To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Entendido!
Artwork

Tech Blackhat Breifings And Training Blackhat Usa 2005 Black Hat Vegas Blackhat Vegas Hacking Computer Security Speeches Presentations Spoken Word Video Audio Tech News Jeff Moss Podcasting Conventions
Contenido proporcionado por Black Hat / CMP and Jeff Moss. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Black Hat / CMP and Jeff Moss o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

Similar a Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
Get it on App Store Get it on Google Play

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference « »
Michael Sutton and Adam Greene: The Art of File Format Fuzzing

43:18
 
Reproducir
Reproduciendo
Compartir
 

MP3Episodio en casa
Manage episode 155121504 series 1146744
Contenido proporcionado por Black Hat / CMP and Jeff Moss. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Black Hat / CMP and Jeff Moss o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet. As with most vulnerabilities, discovering file format attacks tends to be more art than science. We will present various techniques that utilize file format fuzzing that range from pure brute force fuzzing to intelligent fuzzing that requires an understanding of the targeted file formats. We will present a methodology for approaching this type of research and address issues such as automating the process. Techniques will be discussed to address challenges such as attacking proprietary file formats, overcoming exception handling and reducing false positives. The presentation will include demonstrations of fuzzing tools designed for both the *nix and Windows platforms that will be released at the conference and the disclosure of vulnerabilities discovered during the course of our research. Michael Sutton is a Director for iDEFENSE, a security intelligence company located in Reston, VA. He heads iDEFENSE Labs and the Vulnerability Aggregation Team (VAT). iDEFENSE Labs is the research and development arm of the company, which is responsible for discovering original security vulnerabilities in hardware and software implementations, while VAT focuses on researching publicly known vulnerabilities. His other responsibilities include developing tools and methodologies to further vulnerability research, and managing the iDEFENSE Vulnerability Contributor Program (VCP). Prior to joining iDEFENSE, Michael established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst and Young in Bermuda. He is a frequent presenter at information security conferences. Michael obtained his Certified Information Systems Auditor (CISA) designation in 1998 and is a member of Information Systems Audit and Control Association (ISACA). He has completed a Master of Science in Information Systems Technology degree at George Washington University, has a Bachelor of Commerce degree from the University of Alberta and is a Chartered Accountant. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department. Adam Greene is a Security Engineer for iDEFENSE, a security intelligence company located in Reston, VA. His responsibilities at iDEFENSE include researching original vulnerabilities and developing exploit code as well as verifying and analyzing submissions to the iDEFENSE Vulnerability Contributor Program. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX based system auditing and exploit development. In his time away from computers he has been known to enjoy tea and foosball with strange old women.
  continue reading

61 episodios

#Tech #Blackhat Breifings And Training #Blackhat Usa 2005 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Podcasting #Conventions
Artwork

Michael Sutton and Adam Greene: The Art of File Format Fuzzing

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

published

Reproducir Reproduciendo
iconCompartir
 
MP3Episodio en casa
Manage episode 155121504 series 1146744
Contenido proporcionado por Black Hat / CMP and Jeff Moss. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Black Hat / CMP and Jeff Moss o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet. As with most vulnerabilities, discovering file format attacks tends to be more art than science. We will present various techniques that utilize file format fuzzing that range from pure brute force fuzzing to intelligent fuzzing that requires an understanding of the targeted file formats. We will present a methodology for approaching this type of research and address issues such as automating the process. Techniques will be discussed to address challenges such as attacking proprietary file formats, overcoming exception handling and reducing false positives. The presentation will include demonstrations of fuzzing tools designed for both the *nix and Windows platforms that will be released at the conference and the disclosure of vulnerabilities discovered during the course of our research. Michael Sutton is a Director for iDEFENSE, a security intelligence company located in Reston, VA. He heads iDEFENSE Labs and the Vulnerability Aggregation Team (VAT). iDEFENSE Labs is the research and development arm of the company, which is responsible for discovering original security vulnerabilities in hardware and software implementations, while VAT focuses on researching publicly known vulnerabilities. His other responsibilities include developing tools and methodologies to further vulnerability research, and managing the iDEFENSE Vulnerability Contributor Program (VCP). Prior to joining iDEFENSE, Michael established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst and Young in Bermuda. He is a frequent presenter at information security conferences. Michael obtained his Certified Information Systems Auditor (CISA) designation in 1998 and is a member of Information Systems Audit and Control Association (ISACA). He has completed a Master of Science in Information Systems Technology degree at George Washington University, has a Bachelor of Commerce degree from the University of Alberta and is a Chartered Accountant. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department. Adam Greene is a Security Engineer for iDEFENSE, a security intelligence company located in Reston, VA. His responsibilities at iDEFENSE include researching original vulnerabilities and developing exploit code as well as verifying and analyzing submissions to the iDEFENSE Vulnerability Contributor Program. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX based system auditing and exploit development. In his time away from computers he has been known to enjoy tea and foosball with strange old women.
  continue reading

61 episodios

#Tech #Blackhat Breifings And Training #Blackhat Usa 2005 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Podcasting #Conventions

所有剧集

×
 
Loading …

Bienvenido a Player FM!

Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.

 

Similar a Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

Escucha más de 500 temas
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
Get it on App Store Get it on Google Play

Guia de referencia rapida

Los mejores podcasts
Deportes COPE
Radioestadio
El Transistor
Libros para Emprendedores
Profesor Briceño
Nadie Sabe Nada
A Vivir Que Son Dos Días
Hora de cultura POP!
Economía directa
MarcianoCast
Hora 25
Contacto Sur
Aprendiendo GTD y productividad
Cienciaes.com
Hablando con Científicos - Cienciaes.com
La Tortulia Podcast: Episodios
Radio Ambulante
Dr. Muerte
Leyendas Legendarias
Juego de Asesinos Podcast
Player FM logo
Ayuda/Preguntas frecuentes | Mejorar | Anunciar
Arte|Finanzas|Comedia|Economía|Entretenimiento|Noticias|Política|Religión
Ciencias|Futbol|Deportes|Narración de historias|Tecnología|Crímenes reales
Copyright 2025 | Mapa del sitio | Política de privacidad | Términos de servicio | | Derechos de autor
Episode being played series thumbnail
icon icon
Velocidad
Ajustes de las series
1x
1x
Volume
100%
icon
icon icon
/

Ver Player FM en ...
Player FM
Browser
Chrome
Safari
Firefox
Escucha este programa mientras exploras
Reproducir