Best Black Hat Asia Podcasts (2024)

1
Be Fearless Podcast EP 2: Abbas Kudrati, Asia’s Chief Cybersecurity Advisor, Microsoft 40:46

5d ago40:46

40:46

In this episode of The Be Fearless Podcast, SquareX Founder and CEO Vivek Ramachandran has a conversation with Abbas Kudrati, Asia’s Chief Cybersecurity Advisor, Microsoft. With a wealth of experience in corporate cybersecurity, and being a writer of multiple bestselling books, Abbas shares his security journey, advice to CISOs, security paradigms …

1
Be Fearless Podcast EP 1: Jeff Moss, Founder DEF CON and Black Hat 1:28:33

1M ago1:28:33

1:28:33

In the inaugural episode of The Be Fearless Podcast, SquareX Founder and CEO Vivek Ramachandran sits down with Jeff Moss, founder of DEF CON and Black Hat, to discuss everything from the origins of both conferences to how the browser is increasingly becoming a platform of its own, networking advice, and more! 0:10 Introduction 13:59 Growth and Chal…

1
Sherri Sparks and Jamie Butler: "Shadow Walker" Raising The Bar For Rootkit Detection (English) 53:33

17+ y ago53:33

53:33

"Last year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly…

1
Saumil Shah and Dave Cole: Adware/Spyware (English) 1:19:31

17+ y ago1:19:31

1:19:31

"The Business * Timeline?how did we get into this mess? * The players * How their business works * Legislative environment The Technology * Technical overview of different types of programs (taxonomy) * Describe how the programs function * How adware/spyware is installed * Hijacking the system * How it updates itself * Proven techniques to prevent …

1
Michael Sutton and Adam Greene: The Art of File Format Fuzzing (English) 49:04

17+ y ago49:04

49:04

"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern.…

1
Jeff Moss and Panel: Welcome Speech and Security Panel (English ) 1:13:49

17+ y ago1:13:49

1:13:49

Jeff Moss welcomes delegates of the 2004 BlackHat Japan conference and introduces a panel of security experts for a Q&A.By Jeff Moss and Panel

1
Shunichi Arai: Thinking Techie's Social Responsibility - Lessons From Winny Case (Japanese) 51:46

17+ y ago51:46

51:46

"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…

1
Shunichi Arai: Thinking Techie's Social Responsibility - Lessons From Winny Case (English) 52:21

17+ y ago52:21

52:21

"ARAI Shunichi is the chair of freekaneko.com which supports Winny's author Isamu Kaneko. He raised 16 million yen defense fund in a month. He is now researching on anonymity technology and distributed systems as Ph.D. student at Waseda university. He is also a founder and CEO of Mellowtone inc. Arai started programming at age of 3, and now he is c…

1
Chris Eagle: Attacking Obfuscated Code with IDA Pro-(Partial Japanese) 32:28

17+ y ago32:28

32:28

"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …

1
Chris Eagle: Attacking Obfuscated Code with IDA Pro ( English) 1:30:23

17+ y ago1:30:23

1:30:23

"Virtually every virus and worm that circulates the Internet today is ""protected"" by some form of obfuscation that hides the code's true intent. In the Window's world where worms prevail, the use of tools such as UPX, ASPack, and teLock has become standard. Protection of malicious code is not the only goal of binary obfuscators however which can …

1
Riley "Caezar" Eller: Capture the Flag Games: Measuring Skill with Hacking Contests (English) 1:24:38

17+ y ago1:24:38

1:24:38

"With the cost of security experts increasing each year, it is expensive to audit critical systems as often as is needed. Worse yet, it is difficult to know how much to trust the reports since the worst consultants give the most positive answers. In order to address this problem, Caezar proposes a system for ranking the merit of security experts al…

1
Gerhard Eschelbeck: The Laws of Vulnerabilities (English) 1:22:25

17+ y ago1:22:25

1:22:25

"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, a…

1
Joe Grand: Understanding the Hardware Security (Japanese) 1:28:17

17+ y ago1:28:17

1:28:17

"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…

1
Joe Grand: Understanding the Hardware Security (English) 1:20:35

17+ y ago1:20:35

1:20:35

"Hardware security is often overlooked during a product's development, which can leave it vulnerable to hacker attacks resulting in theft of service, loss of revenue, identity theft, unauthorized network access, or a damaged reputation. This presentation will show you how to reduce the number of vulnerabilities in your embedded hardware designs and…

1
David Litchfield: Oracle PLSQL Injection ( English ) 54:21

17+ y ago54:21

54:21

"David Litchfield leads the world in the discovery and publication of computer security vulnerabilities. This outstanding research was recognised by Information Security Magazine who voted him as 'The World's Best Bug Hunter' for 2003. To date, David has found over 150 vulnerabilities in many of today's popular products from the major software comp…

1
Johnny Long: You Got that With Google? (Japanese) 1:28:17

17+ y ago1:28:17

1:28:17

"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …

1
Johnny Long: You Got that with Google?(English) 1:20:35

17+ y ago1:20:35

1:20:35

"This presentation explores the explosive growth of a technique known as ""Google Hacking"". When the modern security landscape includes such heady topics as ""blind SQL injection"" and ""integer overflows"", it's refreshing to see such a deceptively simple tool bent to achieve such amazing results; this is hacking in the purest sense of the word. …

1
Raisuke Miyawaki: Keynote Speech (English) 48:17

17+ y ago48:17

48:17

" * Chairman, Ochanomizu Associates, Tokyo, Japan * Senior Advisor, Commission on Japanese Critical Infrastructure Protection * Research Counselor and Trustee, Institute for International Policy Studies, Tokyo * Vice President, Japan Forum for Strategic Studies Mr. Miyawaki is Japan's leading expert on the role of organized crime in Japan's economy…

1
Hisamichi Okamura: Cybercrime Treaty and Legal Environment of Japanese Computer Crime and Laws(Japanese) 47:48

17+ y ago47:48

47:48

Cybercrime Treaty and Legal Environment of Japanese Computer Crime and LawsBy Hisamichi Okamura

1
Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication(English) 2:24:57

17+ y ago2:24:57

2:24:57

"Security professionals see the compromise of networked systems on a day to day basis. It's something they've come to expect. The blatant exploitation of operating systems, applications, and configurations is a common event and is taken into account by most security engineers. But a different type of security compromise threatens to crumble the und…

1
Daiji Sanai and Hidenobu Seki: Optimized Attack for NTLM2 Session Response (Japanese) 53:03

17+ y ago53:03

53:03

"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…

1
Daiji Sanai and Hidenobu Seki: Optimized Attack for NTLM2 Session Response (English) 51:51

17+ y ago51:51

51:51

"Windows 2000 SP3 or later and Windows XP now use a new network logon authentication method by default, the NTLM2 Session Response. Employed by Windows 2000, this unproven authentication method is considered to reduce the vulnerability found in network LM and NTLM v1 authentication. In this session, we will describe and demonstrate our audit approa…

1
Yuji Ukai: Environment Dependencies in Windows Exploitation(Japanese) 41:58

17+ y ago41:58

41:58

"In the case of vulnerabilities which allow the execution of arbitrary machine code, the reliability of exploitation is swayed by the type of vulnerability, the conditions surrounding the vulnerable code, and the attack vector, among other considerations. The reliability of exploitation an important factor for those attempting to exploit a vulnerab…

1
Charl van der Walt: When the Tables Turn (Japanese) 1:31:56

17+ y ago1:31:56

1:31:56

"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…

1
Charl van der Walt: When the Tables Turn (English) 1:32:09

17+ y ago1:32:09

1:32:09

"Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls & electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the pos…

1
Jeff Moss: Closing Speech (Japanese) 6:08

17+ y ago6:08

6:08

Closing ceremonies and speech given by Jeff Moss.By Jeff Moss

1
Jeff Moss: Closing Speech ( English) 6:15

17+ y ago6:15

6:15

Closing ceremonies and speech given by Jeff Moss.By Jeff Moss

1
Ejovi Nuwere: The Art of SIP fuzzing and Vulnerabilities Found in VoIP (English) 50:13

17+ y ago50:13

50:13

"This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors.The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches f…

1
Katsuya Uchida: Keynote: The Day After... (Japanese) 1:09:15

17+ y ago1:09:15

1:09:15

"ARPANET was established in 1968. In 1971, "creeper"programmed by Bob Thomas moved from computer to computer on ARPANET and displayed on each user's screen "I'm the creeper. Catch me if you can!". Xerox PARC set up the ethernet in 1973 since researchers were interested in the concept of "distributed processing". They were testing programs whose fun…

1
Dominique Brezinski: A Paranoid Perspective of an Interpreted Language (English) 1:16:22

17+ y ago1:16:22

1:16:22

"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not gua…

1
Kenneth Geers: Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond) (English) 1:27:12

17+ y ago1:27:12

1:27:12

"Has your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think …

1
Jeremiah Grossman: Phishing with Super Bait (English) 1:05:44

17+ y ago1:05:44

1:05:44

"The use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It?s imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information.This isn't just another presentation about phishing scams or cross-site scripting. We?re all very f…

1
Chris Hurley: Identifying and Responding to Wireless Attacks (English) 1:04:09

17+ y ago1:04:09

1:04:09

"This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presen…

1
Hideaki Ihara: Forensics in Japan (Japanese) 1:20:44

17+ y ago1:20:44

1:20:44

"In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character enco…

1
Dan Kaminsky: Black Ops Of TCP/IP 2005 (English) 1:21:18

17+ y ago1:21:18

1:21:18

"Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of techn…

1
Satoru Koyama: Botnet survey result. "Our security depends on your security." (Japanese) 1:18:14

17+ y ago1:18:14

1:18:14

"Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets.However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found duri…

1
David Maynor: Architecture Flaws in Common Security Tools (English) 1:09:42

17+ y ago1:09:42

1:09:42

"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TC…

1
Jeff Moss: Closing Speech (English ) 8:32

17+ y ago8:32

8:32

Closing ceremonies and speech given by Jeff Moss.By Jeff Moss

1
Dan Moniz: Six Degrees of XSSploitation (Japanese) 51:49

18y ago51:49

51:49

Social networking sites such as MySpace have recently been the target of XSS attacks, most notably the "samy is my hero" incident in late 2005. XSS affects a wide variety of sites and back end web technologies, but there are perhaps no more interesting targets than massively popular sites with viral user acquisition growth curves, which allow for e…

1
Alex Stamos & Zane Lackey: Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 (English) 1:32:36

18y ago1:32:36

1:32:36

"The Internet industry is currently riding a new wave of investor and consumer excitement, much of which is built upon the promise of "Web 2.0" technologies giving us faster, more exciting, and more useful web applications. One of the fundamental "Web 2.0" is known as Asynchronous JavaScript and XML (AJAX), which is an amalgam of techniques develop…

1
Darren Bilby: Defeating Windows Forensic Analysis in the Kernel (Japanese) 55:26

18y ago55:26

55:26

"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading …

1
Heikki Kortti: Input Attack Trees (Japanese) 1:21:52

18y ago1:21:52

1:21:52

"By modeling all of the possible inputs of a protocol or file format as an input tree, the potential weak points of an implementation can beassessed easily and efficiently. Existing attacks can be reused for similar structures and datatypes, and any complex or susceptible areas can be focused on to improve the probability for success. This method i…

1
Jeremiah Grossman: Hacking Intranet websites from the outside: Malware just got a lot more dangerous (English) 1:24:26

18y ago1:24:26

1:24:26

"Imagine you?re visiting a popular website and invisible JavaScript Malware steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No trace…

1
Joanna Rutkowska: Subverting Vista Kernel For Fun And Profit (English) 1:24:12

18y ago1:24:12

1:24:12

"The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot.Ne…

1
Kenneth Geers & Alexander Eisen: IPv6 World Update:Strategy & Tactics (Japanese) 1:26:00

18y ago1:26:00

1:26:00

"The U.S. Government has mandated that its organizations be IPv6-compliant by June 30, 2008. The Japanese government has already missed more than one IPv6 deadline. But while we can argue about specific dates for compliance and deployment, there is no question but that your organization must begin to prepare for the next generation Internet, and it…

1
Mitsugu Okatani: Keynote: Change in the Meaning of Threat and Technology...What are the Current Trends in Japan? (Japanese) 1:04:21

18y ago1:04:21

1:04:21

"As the Internet becomes a social framework, attacks and incidents with various intents have been actualized. As a result, previously unrelated organizations and groups have become actively engaged in discussions regarding threats and technology. In addition, they have begun to approach and actively engage in creating and implementing information s…

1
Paul Bohm: Taming Bugs: The art and science of writing secure code (English) 1:14:14

18y ago1:14:14

1:14:14

If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations…

1
Scott Stender: Attacking Internationalized Software (English) 1:32:53

18y ago1:32:53

1:32:53

"Every application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation.Some sof…

1
Takayuki Sugiura: Winny P2P Security (Japanese) 1:42:02

18y ago1:42:02

1:42:02

"There have been a series of information leak incidents being happening in Japan regarding to the use of P2P file sharing softwares. But those incidents are just a tip of iceberg. There were expected to be tens of thousands of incidents that even not reported in the news. P2P file sharing softwares usually designed to enhance user anonymity therefo…

1
Thorsten Holz: Catching Malware to Detect, Track and Mitigate Botnets (Japanese) 1:29:27

18y ago1:29:27

1:29:27

"Botnets pose a severe threat to the today?s Internet community. We show a solution to automatically, find, observeand shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automaticallycollect bots with the help of the tool nepenthes.We present the architecture and give technical …

Podcasts Worth a Listen

Black Hat Asia Podcasts

Podcasts Worth a Listen

Quick Reference Guide