DOCSLIB.ORG

Security Related Report #24 Black Hat 2011 & Def Con 19

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Related Report #24 Black Hat 2011 & Def Con 19 ISSN 1061-5725 This Month’s Presentation SOUTHWEST CONFERENCE REVIEW Presented Volume 29, No. 9 September 2011 by www.ucs.org Bob This Month’s Meeting: Wednesday 14th at 7 pm Beaudoin Check Out Review of Security Related Report #24 Hope to See Black Hat 2011 You There! & Def Con 19 Starting on on page 4 Utah’s Award Winning Computer Magazine! ™ By Cliff Millward, Editor [email protected] Reflections Don Nendell pointed out to me that the space pro- gram started the same year Blue Chips Started and now comes to a conclusion the same year as Blue Chips seem- ingly folds. Therefore, I will use my column to highlight some interesting photos of the past years of Blue Chips photos. DO YOU REMEMBER 1998? ----- I will show more photos of our glorious past in the next edition. Finè Page 2 Blue Chips Magazine — September 2011 Blue Chips Magazine “Utah’s Award Winning Publication” Magazine Staff Charter Member of the Editor — Cliff Millward 619-9633 Association of PC User Groups Review Program Liaison — James Alexander 250-2269 Review Product Editor — Donna Nendell (702) 776-8677 Review Editor/Product Recruiter — Don Nendell (702) 776-8677 Photography — LeRoy Johnson Officers and Trustees Eve. Phone E-mail Proof Reader — Larry Lamph, Doug Jackson President, Stuart Gygi 576-1891 [email protected] V. Pres., Larry Lamph 571-2908 [email protected] Advertising Rates Secretary, Lowell Kenedy 278-3035 lkenedy@ucs,org Treasurer, John Witzel 296-1390 witzelj@ucs,orgtt Ad costs 1 month 3 months 6 months 12 months 2 Page Spread $150 $400 $700 $1200 Doug Jackson 322-2337 [email protected] Full Page $100 $275 $500 $900 Half Page $50 $130 $250 $450 Quarter Page $25 $70 $130 $225 Business Card $15 $30 $60 $120 Information Full page size is 7½ x 10 inches. All other page sizes are based on a 7 x 10 Persons or companies may join or renew at the meeting, or by sending a check payable inch page in order to conform to editorial style. Half-page ads may be 7 x 5 inches to the Utah Computer Society to: or 3½ x 10 inches. Quarter-page ads are 3½ x 5 inches. Business card ads are 3½ x 2½ inches. Utah Computer Society Classified Advertising Membership Secretary Utah Blue Chips members may place personal classified ads at no charge. Maximum ad size is 7 lines, 35 characters per line. 5435 Riley Lane Murray, Utah 84107 Submissions Members are encouraged to submit text articles for publication in ASCII text only. Photos in .TIF or .JPG format only. Line graphics, tables, in almost any vector or Individual memberships are $25/year. .TIF format. Do not imbed graphics or tables in text files. All articles must be received Business Memberships are $35.00 a year. by the 15th of the month preceding the month of publication. All articles become the Corporate sponsorships are available at two levels. Corporate Sponsors enjoy all benefits property of the Utah Computer Society and by submitting an article, the author gives of membership including multiple individual membership and prepaid advertising coverage. permission for the Blue Chips Magazine Staff to edit the submission. The author Contact a Board Member for more information. also gives permission for republication in other users groups’ communications. Permission to Copy Permission is granted to other nonprofit PC user groups to reproduce any Other important information: Meeting Information http://www.ucs.org article published in this newsletter, provided credit is given Blue Chips Magazine Group Business (James Alexander) 250-2269 and the author (s) of the reproduced materials. Reprinted articles are subject to the Magazine (Cliff Millward) 955-9633 terms of their respective copyright holders. Web Site http://www.ucs.org WebMaster 262-6045 Membership (evenings) (Bob) 262-6045 MONTHLY MEETING LOCATION 2nd Wednesday of every month Monthly Meeting: SouthWest Conference Review University of Utah, Union Building, 7:00 p.m. Page 3 Blue Chips Magazine — September 2011 Black Hat 2011 and Def Con 19 Security-Related Report #24 Security Report By Don Nendell Dear Reader, If you are reading this in a non-PDF format, you are missing a large part of the whole Report/Review 1 & 2. You should, therefore, stop reading and immediately follow the steps outlined in the Footnotes 1 & 2 below. Which BTW are: 1. “If you are reading this Report/ Review 1 & 2 from directly off of an Internet search, you are seeing it in HTML (or text) format. Yuk! There’s No Graphics there! To see all the beautiful Graphics in this Report/Review 1 & 2 - the ones that we’ve worked so very hard to entertain you with - you will need the Internet, at Banks, Medical-related 125 lines of code to create the typical to follow the procedures outlined in 2 Establishments, Industrial Giants, et piece of malware and it takes about 10 below. Enjoy! Again, our web page is: al., even between Nation-states (see (www.ucs.org). below), et cetera, et cetera. The list is 2. “See the actual Reports/Reviews endless actually; it effects everybody, 1 & 2 in the Blue Chips Magazine (BCM) and is everywhere, because it’s virtually Archives (i.e., begin search on left-hand “ubiquitous” now (see below). side of web page) at: (www.ucs.org). Black Hat Teaser. Peiter Zatko is a Note. Always famous hacker known as Mudge from million lines of code to create sophisti- choose the center the early L0pht (Crack) group. But he cated technologies to protect against it. option, i.e., PDF for- crossed into the realm of white hats (My emphasis here) There’s more, lots mat for its beauty.” more... Read on, dear ones. Prelude It’s a War, this time a Cyberwar, and they’re taking no prisoners. Well almost. Let me qual- ify that statement. The “Good Guys” Putting Security into Context and the “Bad Guys” eEye Digital Securty at Black Hat are sitting side-by-side and taking notes USA 2011 stated (http://go.eeye.com/ at the same classes at Security Confer- LP=62), There’s a lot of fear swirling ences, much like Black Hat USA 2011 through the IT Security world. You’re (BHB 2011) and Def Con 19 (DC19), all warned to prepare for the worst – Stux- over the world day in and day out. When net, Night Dragon, Aurora, APTs, bot- these conferences conclude they return nets, etc. You try to make sense of media to their place(s) of business(es) and when he joined the Pentagon’s Defense alarmism like “coordinated attack on the contiue to duke it out all over the world, Advanced Research Projects Agency US,” “state-sponsored e-terrorism,” and and they do it in every nook and cranny (DARPA) as program manager for cyber “cyber Armageddon!” [But] Hold on. that holds any information of value; but security. In a Black Hat keynote, he an- Let’s bring this conversation down to it’s most evident to us all when it’s over nounced that the government plans to Earth. Cyber threats are very real and “Money!” invest in hundreds of small cyber secu- very serious, but not all of them should These “fierce battles” are raging, rity projects and companies in order to incite the same urgency to every busi- as we speak (and sleep, because these kickstart security technology. ness, [or everybody, for that matter,] cyber-combatants never sleep), all over Zatko found that it takes about every time. Page 4 Blue Chips Magazine — September 2011 that is targeted at specific government soliloquy, though; it’s the ‘ol Nigerian officials, in the hope of stealing critical scam crowd, and the like, they’re “still government information, passcodes and making fools out of the naive ones,” I, more. What is at stake is everything from and my other “Pied Pipers” can’t seem military secrets to the operation of criti- to get through to. “Yeah, those other cal infrastructure, such as power and simpleton’s,” you are saying to yourself water utilities. No government agency - nodding vigorously, “but not me!” Well is immune nor any person or industry now, let’s do that again and then listen (see below). to the rocks rattle, OK? I agree with the admonisssion wholeheartedly, but let’s leave the “na- ivity” part out of this very serious mat- ter before us “over there in the toilet” where it rightfully belongs! Instead, I have been writing about such “Be informed, be forewarned, be armed, things for what seems a very long time and fight this evil scourge with all your now, mostly because of my personal might, while you can!” involvement in that self-same Security Industry, plus my very deep conviction “No!” you shout vigorously and that everyone must be made aware of vehemently, wildly shaking your head the inherent dangers to the their very from side to side. “Yeeees!” I say softly life, limb and properties. with a slight nod of my head, “It is!” “I was an intelligence officer, not a policy-maker. As long as there are people who are not happy with their lot in life, as long as the United States is perceived to somehow be the cause of I’m not going to argue with you, I’m 9/11, A Decade Later - Targeted this unhappiness, there will be terror- merely going to quote a potpourri of attacks: Bulls-eye on govern- ism.” - Cofer Black, former Blackwater recent news and a couple of well-chosen ment agencies by: Bradley Anstis, CEO (See below) recently attended (See below) formal GSN 09/08/11.
Load more

Recommended publications
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • Group Project
    Awareness & Prevention of Black Hat Hackers Mohamed Islam & Yves Francois IASP 470 History on Hacking • Was born in MIT’s Tech Model Railway Club in 1960 • Were considered computer wizards who had a passion for exploring electronic systems • Would examine electronic systems to familiarize themselves with the weaknesses of the system • Had strict ethical codes • As computers became more accessible hackers were replaced with more youthful that did not share the same ethical high ground. Types of Hackers • Script Kiddie: Uses existing computer scripts or code to hack into computers usually lacking the expertise to write their own. Common script kiddie attack is DoSing or DDoSing. • White Hat: person who hacks into a computer network to test or evaluate its security system. They are also known as ethical hackers usually with a college degree in IT security. • Black Hat: Person who hacks into a computer network with malicious or criminal intent. • Grey Hat: This person falls between white and black hat hackers. This is a security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent associated with a black hat hacker. • Green Hat: Person who is new to the hacking world but is passionate about the craft and works vigorously to excel at it to become a full-blown hacker • Red Hat: Security experts that have a similar agenda to white hat hackers which is stopping black hat hackers. Instead of reporting a malicious attack like a white hat hacker would do they would and believe that they can and will take down the perpretrator.
    [Show full text]
  • Strategic Latency: Red, White, and Blue Managing the National and International Security Consequences of Disruptive Technologies Zachary S
    Strategic Latency: Red, White, and Blue Managing the National and International Security Consequences of Disruptive Technologies Zachary S. Davis and Michael Nacht, editors Center for Global Security Research Lawrence Livermore National Laboratory February 2018 Disclaimer: This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes. LLNL-BOOK-746803 Strategic Latency: Red, White, and Blue: Managing the National and International Security Consequences of Disruptive Technologies Zachary S. Davis and Michael Nacht, editors Center for Global Security Research Lawrence Livermore National Laboratory February
    [Show full text]
  • An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p. ii ABSTRACT This dissertation examines both the subculture and social organization practices of computer hackers. The concept of normative orders (Herbert, 1998: 347) is used to explore hacker subculture in different contexts.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]
  • The Role of White Hat Hackers in Information Security Amit Anand Jagnarine Pace University
    Pace University DigitalCommons@Pace Honors College Theses Pforzheimer Honors College 8-24-2005 The Role of White Hat Hackers in Information Security Amit Anand Jagnarine Pace University Follow this and additional works at: http://digitalcommons.pace.edu/honorscollege_theses Part of the Other Computer Sciences Commons Recommended Citation Jagnarine, Amit Anand, "The Role of White Hat Hackers in Information Security" (2005). Honors College Theses. Paper 14. http://digitalcommons.pace.edu/honorscollege_theses/14 This Article is brought to you for free and open access by the Pforzheimer Honors College at DigitalCommons@Pace. It has been accepted for inclusion in Honors College Theses by an authorized administrator of DigitalCommons@Pace. For more information, please contact [email protected]. The Role of White Hat Hackers in Information Security Amit Anand Jagnarine Pace University Phorziemer’s Honors College Thesis Paper Due Date: 16 May 2005 2 The Role of White Hat Hackers in Information Security Information security has become one of the most important concepts in our information and technology driven world. Because of this notion of ubiquitous computing and the on-demand flow and exchange of information, it becomes essential to protect and secure any and all critical information. Information security involves employing certain techniques and components to protect interconnected systems and more importantly, the data and information used by those systems. It revolves around maintaining three basic characteristics of information—confidentiality, integrity, and availability. The goal of information system security has now been augmented by what is known as “white hat” hacking. White hat hacking is an interesting development in the fight against keeping the bad guys out and securing sensitive information.
    [Show full text]
  • Blue Pill – Creating Undetectable Malware on X64 Using Pacifica Technology
    Subverting VistaTM Kernel For Fun And Profit Joanna Rutkowska Advanced Malware Labs SyScan’06 July 21st, 2006, Singapore & Black Hat Briefings 2006 August 3rd, 2006, Las Vegas About this presentation This presentation is based on the research done exclusively for COSEINC Research This presentation has been first presented at SyScan conference in Singapore, on July 21st, 2006 © COSEINC Research, Advanced Malware Labs, 2006 2 Content Part I loading unsigned code into Vista Beta 2 kernel (x64) without reboot Part II Blue Pill – creating undetectable malware on x64 using Pacifica technology © COSEINC Research, Advanced Malware Labs, 2006 3 Part I – getting into the kernel Signed Drivers in Vista x64 All kernel mode drivers must be signed Vista allows to load only signed code into kernel Even administrator can not load unsigned module! This is to prevent kernel malware and anti-DRM Mechanism can be deactivated by: attaching Kernel Debugger (reboot required) Using F8 during boot (reboot required) using BCDEdit (reboot required, will not be available in later Vista versions) This protection has been for the first time implemented in Vista Beta 2 build 5384. © COSEINC Research, Advanced Malware Labs, 2006 5 How to bypass? Vista allows usermode app to get raw access to disk CreateFile(\\.\C:) CreateFile(\\.\PHYSICALDRIVE0)) This allows us to read and write disk sectors which are occupied by the pagefile So, we can modify the contents of the pagefile, which may contain the code and data of the paged kernel drivers! No undocumented functionality required – all documented in SDK :) © COSEINC Research, Advanced Malware Labs, 2006 6 Challenges How to make sure that the specific kernel code is paged out to the pagefile? How to find that code inside pagefile? How to cause the code (now modified) to be loaded into kernel again? How to make sure this new code is executed by kernel? © COSEINC Research, Advanced Malware Labs, 2006 7 How to force drivers to be paged? Allocate *lots of* memory for a process (e.g.
    [Show full text]
  • Black Hat USA 2012 Program Guide
    SUSTAINING SPONSORS Black Hat AD FINAL.pdf 1 6/30/12 8:12 PM C M Y CM MY CY CMY K Black Hat AD FINAL.pdf 1 6/30/12 8:12 PM SCHEDULE WELCOME TABLE OF CONTENTS Schedule . 4-7 Welcome to Las Vegas, and thank you for your participation in the growing Black Hat community. As we celebrate our 15th anniversary, we believe that the event Briefi ngs . 8-24 continues to bring you timely and action packed briefi ngs from some of the top Workshops . 21 security researchers in the world. Security saw action on almost every imaginable front in 2012. The year started Turbo Talks . 23 with a massive online protest that beat back US-based Internet blacklist legislation Speakers . 25-39 including SOPA and PIPA, echoed by worldwide protests against adopting ACTA in the European Union. Attackers showed no signs of slowing as Flame Keynote Bio . 25 replaced Stuxnet and Duqu as the most sophisticated malware yet detected. The Floorplan . 40-41 Web Hacking Incident Database (WHID) has added LinkedIn, Global Payments, eHarmony and Zappos.com while Anonymous and other politically motivated groups Arsenal . 42-51 have made their presence known in dozens of attacks. Special Events . 52-53 No matter which incidents you examine—or which ones your enterprise must C respond to—one thing is clear: security is not getting easier. The industry relies upon Stay Connected + More . 54 M the Black Hat community to continue our research and education, and seeks our Sponsors . 55 guidance in developing solutions to manage these threats.
    [Show full text]
  • Jeff Moss Jeffdirector, Blackmoss Hat
    welcome elcome to the Black Hat Briefings Europe! As Black Hat heads into its 13th year, I see contents this as a pivotal time for the entire industry. With the attention on our industry after W the public announcement of the “Aurora” Google attacks it seems our profession is 2 presentations starting to enter the world stage. It is dawning on politicians that there are larger issues besides p2p and copyright infringement to deal with. Attribution is the byword of military and intelligence 5 speakers organizations, it’s hard to respond if you don’t know who just attacked you, and the research in this area as gotten a renewed purpose in life. At the same time there is a growing sense that 6 schedule policy makers are getting involved with legislation from Cyberspace security acts and mandatory disclosure laws to more potential controls on ISPs to help track and contain botnets. Things seem 8 sponsors to be speeding up! 8 floorplan I am excited for this year’s conference for a number of reasons. First is the new location, Barcelona! You might not believe me, but for the past three years in Amsterdam we had maxed out the available space at the Movenpick, with no easy way to grow the conference. I kept hoping a new hotel would be built with the appropriate space, but no such luck. The second reason is sustaining that this move has let us grow from two tracks to three, a long-time personal goal of mine. I think sponsors the only way Black Hat will grow is by staying focused on technical security content and research and by adding more of it.
    [Show full text]
  • Building an Early Warning System in a Service Provider Network
    2004 Europe Building an Early Warning System Briefings in a Service Provider Network Hat Black Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom [email protected] - http://www.securite.org/nico/ version 1.1 2004 Europe Building an Early Warning System Briefings in a Service Provider Network Hat Black Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom [email protected] - http://www.securite.org/nico/ version 1.1 Agenda 2004 Europe » What are ISPs/NSPs looking for ? » Honeynet-like sensors > Routers as honeypots Briefings > DDoS detection with honeybots Hat > Traffic diversion to honeyfarms Black » Other information sources > System data > Security data > Network data » Early Warning System > Putting all the information bits together » Conclusion © 2004 Nicolas FISCHBACH 3 DDoS, Worms and the Underground 2004 Europe » MEECES – an acronym for > Money > Ego Briefings > Entertainment Hat > Cause Black > Entrance into social groups > Status » Max Kilger (Honeynet Project) > Applies to the underground/”hacker”/blackhat community > INTEL agencies’ MICE (Money, Ideology, Compromise, Ego) © 2004 Nicolas FISCHBACH 4 DDoS, Worms and the Underground 2004 Europe » What have we seen up to now > Cause/Hacktivism: - Web site defacement Briefings - DDoS (SCO, WU/MSFT, etc) Hat > Ego/Status: Black - “I have more (network) power than you” - “I’m not going to loose that item in <online game>” > Entertainment - “Hey look, I just DoSed <favorite IRC user/website>” > Entrance into a social group - “Wanna trade this botnet ?” © 2004 Nicolas FISCHBACH 5 DDoS, Worms and the Underground 2004 Europe » What have we seen up to now > Money: - BGP speaking routers Briefings - SPAM, botnets, open proxies, etc. Hat - C/C numbers incl.
    [Show full text]
  • Sponsor Prospectus
    SPONSOR PROSPECTUS JULY 30–AUG 4 | EXPO: AUG 3–4 JULY 30–AUG 4 EXPO: AUG 3–4 SPONSOR PROSPECTUS Black Hat provides briefings and training to leading corporations and government agencies around the world. Black Hat differentiates itself by working at many levels within the corporate, government, and underground communities. This unmatched informational reach enables Black Hat to be continuously aware of the newest vulnerabilities, defense mechanisms, and industry trends. This summer, Black Hat will return to Las Vegas for the premier North American technical information security conference. Our flagship event will host more than 5,500 high-level security professionals for some of the most interesting and provocative presentations of the year. In addition, we anticipate 200+ media/analysts in attendance and hundreds more tracking news and covering the event. THE BEST PLACE TO REACH ACTIVE INFORMATION SECURITY BUYERS Industry Type 11% Financial Services Black Hat Delegates are Buyers 16% Service Provider / 89% have a role in purchasing computer security Carrier services, hardware, software and applications. 1 in 6 has direct authority to approve the purchase 19% Public Sector of computer security services, hardware, software and applications. 27% General Business 27% Technology Black Hat Delegates Drive Security Strategy 48% drive the security strategy for their organizations Job Function 9% Other Black Hat Delegates are High Quality, 16% C-Level & Above Guaranteed 12% VP/Director Level 100% of Black Hat delegates are paid (no “tire kickers” here). 43% Technical Security 100% of Black Hat delegates are focused Professionals on IT security. 20% IT Security Managers *Black Hat 2011 Delegate Survey FOR FURTHER DETAILS, CONTACT: Natalie N.
    [Show full text]
  • Introduction to Cybersecurity 4
    First Edition: MAJ THOMAS A. OWENS, CAP 2019 Revision: MAJ DEREK RUSTVOLD, CAP DIRECTOR OF CYBER PROGRAMS, MID-ATLANTIC REGION Editing: SUSAN MALLETT, CAP NHQ DR. JEFF MONTGOMERY, CAP NHQ Published by NATIONAL HEADQUARTERS CIVIL AIR PATROL AEROSPACE EDUCATION DIRECTORATE MAXWELL AFB, ALABAMA 36112 REVISED SEPTEMBER 2019 Contents AN INTRODUCTION TO CYBERSECURITY 4 CAP Cybersecurity Module 4 Summary of Recent Attacks and Motivation for Action 5 Activity Group One: Codes, Ciphers and Encryption Awareness 8 Unit Profile: Room 40 and Bletchley Park 15 Biography: Alan Turing 15 CONCEPTS IN INFORMATION ASSURANCE AND CYBER WARFARE 16 Activity Group Two: Vulnerabilities and Basic Defense Skills 19 Patriot Bio: Maj. Gen. Robert J. Skinner 25 CONCEPTS OF OPERATING SYSTEMS AND NETWORKING 26 Activity Group Three: Basic Probing Skills 27 th Unit Profile: 24 Air Force 38 th Unit Profile: 67 Network Warfare Wing 38 Patriot Bio: Brig. Gen. Kevin B. Wooton 38 EXPLORING CAREERS IN CYBERSECURITY 39 Unit Profile: USCYBERCOM 43 Patriot Bio: General Keith B. Alexander 43 Bonus Graphic: USCYBERCOM 44 CONCLUSION AND NEXT STEPS 45 APPENDICES 51 A: Motivational Chronology of Cyber Warfare 51 B: Glossary of Terms, Threats, and Countermeasures 55 C: Toolbox of Promotional Resources 68 D: Toolbox of Technical Resources 72 E. Solutions to Module Activities 74 3 An Introduction to Cybersecurity Our Nation's Cyber Dependency At all its various levels, the United States has become a “cybernation.” Aviators will be amused to discover the prefix “cyber-” is derived from the word cybernetic, which comes from a Greek word κυβερνητικός (kybernētēs) which means pilot, rudder, steersman, or governor.
    [Show full text]