June 15th, 2008
Black Hat '08 preview webcast on its way
Ladies and gents,
For those who hadn’t heard, I will be presenting at Black Hat Vegas ‘08 this year with Rob Carter, John Heasman, and Billy Rios. Our presentation is called “The Internet is Broken: Beyond document.cookie - Extreme Client Side Attacks“, which may sound like a ridiculous topic, but we will back it up with attacks that have never been demonstrated before. The talk comes equipped with great content, and of course, four of the most handsome security researchers in the industry.
Read more below.
Black Hat has announced that they will be holding a webcast to give a teaser at what attendees will see, and I recommend anyone going to Black Hat or thinking about going register to watch the webcast (it is free). From Black Hat’s site:
Black Hat is presenting its very first webcast on June 26, 2008 at 1pm PST/4PM EST. It’s scheduled for one hour followed by a Q & A period. The webcast will be presented free of charge and it will focus on previewing the BH USA 2008 event.
The event will be introduced and facilitated by BH Founder and Director Jeff Moss and will feature “teaser talks” - shortened versions of the full presentations lined up for Vegas - by several confirmed speakers who will each provide a brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in August.
To learn more, please visit
To register directly, please visit
Carter, Heasman, Rios, and I will be participating in the webcast (although we may not all make it due to work commitments), and I’m personally excited to be on it just to hear about all the talks. There’s a good deal of talks I’m really interested in seeing, here’s just a handful of them:
- Pointers and Handles, A Story Of Unchecked Assumptions In The Windows Kernelby Alex Ionescu
- Attacking the Vista Heapby Ben Hawkes
- Return-Oriented Programming: Exploits Without Code Injectionby Hovav Shacham
- Living in the RIA World: Blurring the Line Between Web and Desktop Securityby Alex Stamos, David Thiel, Justine Osborne
- Concurrency Attacks in Web Applicationsby Scott Stender, Alexander Vidergar
- How To Impress Girls With Browser Memory Protection Bypassesby Alexander Sotirov, Mark Dowd
- Bad Sushi: Beating Phishers at Their Own Gameby Nitesh Dhanjani, Billy K Rios
- SQL Injection Worms for Fun and Profit by Justin Clarke
- Mobile Phone Messaging Anti-Forensics by Zane Lackey, Luis Miras
- Protecting Vulnerable Applications with IIS7by Brian Holyfield
It’s quite a line-up, and I’m looking forward to a lot of the parties. Looking at the list, ISec Partners is well represented as always with a lot of their guys speaking (shouts to Zane and Scott), and also Ernst & Young’s Advanced Security Center is well represented too with a few current and a few former members speaking (myself, Rob Carter, Nitesh Dhanjani are the current, Brian Holyfield, Justin Clarke, Billy Rios, and Kevin Stadmeyer are the former). It should be a great time to reunite with former co-workers and close friends, and as always Jeff Moss and crew will put on a great show.
I’ll be of course providing the same great coverage of the event as always, right here on ZDNet.
See you there!
-Nate
** Images courtesy of the Black Hat website
Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.
