Black Hat Puts Spotlight on Security Research

The Black Hat conference will bring with it a crowd of IT security pros ready to hear about the latest research into malware, rootkits and hacker tricks. Attendees will hear about attacks on Cisco routers and from researchers from such vendors as Hewlett-Packard.

IT security pros, analysts and researchers are coming together for the meeting of the minds that is Black Hat 2008.

The popular security conference officially kicked off Aug. 2 in Las Vegas with a series of training sessions that wrap up Aug. 5. However, the real buzz for many attendees will be the technical briefings Aug. 6-7 at Caesars Palace.

The activities Aug. 6 will begin with some words from Black Hat founder Jeff Moss and a keynote from author and London School of Economics professor Ian Angell. From there, the conference launches into two days of briefings on several different tracks such as reverse engineering and rootkits.

There is already hype around a number of the sessions, including the much-talked about domain name system protocol flaw discovered by security researcher Dan Kaminsky. Though Kaminsky, who is director of penetration testing at IOActive, sought to keep details of the flaw from going public before his talk, the information eventually leaked out as members of the security community also uncovered the issue. Attack code for the vulnerability has already been found in the wild.

Other presentations that have garnered some press include a talk by researchers from Core Security Technologies demonstrating the deployment of a rootkit targeting Cisco Systems routers. As proof of this concept, Core is slated to demonstrate various methods for infecting Cisco's IOS software, which runs on the majority of its routers, including examples of run-time patching and image binary patching.

Other anticipated talks include a presentation by Billy Hoffman, manager of Hewlett-Packard Security Labs, on malware evading current automated analysis tools by detecting their presence from inside malicious JavaScript.

"I'm going to basically be discussing five different ways JavaScript can detect when it's being run inside one of these sandboxes the defender uses, and I've already seen one of those techniques being used in the wild just this past month," he said in an interview with eWEEK.

The convention will lead into the start of DEFCON 16, another security conference, which will run Aug. 8-10 at the Riviera Hotel & Casino in Las Vegas.