To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Podcasting Tech Blackhat Briefings And Training Blackhat Usa 2006 Black Hat Vegas Blackhat Vegas Hacking Computer Security Speeches Presentations Spoken Word Audio Tech News Jeff Moss Video Conventions
Content provided by Black Hat and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Jesse Burns: Fuzzing Selected Win32 Interprocess Communication Mechanisms

1:05:33
 
Play
Playing
Share
 

MP4Episode home
Manage episode 153984284 series 1109074
Content provided by Black Hat and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a lesser degree). Audience members will learn techniques for identifying when and where these communication objects are being used by applications as well as how to programmatically intercept their creation to assist in fuzzing. iSEC will share tools used for interception and fuzzing including tools for hooking arbitrary executable's creation of IPC primitives. Working examples of fuzzers with source code written in Python and C++ will demonstrate altering of data flowing through these IPC channels to turn simple application functionality tests into powerful security-focused penetration tests. Attendees should be familiar with programming in C++ or Python, and have a security research interest in win32. Developers, QA testers, penetration testers, architects and researchers are the primary target audience for this somewhat technical talk. Jesse Burns is a Principal Partner at iSEC Partners, where he works as a penetration tester. Previous to founding iSEC Partners, Jesse was a Managing Security Architect with @Stake and a software developer who focused on security-related projects on Windows® and various flavors of Unix®. Jesse presented in December of 2004 at the SyScan conference in Singapore on exploiting weakness in the NTLM authentication protocol. He has also presented at OWASP, Directory Management World and for his many security consulting clients on issues ranging from cryptographic attacks to emerging web application threats. He is currently working on a book with Scott Stender and Alex Stamos on attacking modern web applications for publication with Addison Wesley."
  continue reading

86 episodes

#Podcasting #Tech #Blackhat Briefings And Training #Blackhat Usa 2006 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Audio #Tech News #Jeff Moss #Video #Conventions
Artwork

Jesse Burns: Fuzzing Selected Win32 Interprocess Communication Mechanisms

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

published

Play Playing
iconShare
 
MP4Episode home
Manage episode 153984284 series 1109074
Content provided by Black Hat and Jeff Moss. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat and Jeff Moss or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a lesser degree). Audience members will learn techniques for identifying when and where these communication objects are being used by applications as well as how to programmatically intercept their creation to assist in fuzzing. iSEC will share tools used for interception and fuzzing including tools for hooking arbitrary executable's creation of IPC primitives. Working examples of fuzzers with source code written in Python and C++ will demonstrate altering of data flowing through these IPC channels to turn simple application functionality tests into powerful security-focused penetration tests. Attendees should be familiar with programming in C++ or Python, and have a security research interest in win32. Developers, QA testers, penetration testers, architects and researchers are the primary target audience for this somewhat technical talk. Jesse Burns is a Principal Partner at iSEC Partners, where he works as a penetration tester. Previous to founding iSEC Partners, Jesse was a Managing Security Architect with @Stake and a software developer who focused on security-related projects on Windows® and various flavors of Unix®. Jesse presented in December of 2004 at the SyScan conference in Singapore on exploiting weakness in the NTLM authentication protocol. He has also presented at OWASP, Directory Management World and for his many security consulting clients on issues ranging from cryptographic attacks to emerging web application threats. He is currently working on a book with Scott Stender and Alex Stamos on attacking modern web applications for publication with Addison Wesley."
  continue reading

86 episodes

#Podcasting #Tech #Blackhat Briefings And Training #Blackhat Usa 2006 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Audio #Tech News #Jeff Moss #Video #Conventions

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox