Black Ops 2012

Home > Security > Black Ops 2012

Black Ops 2012

August 6, 2012 Dan Kaminsky Leave a comment Go to comments

Here’s my slides from Black Hat and Defcon for 2012. Pile of interesting heresies — should make for interesting discussion. Here’s what we’ve got:

1) Generic timing attack defense through network interface jitter
2) Revisiting Random Number Generation through clock drift
3) Suppressing injection attacks by altering variable scope and per-character taint
4) Deployable mechanisms for detecting censorship, content alteration, and certificate replacement
5) Stateless TCP w/ payload retrieval

I hate saying “code to be released shortly”, but I want to post the slides and the code’s pretty hairy. Email me if you want to test anything, particularly if you’d like to try to break this stuff or wrap it up for release. I’ll also be at Toorcamp, if you want to chat there.

Categories: Security

Comments (2) Trackbacks (1) Leave a comment Trackback

lkafle

August 6, 2012 at 2:38 am

Reply

Reblogged this on lava kafle kathmandu nepal.
Anssi Porttikivi

August 6, 2012 at 1:00 pm

Reply

Just as a kudos to Rob Pike and friends, I think Plan 9 and maybe Inferno OS uses the DakaRand idea, calling it “duelling clocks”… I have Googled like yearly, that why is nobody doing it…

August 15, 2012 at 6:16 am

twuewand 2.0 released » Ryan Finnie

Security Talks

2014

Yet Another Dan Kaminsky Talk: Hard Drive Operating Systems, Storage XOR Execution, Secure Random By Default, Cryptomnemonics, Ending Use After Free in Browsers, Fast Spoofed DDoS Tracing, NSA Crypto Fallout
Slides
2012

Black Ops: Practical System-Wide Timing Attack Defense, Real World Entropy Generation For Devices, Safe String Interpolation, Image Loads For Censorship Detection, Certificate Extraction w/ Flash Sockets, Stateless TCP Sockets
Slides
2011

Black Ops of TCP/IP 2011: Bitcoin Cloud Deanon/Data Embedding, External Interface UPNP, TCP SEQ# Attacks Revisted, Generic Password to Asymmetric Key Generation, Net Neutrality Validation
Slides
2010

Introducing The Domain Key Infrastructure:
Zero Configuration DNSSEC Serving, End-To-End Client Integration w/ UI Via OpenSSL and Secure Proxies, Federated OpenSSH, DNS over HTTP/X.509, Self-Securing URLs, Secure Scalable Email (Finally!)
Slides
Code (Phreebird Suite)
Black Hat USA Slides

Interpolique:
Where's The Safety in Type Safety?, Preventing Injection Attacks (XSS/SQL) With String Safety, Why Ease Of Use Matters, Automatic Query Parameterization, How LISP Was Right About Dynamic Scope, Dynamic DOM Manipulation For Secure Integration of Untrusted HTML
Slides Audio
Code

Realism in Web Defense:
Why Security Fails, What's Wrong With Session Management On The Web, The Failure Of Referrer Checking, Interpreter Suicide, Towards a Real Session Context, Treelocking, The Beginnings of Interpolique
Slides
2009

Staring Into The Abyss:
Middleware Fingerprinting, Firewall Rule Bypass, Internal Address Disclosure, Same Origin Attacks Against Proxied Hosts, TCP NAT2NAT via Active FTP And TCP Spoofing
Slides Paper

Black Ops Of PKI:
Structural Weaknesses of X.509, Architectural Advantages of DNSSEC, ASN.1 Confusion, Null Terminator Attacks Against Certificates
Slides Video
Financial Cryptography Paper
2008

It's The End Of The Cache As We Know It:
DNS Server+Client Cache Poisoning, Issues with SSL, Breaking “Forgot My Password” Systems, Attacking Autoupdaters and Unhardened Parsers, Rerouting Internal Traffic
Black Hat Slides
BH Fed Slides (Adds Drupal, DNSSEC)
Video Audio
"Illustrated Guide To The Kaminsky Bug"
Sarah on DNS

Ad Injection Gone Wild:
Subdomain NXDOMAIN injection for Universal Cross Site Scripting
Slides
2007

Design Reviewing The Web:
DNS Rebinding, VPN to the Browser, Provider Hostility Detection, Audio CAPTCHA Analysis
Slides Video
2006

Pattern Recognition:
Net Neutrality Violation Detection, Large Scale SSL Scanning, Securing Online Banking, Cryptomnemonics, Context Free Grammar Fuzzing, Security Dotplots
Slides
Weaponizing Noam Chomsky, or Hacking with Pattern Languages:
The Nymic Domain, XML Trees For Automatically Extracted Grammar, Syntax Highlighting for Compression Depth, Live Discovered Grammar Rendering, "CFG9000" Context Free Grammar Fuzzer, Dotplots for Format Identification and Fuzzer Guidance, Tilt Shift Dotplots, Visual Bindiff
Slides Video Code
2005:

Black Ops of TCP/IP 2005.5:
Worldwide DNS Scans, Temporal IDS Evasion, the Sony Rootkit, MD5 Conflation of Web Pages
Slides Video
2004:

MD5 To Be Considered Harmful Someday:
Applied Attacks Against Simple Collisions Via Malicious Appendage, Executable Confusion, Auditor Bypass, Bit Commitment Shirking, HMAC Implications, Collision Steganography, P2P Attacks Against Kazaa Hash
Slides Paper
Code (Confoo)
Code (Stripwire)

Black Ops of DNS:
Tunneling Audio, Video, and SSH over DNS
Slides Audio
Code (OzymanDNS 0.1)
Code (OzymanDNS 0.1 for Windows)
2003:

Stack Black Ops:
Generic ActiveX, SQL for Large Network Scans, Bandwidth Brokering, SSL for IDS’s
Slides Audio
Code (Paketto Keiretsu 2.00pre5)
2002:

Black Ops of TCP/IP:
High Speed Scanning, Parasitic Traceroute, TCP NAT2NAT
Slides Audio 1 Audio 2
Code (Paketto Keiretsu 1.01)
2001:

Gateway Cryptography:
SSH Dynamic Forwarding, Securing Meet-In-The-Middle, PPTP over SSH
Slides Audio
SSH Cheat Sheet

Dan Kaminsky's Blog

Black Ops 2012

Leave a comment Cancel reply

Email Subscription

Contact Information

Major Projects

Security Talks

Other Research

@dakami

Login

Dan Kaminsky's Blog

Black Ops 2012

Share this:

Leave a comment Cancel reply

Email Subscription

Contact Information

Major Projects

Security Talks

Other Research

@dakami

Login