Black Hat Las Vegas 2008. If the latest Dns exploit research performed in part by Dan Kaminsky comes up in casual conversation for you, then these are your people. The ~4,500 nameless researchers and geeks at this conference rush into Ceasar’s Palace event halls to hear about recent software security research and reports.
Jeff Moss kicked off the con this morning with a mention that the generous BH sponsors step up to defray rising costs and not to monopolize discussion as a form of advertisement. I’m witnessing that promise realized right now, as Tom Stracener slams one of their very generous sponsors in his presentation. The knowledge is not censored here and flows freely.
One of the topics near and dear to our PC Tools hearts happened to be the focus of Joe Stewart’s presentation on reversing Storm titled “Protocols and Encryption of the Storm Botnet”. It was somewhat of a Virus Bulletin style presentation, but he added a lot of information regarding offensive techniques for joining the Bot network, disrupting it, and details of his findings about the bot network’s communications. It was great stuff.
Also interesting was Jonathan Rom’s talk on implementing a javascript based persistent rootkit. While it was somewhat stealth, I don’t know that it classified as a rootkit. However, the malcode was fairly well hidden in the plain text file he discussed. And while the design flaw that the code is dependent on for functionality has been patched in Firefox 3 and wasn’t as platform dependent as the intro suggested, the idea was well implemented against XP systems in their demo.
Off to another talk on the development and functionality of dns tunneling reverse shellcode.
