For those who hadn't heard, I will be presenting at Black Hat Vegas '08 this year with Rob Carter, John Heasman, and Billy Rios. Our presentation is called "The Internet is Broken: Beyond document.cookie - Extreme Client Side Attacks", which may sound like a ridiculous topic, but we will back it up with attacks that have never been demonstrated before. The talk comes equipped with great content, and of course, four of the most handsome security researchers in the industry.
Read more below.
Black Hat has announced that they will be holding a webcast to give a teaser at what attendees will see, and I recommend anyone going to Black Hat or thinking about going register to watch the webcast (it is free). From Black Hat's site:
Black Hat is presenting its very first webcast on June 26, 2008 at 1pm PST/4PM EST. It's scheduled for one hour followed by a Q & A period. The webcast will be presented free of charge and it will focus on previewing the BH USA 2008 event.
The event will be introduced and facilitated by BH Founder and Director Jeff Moss and will feature "teaser talks" - shortened versions of the full presentations lined up for Vegas - by several confirmed speakers who will each provide a brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in August.
To learn more, please visit
To register directly, please visit
Carter, Heasman, Rios, and I will be participating in the webcast (although we may not all make it due to work commitments), and I'm personally excited to be on it just to hear about all the talks. There's a good deal of talks I'm really interested in seeing, here's just a handful of them:
- Pointers and Handles, A Story Of Unchecked Assumptions In The Windows Kernelby Alex Ionescu
- Attacking the Vista Heapby Ben Hawkes
- Return-Oriented Programming: Exploits Without Code Injectionby Hovav Shacham
- Living in the RIA World: Blurring the Line Between Web and Desktop Securityby Alex Stamos, David Thiel, Justine Osborne
- Concurrency Attacks in Web Applicationsby Scott Stender, Alexander Vidergar
- How To Impress Girls With Browser Memory Protection Bypassesby Alexander Sotirov, Mark Dowd
- Bad Sushi: Beating Phishers at Their Own Gameby Nitesh Dhanjani, Billy K Rios
- SQL Injection Worms for Fun and Profit by Justin Clarke
- Mobile Phone Messaging Anti-Forensics by Zane Lackey, Luis Miras
- Protecting Vulnerable Applications with IIS7by Brian Holyfield
It's quite a line-up, and I'm looking forward to a lot of the parties. Looking at the list, ISec Partners is well represented as always with a lot of their guys speaking (shouts to Zane and Scott), and also Ernst & Young's Advanced Security Center is well represented too with a few current and a few former members speaking (myself, Rob Carter, Nitesh Dhanjani are the current, Brian Holyfield, Justin Clarke, Billy Rios, and Kevin Stadmeyer are the former). It should be a great time to reunite with former co-workers and close friends, and as always Jeff Moss and crew will put on a great show.
I'll be of course providing the same great coverage of the event as always, right here on ZDNet.
See you there!
** Images courtesy of the Black Hat website