SecDocs Feed for author Val Smith

[Paper] Balancing the Pwn Trade Deficit

Tue, 27 Sep 2011 20:52:19 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: exploiting
Event: Black Hat USA 2010
Abstract: China has become a major player in the security community in recent years. From numerous news articles regarding government, military and commercial spying, to high profile cases such as the recent attack on Google, the tools, research and hacking groups coming out of China are are high on everyone's radar. This talk will provide an analysis of the Chinese hacking community, including its capabilities, goals, and cultural differences as well as similarities. A deep technical analysis and reverse engineering of prominent Chinese tools and techniques will be provided as well. We will highlight specifics such as binary obfuscators, encryption, and specific stealth techniques in order to round out an, up til now, spotty picture about this formidible member of the security community.

[Paper] Covert Debugging: Circumventing Software Armoring Techniques

Tue, 14 Jun 2011 20:51:16 +0200

Authors: Danny Quist Val Smith
Tags: reverse engineering debugging
Event: Black Hat USA 2007

[Slides] Covert Debugging: Circumventing Software Armoring Techniques

Tue, 14 Jun 2011 20:50:58 +0200

Authors: Danny Quist Val Smith
Tags: reverse engineering debugging
Event: Black Hat USA 2007

[Paper] Tactical Exploitation

Tue, 07 Jun 2011 18:35:35 +0200

Authors: H.D. Moore Val Smith
Tags: exploiting
Event: Black Hat USA 2007

[Slides] Tactical Exploitation

Tue, 07 Jun 2011 18:34:58 +0200

Authors: H.D. Moore Val Smith
Tags: exploiting
Event: Black Hat USA 2007

[Video] Balancing the Pwn Trade Deficit

Sun, 03 Apr 2011 13:07:58 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: malware
Event: DEFCON 18

[Audio] Balancing the Pwn Trade Deficit

Sun, 03 Apr 2011 12:23:45 +0200

Authors: Anthony Lai Colin Ames Val Smith
Tags: malware
Event: DEFCON 18

[Audio] Dissecting Web Attacks

Fri, 13 Aug 2010 11:08:00 +0200

Authors: Colin Ames Val Smith
Tags: malware web malware analysis
Event: Black Hat DC 2009

[Video] Dissecting Web Attacks

Fri, 13 Aug 2010 11:08:00 +0200

Authors: Colin Ames Val Smith
Tags: malware web malware analysis
Event: Black Hat DC 2009

[Video] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:37 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Slides] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:36 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Audio] MetaPost-Exploitation

Sun, 01 Aug 2010 06:11:34 +0200

Authors: Colin Ames Val Smith
Tags: Metasploit exploiting
Event: Black Hat USA 2008

[Slides] Why Black Hats Always Win

Sun, 23 May 2010 16:04:00 +0200

Authors: Val Smith
Tags: exploiting
Event: Black Hat DC 2010
Abstract: From the origins of hacking and black hat hackers a new industry called penetration testing has evolved. Penetration testing is intended to emulate a real attacker in order to uncover what vulnerabilities an organization may have that could put them at risk so they can be fixed. This has led to the term "White Hat Hacker" being used to describe those who perform these tests. However the goals of a White Hat differ greatly from the goals of a Black Hat, as do the mindsets. This presentation will describe these differences as well as some of the things black hats have to consider that white hats may not even be aware of. This paper will explain why black hats have the advantage over white hats and why the penetration industry has to change. The take away from this presentation is that current common penetration methodologies are ineffective in demonstrating the actual risk and threats that exist and hopefully provide some insight into how real attacks actually work from the point of view of a black hat.