but I quite liked it. There was 
no "0day" in the talk explicitly, which is what everyone came to see. A 
classic case of mismatched sales expectations. But there was a lot of 
here, like some quick examples of SQL injection in stored procedures, 
exploiting "bounce-back" (my term for what DL calls secondary SQL 
injection) and some details of how the Oracle database operates 
internally. With a tiny bit of luck, you could go into an Oracle 
database and use this information to "root" it. Not that this is hard in 
the first place, but it was a practical example of such, something 
missing in the public documentation.

Advanced Return Address Discovery using Context-Aware Machine Code Emulation

Derek Soeder, Ryan Parmeh, Yuji Ukai 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#soeder>

I only caught the tail end of this talk, enough to ask my question (see 
previous messages on this list). I'll freely admit to not understanding 
the answer. I heard the talk was good though.

Diff, Navigate, Audit

Halvar Flake 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#Halvar>

I did catch this talk, and it wasn't exactly the same as all the 
previous talks Halvar has given, although, of course, it was similar. He 
demoed his binary navigator, and explained how he used it to analyze the 
PCT vulnerability. Also, he announced that you can get a licensed copy 
of it through such mighty software houses as....Immunity!

Metasploit

spoonm & HD Moore 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#spoonm>

If you were in this talk (and it was PACKED) then you'll know that the 
demos didn't work out so well. Apparantly that was quite a theme this 
year (demos not working). The SMB Trans2 demo worked once, but then they 
tried it again and it didn't work. You have to restart smbd to make that 
work a second time due to error conditions and whatnot. At least, you do 
with CANVAS, and I shouted as much at them from the very back (yes, that 
was me). Restarting smbd got the Metasploit exploit to work, as I 
expected. They didn't realize it was me at the time. I wasn't overly 
surprised at anything I saw there - if I had been that would mean I 
wasn't doing my competitive analysis correctly. They got their VNC demo 
to work, which was cool, if a bit cheesy.

Attacking Host Intrusion Prevention Systems

Eugene Tsyrklevich 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-schedule.html#Tsyrklevich>

This was a good talk, and basically went over the bugs in Entercept and 
Okena that people have been hinting about for ages, but did so more 
thoroughly than I've seen done before.

The Future of History

Robert Morris 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#morris>

"So now we have two large organizations using what I like to call a 'two 
time pad'"
and "One organization, we'll call them the...KGB."
and some other funny stuff I can't remember.

VICE - Catch the Hookers!

Jamie Butler & Greg Hoglund 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#Butler>

I've seen this talk twice now, but it's a really good talk, so I didn't 
feel cheated. :>

Shoot the Messenger

Brett Moore 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#moore>

I only caught the last half of this talk, but it was as good as I 
expected. There were some new static addresses to use with write4's for 
example.

A Comparison Buffer Overflow Prevention Implementations & Weaknesses [sic]

Peter Silberman & Richard Johnson 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#silberman>

This talk was pretty weak. What's the point in discussing overflow 
techniques without code examples? It was a bit like a high school 
science fair presentation, and not a good one.

Acting in Milliseconds-Why Defense Processes Need to Change

Dominique Brezinski 
<http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html#brezinski>

This was a good talk, with horrible slides. Dominique hates powerpoint 
and openoffice, but having 500 words per slide is probably not the 
world's best alternative. It made me sit around thinking of ways to 
bypass new defenses, which for me is very enjoyable, so I considered 
this a fun talk.

Overall I can say this:
This was the largest blackhat I've been to, but not one of the most 
technical. The talks were good without being great. The Microsoft party 
was out in the desert, which was cool.

I think the era of free vulnerability information is definately waning. 
Few conference speakers are giving away really new knowledge. The last 
phrack was one of the weakest in recent history. These days, to get good 
new information, you have to purchase it, and this is making costs rise 
across the industry.

It'll be interesting to see how that works out.

-dave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave