The Black Hat Briefings: Las Vegas'01 : July 11-12

[Technical Session]
• DOG of WAR: Attack Box Design, Blake.
• Hardening .htaccess scripts in Apache environments, Robert Hansen.
• Alternatives to honeypots or the dtk, Andrew van der Stock, Senior Architect of e-Secure.
• GSM/WAP/SMS Security, Job de Haas, ITSX.
• Systems Management in an Untrusted Network, Cory Scott, Lead Security Consultant - Securify, Inc. (Network Diagrams)
• SQL Security revisited, Chip Andrews, Independent computer security consultant. (Zip of SQLping tool)
• Grabbing User Credentials via W2k ODBC Libraries, Timmothy Mullen.
• Polymorphism and Intrusion Detection Systems, Chad R. Skipper, Sr. Software Engineer of Symantec Corporation.
• Top 25 overlooked security configurations on your switches and routers, Palante.

  [More Technical Session]

• The future of internet worms, Jose Nazario, Crimelabs. (Whitepaper)
• Fnord: A Loadable kernel module for defense and honeypots, Eric Brandwine, Incident Response of UUNet & Todd MacDermid, Incident Response of UUNet
• Attacking and Defending BIND / DJBDNS DNS Servers, Jay Beale, Security Team Director of MandrakeSoft.
• The Insecurity of 802.11: An analysis of the Wired Equivalent Privacy protocol, Ian Goldberg, Zero-Knowledge Systems.
• The Siphon Project: An Implementation of Stealth Target Acquisition and Information Gathering Methodologies, Marshall Beddoe, Research and Development Engineer with Foundstone, Inc. & Chris Abad, R&D Engineer with Foundstone, Inc.
• Cracking WEP Keys, Tim Newsham.
• Automated Penetration Testing, Ivan Arce, Founder and CTO of CORE-SDI & Max Caceres, Head Engineer, Corelabs, CORE-SDI.
• Promiscuous node detection using ARP packets, Daiji Sanai, Manager of Security Friday.
• ARP Vulnerabilities: Indefensible Local Network Attacks?, Mike Beekey, Senior Manager of Deloitte & Touche.

  [Tools of the Trade]

• Building a blind ip spoofed portscanning tool, Thomas Olofsson, CTO of Defcom AB.
• The Nessus Project. Reducing the costs of vulnerability assessment using Nessus 1.2, Renaud Deraison, The Nessus Project.
• The RAZOR Warez, Simple Nomad, Senior Security Analyst of BindView.
• Snort, Martin Roesch, Snort.org.
• Breaking the silence : New toys in the works (A look at the tools in development by rfp.labs), Rain Forest Puppy.
• Computer Forensics: A Critical Process in Your Incident Response Plan, Gregory S. Miles, Ph.D., Director, CyberCrime Response of JAWZ Inc.
• Mirror::Image (Lessons Learned From attrition.org), Brian Martin, attrition.org & B.K. DeLong, attrition.org.
• Solving Network Mysteries, Daniel VanBelleghem, CISSP - SRA International.

  [Deep Knowledge Session]

• Countering the Insider Threat with the Autonomic Distributed Firewall(ADF), George Jelatis, CISSP, Secure Computing Corporation & David Pappas, Secure Computing Corporation.
• Gateway Cryptography: Hacking Impossible Tunnels through Improbable Networks with OpenSSH and the GNU Privacy Guard, Dan Kaminsky, CISSP, www.doxpara.com.
• Hit them where it hurts: Finding holes in COTS software, Halvar Flake, Reverse Engineer, Black Hat.
• Falling Dominos-Part III, Kevin McPeake, Consultant.
• UNIX assembly codes development for vulnerabilities illustration purposes, Last Stage of Delirium Research Group. (Whitepaper)
• Introducing X: Playing Tricks with ICMP, Ofir Arkin, Founder, The Sys-Security Group. (Whitepaper)
• The Honey Net Project, Lance Spitzner.