Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.

"Today, other than doing a full static analysis of the code, the most common practice tfind vulnerabilities in your web application is tget off-the-shelf automated web scanner, point ta URL, and hope that it's doing the right thing.
But is it? How dyou know that the scanner exercised all the vital areas of your application? How accurate and complete are the results? Is relying on HTTP response the best way tfind all vulnerabilities in an application? What if there was a way tlook at what's happening inside the application while these web scanners were hitting the application?
In this talk, we'll explore that "looking inside the application as the security test runs" possibility - through byte-code instrumentation. We will see how we can use aspect oriented technologies such as AspectJ tinject security monitors directly inside a pre-compiled Java / .NET web application. We will alsgthrough a proof of concept and dem- turning a typical blackbox test inta "whitebox" test using the techniques discussed in this talk, gaining a more complete picture: gaining coverage insight, finding more vulnerabilities, weeding out false positives reported by the scanners, and gaining root cause source information.
"Toshinari Kureha is the technical lead and principal member of technical staff at Fortify Software. He oversees the development of the Red Team Workbench project. Prior tjoining Fortify, Toshinari was a technical lead at Oracle's Application Server Division, where he provided leadership in the architecture, implementation and delivery of several high-profile projects including Oracle Grid Control, Oracle Exchange, and BPEL Orchestration Designer. Prior tworking with Oracle, Toshinari worked as Lead Developer at Formal Systems a web-based computer testing and assessment system for use in the Internet/Intranet. Toshinari holds a B.S. in computer science from Princeton University.

"SS7 has been a walled garden for a long time: only big telcwould be interconnected tthe network. Due tderegulation and a push toward all-IP architecture, SS7 is opening up, notably with SIGTRAN (SS7 over IP) and NGN (Next Gen Networks) initiatives.
SCTP is the protocol used tcarry all telecom signalling information on IP according tthe SIGTRAN protocol suite. It's the foundation, as TCP is the foundation for the web and email. SCTP is alsused for high-performance clusters, resources pooling and very high-speed file transfer.
When you discover open SCTP ports, you discover a secret door tthis walled garden. As a walled garden, the internal security of the SS7 network is not as good as one might expect. SCTPscan is a tool tdexactly just that, and is released as open source.
This presentation will explain how SCTPscan manages tscan without being detected by remote application, how discrepancies between RFC and implementation enable us tscan more efficiently and how we manage tscan without even being detect by systems like SANS - Dshield.org. Here we will have a look at INIT packet construction, stealth scanning and a beginning of SCTP fingerprinting.
Then, we gon tdetail upper layer protocols that use SCTP and the potentials of the SIGTRAN protcol suite in term of security. We'll see the M2UA, M3UA, M2PA, IUA which are SIGTRAN-specific protocols, and alsthe more generic SS7 protocols such as ISUP, BICC, BSSAP, TCAP, SCCP and MTP. "
"Philippe Langlois is a founder and Senior Security Consultant for Telecom Security Task Force, a research and consultancy outfit.
He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF).
He founded Qualys in 1999 and led the R&D for this world-leading vulnerability assessment service.
He founded Intrinsec, a pioneering network security company in 1995, as well as Worldnet, France's first public Internet service provider, in 1993.
He has proven expertise in network security, from Internet tless well known networks - X25 and other legacy systems mostly used in banking, travel and finance.
Philippe was alslead designer for Payline, one of the first e-commerce payment gateways on Internet. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop).
Philippe Langlois is a regular contributor of french-speaking security portal vulnerabilite.com. and a writer for ITaudit, the magazine of the International Association of Internal Auditors.
Samples of the missions he has been involved with are Penetration Testing contract on multi-million live users infrastructures such as Telecom operators GSM backbone, due diligence for M&A, security architecture audits, product security analysis and advisory."

RFID is being embedded in everything... From Passports tPants. Door Keys tCredit Cards. Mobile Phones tTrash Cans. Pets tPeople even! For some reason these devices have become the solution tevery new problem, and we can't seem tget enough of them....
"Adam Laurie is Chief Security Officer and a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micrcomputers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention tthose areas and away from programming, starting a data conversion company which rapidly grew tbecome Europe's largest specialist in that field (A.L. downloading Services).
During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own-'Apache-SSL'-which went on tbecome the de-factstandard secure web server.
Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers - http://www.thebunker.net) as secure hosting facilities.
Adam has been a senior member of staff at DEFCON since 1997, and alsacted as a member of staff during the early years of the Black Hat Briefings. More recently he has become interested in mobile device security, and was responsible for discovering many major Bluetooth security issues, and has alsspoken on other wireless topics such as InfraRed and Magnetic Stripes. His current interest, RFID, has spawned another Open Source project, RFIDIOt, which is alsbringing several security issues tthe fore. More detail can be found here: http://rfidiot.org"

"The Achilles' heel of network IDSes lies in the large number of false positives (i.e., false attacks) that occur: practitioners as well as researchers observe that it is common for a NIDS traise thousands of mostly false alerts per day. False positives are a universal problem as they affect both signature-based and anomaly-based IDSs. Finally, attackers can overload IT personnel by forging ad-hoc packets tproduce false alerts, thereby lowering the defences of the IT infrastructure. Our thesis is that one of the main reasons why NIDSs show a high false positive rate is that they dnot correlate input with output traffic: by observing the output determined by the alert-raising input traffic, one is capable of reducing the number of false positives in an effective manner. Tdemonstrate this, we have developed APHRODITE (Architecture for false Positives Reduction): an innovative architecture for reducing the false positive rate of any NIDS (be it signature-based or anomaly-based). APHRODITE consists of an Output Anomaly Detector (OAD) and a correlation engine; in addition, APHRODITE assumes the presence of a NIDS on the input of the system. For the OAD we developed POSEIDON (Payl Over Som for Intrusion DetectiON): a two-tier network intrusion detection architecture.
Benchmarks performed on POSEIDON and APHRODITE with DARPA 1999 dataset and with traffic dumped from a real-world public network show the effectiveness of the twsystems. APHRODITE is able treduce the rate of false alarms from 50% t100% (improving accuracy) without reducing the NIDS ability tdetect attacks (completeness)."
DamianBolzoni received a MSc degree from the University of Venice, Italy, in Computer Science with a thesis about anomaly-based Network Intrusion Detection Systems. He has been working for a year at the Information Risk Management division in KPMG Italy. He is author of the POSEIDON and APHRODITE papers and gave talks at IWIA workshop, WebbIT and many security conferences in Netherlands. At the moment, he is a PhD student at the University of Twente, The Netherlands. His research topics are IDS and risk management.

"This paper will show a extremely simple technique tquickly audit a software product in order tinfer how trustable and secure it is. I will show you step by step how tidentify half dozen of local 0day vulnerabilities in few minutes just making a couple of clicks on very easy tuse free tools, then for the technical guys enjoyment the vulnerabilities will be easily pointed out on disassembled code and detailed, finally a 0day exploit for one of the vulnerabilities will be demonstrated and explained.
While this technique can be applied tany software in this case I will take a look at the latest version of Oracle Database Server: 10gR2 for Windows, which is a extremely secure product sit will be a very difficult challenge tfind vulnerabilities since Oracle is using advanced next generation tools tidentify and fix vulnerabilities."
Sun Bing is the Research Scientist at McAfee (China) currently, and has held security related positions at several famous companies heretofore, such as Rising and Siemens. SUN BING has more than 6 years of experience in Windows Kernel and Security Techniques (Anti-Virus, Firewall, IPS etc) research development, especially with deeply delving intBuffer Overflow Prevention, Rootkit Detection and x86 Virtualization. His main works previously involve participating in Rising Anti-Virus Softwares development, publishing the paper (The Design Of Anti-Virus Engine) at xfocus, taking charge of the design and development of a desktop security product-LinkTrust IntraSec, and speaking at security conferences such as XCON2006 and POC2006...