2005-04-20 06:34:48 +02:00
|
|
|
Date of Submission:
|
|
|
|
|
|
|
|
|
|
04/2005
|
|
|
|
|
|
|
|
|
|
I would like to present this at:
|
|
|
|
|
|
|
|
|
|
USA 2005
|
|
|
|
|
|
|
|
|
|
Personal Information
|
|
|
|
|
|
|
|
|
|
Primary Speaker Name:
|
|
|
|
|
|
|
|
|
|
spoonm
|
|
|
|
|
|
|
|
|
|
Primary Speaker Title (if applicable):
|
|
|
|
|
|
|
|
|
|
Additional Speaker Name(s), Title(s) and Company(s) (if applicable):
|
|
|
|
|
|
|
|
|
|
skape
|
|
|
|
|
|
|
|
|
|
Speaking on Behalf of:
|
|
|
|
|
|
|
|
|
|
Primary Contact's Email:
|
|
|
|
|
|
|
|
|
|
spoonm@gmail.com
|
|
|
|
|
|
|
|
|
|
Primary Contact's Telephone:
|
|
|
|
|
|
|
|
|
|
Speaker's Email (if different from the primary speaker's email):
|
|
|
|
|
|
|
|
|
|
Speaker's Telephone (if different from the primary speaker's telephone):
|
|
|
|
|
|
|
|
|
|
Has the speaker spoken at a previous Black Hat event? Yes or No
|
|
|
|
|
|
|
|
|
|
Yes
|
|
|
|
|
|
|
|
|
|
Does the speaker have any professional speaking experience? Yes or No
|
|
|
|
|
|
|
|
|
|
Yes
|
|
|
|
|
|
|
|
|
|
If yes, please list the three most recent engagements.
|
|
|
|
|
|
|
|
|
|
- cansecwest 2005
|
2005-04-22 20:14:52 +02:00
|
|
|
- defcon 2004
|
2005-04-20 06:34:48 +02:00
|
|
|
- blackhat 2004
|
|
|
|
|
|
|
|
|
|
Has or will this presentation be seen in any form? If so, explain how this
|
|
|
|
|
presentation is different from previous versions, and where/when this material
|
|
|
|
|
has been seen before.
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Will or has the speaker(s) be presenting at ANY event 30 days prior to this
|
|
|
|
|
conference? If yes, please specify which event and on what topic(s).
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Presentation Information
|
|
|
|
|
|
|
|
|
|
Name of Presentation:
|
|
|
|
|
|
2005-04-20 07:05:44 +02:00
|
|
|
- Exploitation, and Beyond!
|
|
|
|
|
- Are you in yet?
|
2005-04-20 06:34:48 +02:00
|
|
|
|
|
|
|
|
Select the track(s) that your talk would be most appropriate for your topic (you
|
|
|
|
|
must select at least one of the nine):
|
|
|
|
|
|
|
|
|
|
- Deep Knowledge
|
|
|
|
|
- 0 Day Attack
|
|
|
|
|
|
|
|
|
|
How much time does your presentation require? 75 minutes, 90 minutes or 20
|
|
|
|
|
minutes (turbo track) (please specify)
|
|
|
|
|
|
|
|
|
|
90 minutes
|
|
|
|
|
|
|
|
|
|
What are the three most important reasons why this is a quality Black Hat talk?
|
|
|
|
|
|
|
|
|
|
Reason 1:
|
|
|
|
|
|
2005-04-22 20:28:12 +02:00
|
|
|
There have been many presentations on certain exploitation methods, and
|
|
|
|
|
development. There hasn't been any presentations really discussing a lot of
|
|
|
|
|
work on the little details that have really improved the modern exploit usage.
|
|
|
|
|
Our talk will concentrate less on "this is how you exploit IIS", and more on
|
|
|
|
|
technologies that are required for any attack, and how to further advance in
|
|
|
|
|
this arena. We will discuss new ideas and implementations in post-exploitation,
|
|
|
|
|
IDS evasion, and the future of hacking related technologies.
|
|
|
|
|
|
|
|
|
|
-- these suck, but I sort of want to touch on how we will be different/good --
|
|
|
|
|
|
|
|
|
|
-- or something like --
|
|
|
|
|
|
|
|
|
|
Although we continue to publically release much of our work, there is
|
|
|
|
|
much more involved than just what's released. Blackhat is the perfect venue to
|
|
|
|
|
discuss our ideas, research, design, and development in a detail. It's really
|
|
|
|
|
important to be able to discuss the sort of things we've thought very hard
|
|
|
|
|
about, and present a conclusions that would otherwise be taken for granted.
|
2005-04-20 06:34:48 +02:00
|
|
|
|
|
|
|
|
Reason 2:
|
|
|
|
|
|
|
|
|
|
The technology discussed in this presentation impacts a wide number of
|
|
|
|
|
security related fields including NIDS, HIPS, Anti-Virus, penetration
|
|
|
|
|
testing and the general exploit development cycle.
|
|
|
|
|
|
|
|
|
|
Reason 3:
|
|
|
|
|
|
2005-04-22 20:28:12 +02:00
|
|
|
Many of the audience members can't be fully engaged in the deep world
|
|
|
|
|
of security research. This is a chance for them to get a "view the trenches",
|
|
|
|
|
and see what's actually happening on the attacker security front. Where
|
|
|
|
|
technologies currently stand, and where things are going in the future.
|
2005-04-20 06:34:48 +02:00
|
|
|
|
|
|
|
|
Is there a demonstration? Yes or No
|
|
|
|
|
|
|
|
|
|
Yes
|
|
|
|
|
|
|
|
|
|
Are the speaker(s) releasing a new tool? Yes or No
|
|
|
|
|
|
2005-04-22 20:28:12 +02:00
|
|
|
Possibly, or will talk about many recent (within a year) releases.
|
2005-04-20 06:34:48 +02:00
|
|
|
|
|
|
|
|
Are the speaker(s) releasing a new exploit? Yes or No
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Is there audience participation? Yes or No
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
What are your equipment needs?
|
|
|
|
|
|
|
|
|
|
1 projector.
|
|
|
|
|
|
|
|
|
|
Will you require more than 2 lcd projectors? Yes or No - if yes, please specify
|
|
|
|
|
how many
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Will you require internet access? Yes or No
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Will you require a white board? Yes or No
|
|
|
|
|
|
|
|
|
|
No
|
|
|
|
|
|
|
|
|
|
Will you require any special equipment? Yes or No - if yes, please specify.
|
|
|
|
|
|
|
|
|
|
No
|
