As everyone’s gearing up for the madness this week, I thought I’d join in. I’ll be giving talks at both BlackHat and Defcon on some of my recent work in webapp fingerprinting.
At BlackHat: (Wed 7/28, 1515) BlindElephant: Web Application Fingerprinting with Static Files
At Defcon: (Fri 7/30, 1400) Web Application Fingerprinting with Static Files
The Defcon talk is essentially a shorter, more technically focused version of the BH talk. Links to code available here after the talk!
I’ve been sorting through the massive amount of content on display over the next week, and the various posts others have made on what they intend to catch have been useful. Here’s some of my “want to see” list (I actually found there’s usually at least two presentations I really want to see in each timeslot, but I gotta choose):
- 1000-1100 Wayne Huang, Caleb Sima: Drivesploit: Circumventing both automated AND manual drive-by-download detection
- 1115-1230 Charlie Miller, Noah Johnson: Crash Analysis using BitBlaze
- 1345-1500 Barnaby Jack: Jackpotting Automated Teller Machines Redux
- 1515-1630 Me! BlindElephant: Web Application Fingerprinting with Static Files
I’m kinda bummed I’m at 1515 because I actually really wanted to catch Arshan Dabirsiaghi:
JavaSnoop: How to Hack Anything Written in Java.
- 1000-1100 Nathan Hamiel, Marcin Wielgoszewski: Constricting the Web: Offensive Python for Web Hackers
- (My colleague Ivan Ristic is also giving his talk State of SSL on the Internet: 2010 Survey, Results and Conclusions Routers in this slot; it’s good stuff, so I’m torn.)
- 1115-1230 Julien Tinnes, Tavis Ormandy: There’s a party at Ring0 (and you’re invited)
- (Gunter Ollman is also talking a 1115. If you’ve never heard him speak or want an intro to the economic underpinnings of malware and botnets, definitely check it out)
- 1345-1500 David Byrne, Charles Henderson: GWT Security: Don’t Get Distracted by Bright Shiny Objects
- (Though I am interested in the TitanMist project, I’m skeptical of all “frameworks”)
And finally, my coworker Rami is going to be giving the details on the malware detection he built. He’s modest about the underlying techniques, but the full system is pretty cool. Do check it out.
- 1515-1630 Rami Kawach: NEPTUNE: Dissecting Web-based Malware via Browser and OS Instrumentation
I hope to get to BSides for at least a while, and I haven’t even figured out what I’m going to catch at Defcon (somehow it seems less amenable to planning than Black Hat)
If you’ll be be around, look me up! As usual, email or @coffeetocode on Twitter.