Snowpacalypse Now (I love the smell of briefings in the morning)

  • Article

Handle:
Avatar

IRL:
Karl Hanmore

Rank:
Senior Security Strategist (aka Sergeant Grunt)

Likes:
Getting the job done, bringing the fight to the bad guys, good single malt whiskey

Dislikes:
Cowards, talkers not doers, red tape, humidity

Handle:
Mando Picker

IRL:
Dustin Childs

Rank:
Security Program Manager

Likes:
Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins

Dislikes:
Using "It's hard" as an excuse, quitting when it gets tough, banjos

Hi All, This is Dustin and Karl from the Microsoft Security Response Center (MSRC). Recently, we were fortunate enough to attend the Black Hat DC 2010 conference held in Washington, D.C. We wanted to share our personal highlights from this great conference and provide a bit of a weather report too.

 

Having attended several Black Hat conferences, there are two things attendees of this con can always look forward to: great talks and great people. Not only is it a chance to hear what some of the leading minds in the industry are working on, it is also a chance to get to know some of them on a personal level. Conversations in the hallways are every bit as engaging as in the presentations in the lecture rooms. It’s always great to see what people are working on and what matters to both conference presenters and attendees alike.

Speaking of the presenters, Black Hat DC encompassed over 25 speakers who presented on various topics covering a wide range of technologies and subjects. Since it’s impossible to attend all of the presentations, here are just a few we would like to highlight. Elie Bursztein and Jean-Michel Picod discussed Reversing DPAPI and Stealing Windows Secrets Offline and showed potential issues with the way Windows stores encrypted data on disk.

Matthieu Suiche presented Advanced Mac OS X Physical Memory Analysis and showed us how to use his amazing ninja forensics to retrieve machine and file information from potentially compromised hosts.

Dionysus Blazakis gave an amazing talk (Interpreter Exploitation: Pointer Inference and JIT Spraying) about a new technique he refers to as "JIT spraying" to bypass DEP and ALSR using publicly-known exploits. His presentation style and the technical information was delivered with the zeal of a Dan Brown novel. The folks in Midlandia never knew what hit ‘em.

Qing Wang’s presentation on document fuzzing was quite enjoyable and was a good snapshot of how things are currently being done in this area of security research.

Vincenzo Iozzo gave a superb talk on fuzzing techniques

that can be performed without knowledge of the user-input and the binary being fuzzed.

There were a lot of other talks that sounded great that we just couldn’t get to, so we’ll be poring through the papers posted on the Black Hat site to catch up. We also had a chance to make and renew friendships and partnerships.

There were a few major CERT teams attending the Black Hat DC conference. This is to me the most valuable benefit of major conferences, getting the “right people” in a common place at the same time. There were not as many folks as at some events, such as the GovCERT.NL symposium we blogged about here; however, the time spent with government CERT colleagues was valuable indeed. In addition to national CERT related activity, we managed to catch up with a number of security professionals within volunteer and “community-based defense” groups where we talked not only about the current technical challenges facing the community, but also about the broader social and political implications. It was interesting to hear a community that is generally focused on operational and technical matters starting to explore the broader implications of response to the threat environment, and brainstorming radical and non-standard approaches to mitigating current threats. This sort of community collaboration, with free exchange of ideas by smart people looking to revolutionize the way response is done in the future, will be interesting to watch.

As you may have heard, Washington experienced a bit of snow during the same week as Black Hat. It was actually around 30 inches (~75 cm). The snow came after Black Hat concluded, but many of us had our travel plans a bit disrupted. We were fortunate to be staying in a hotel that had power, as many people in the area had no electricity. It also gave us a great opportunity to get to know the hotel staff. This reflected one of the best things about attending these conferences. The technical presentations are always wonderful, but getting to know the people is what makes battling the elements worthwhile.

Speaking of which – we’re headed to CanSecWest in March, so catch up with us there!

- Dustin & Karl

*Postings are provided "AS IS" with no warranties, and confers no rights.*