Black Hat Briefings, Las Vegas 2006 [audio] Presentations From The Security Conference

"The threat of viruses, worms, information theft and lack of control of the IT infrastructure lead companies to implement security solutions to control the access to their internal IT networks. A new breed of software (Sygate, Microsoft, etc.) and hardware (Cisco, Vernier Networks, etc.) solutions from a variety of vendors has emerged recently. All are tasked with one goal - controlling the access to a network using different methods and solutions. This presentation will examine the different strategies used to provide with network access controls. Flaws associated with each and every NAC solution presented would be presented. These flaws allows the complete bypass of each and every network access control mechanism currently offered on the market. Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience in data security research and management.

"In an online world, anonymity seems easy. Network addresses can be cloaked and files can be manipulated. People rapidly change virtual names, genders, and skills. But even with these precautions, anti-anonymity techniques can track people. Habitual patterns and learned skills are subtle, appearing in everything we type. This presentation discusses profiling methods for identifying online people and breaching anonymity. The topics covered include methods to identify skillsets, nationality, gender, and even physical attributes. Dr. Neal Krawetz has a Ph.D. in Computer Science and over 15 years of computer security experience. His research focuses on methods to track "anonymous" people online, with an emphasis on anti-spam and anti-anonymity technologies. Dr. Krawetz runs Hacker Factor Solutions, a company dedicated to security-oriented auditing, research, and solutions. He is the author of "Introduction to Network Security" (Charles River Media, 2006)."

"Lately there seems to be an explosion of press hype around the possibility of hackers exploiting Voice-over-IP networks and services (Skype, Vonage, etc.). VoIP Spam, Caller ID Spoofing, Toll Fraud, VoIP Phishing, Eavesdropping, and Call Hijacking are just some of the terms being thrown around that seem to cause a fair share of fear and uncertainty in the market. We set out to write "Hacking Exposed VoIP" in part to combat this FUD, and also in order to help admins prioritize and defend against the most prevalent threats to VoIP today through real exploitation examples. This presentation is the byproduct of our research for the book. In it, we describe and demonstrate many real-world VoIP exploitation scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.), while providing a sense of realism on which attacks are likely to emerge into the public domain. Also, we will unveil several VoIP security tools we wrote to facilitate the exploiting and scanning of VoIP devices, along with a few 0-days we

David Litchfield specializes in searching for new threats to database systems and web applications. He has lectured to both British and U.S. government security agencies on database security and is a regular speaker at the Blackhat Security Briefings. He is a co-author of "The Database Hacker's Handbook", "The Shellcoder's Handbook", "SQL Server Security", and "Special Ops". In his spare time he is the Managing Director of Next Generation Security Software Ltd.

"As one of the pioneers of partnerships for the FBI, Dan Larkin of the FBI’s Cyber Division will outline how the FBI has taken this concept from rhetoric to reality over the past 5 years. This presentation will explore how the mantra make it "personal" has aided the FBI in forging exceptional alliances with key stake holders from industry, academia and law enforcement both domestically and abroad. This presentation will also outline how such collaborations have helped to proactively advance the fight against an increasingly international and organized, cyber crime threat. Dan Larkin became unit chief of the Internet Crime Complaint Center (IC3), which is a join initiative between the FBI and the National White Collar Crime Center (NW3C) in January 2003. Before that he was a supervisory special agent (SSA) in the White Collar Crime area for ten years. In that capacity he supervised and coordinated numerous joint agency initiatives on both regional and national levels involving corruption and fraud associate