A look at Blackhat 2011

Posted by Shane Garrett on July 28, 2011 at 2:02 PM EDT.

Blackhat USA is just around the bend and it looks to be a good one.  My colleagues Mark Yason and Paul Sabanal are presenting on the Adobe Reader X sandbox and there are a lot of other talks that I’d like to see.  Here are a few that happen to not overlap in presentation times:
   

Thanassis Giannetsos is presenting on a spyware tool designed to evade detection on sensors.  As someone who works on developing technologies to detect malicious attacks I’m interested to see the novel approaches to evasion.

Sophail: A Critical Analysis of Sophos Antivirus

Tavis Ormandy presentation in name focuses on Sophos Antivirus but the discussion points will be applicable across multiple vendors.  Antivirus software is extensively deployed as a security measure but its operation is generally considered a black box by its consumers.  Understanding the design problems can lead to better solutions as well as commonly used evasion techniques.
 

Black Ops of TCP/IP 2011

I’ll be interested to see what new material comes out of Dan Kamiski’s old-school talk on TCPIP protocols.  You may remember the hubbub Dan raised in the past on some network protocol called DNS, whatever that is.
 

Weapons of Targeted Attack: Modern Document Exploit Techniques

This presentation by Sung-ting Tsai and Ming-chieh Pan is going to focus on document exploitation techniques.  Document types such as DOC and PDF are rich in complexity and correspondingly large attack surface and actively used as attack vectors.  I’m looking forward to seeing what may be coming over the horizon.
  

Post Memory Corruption Memory AnalysisJonathan Brossard looks to have a lot of meat in his talk on a novel exploit methodology.  Developing a reliable exploit from a proof-of-concept can be a tedious process and the information in this talk looks helpful in expediting that.