[ InsurrectoR @ 05.02.2003. 17:06 ] @
Black Hat would like to make three announcements that may be of interest

- First I would like to make the final announcement for the Black Hat
Windows Security Briefings & Training 2003. Held in Microsoft's back yard,

the conference will be in Seattle, February 26-27th, with two days of
training available on the 24th & 25th. Highlights of the Briefings will
include the much anticipated release of the "Enforcer" tool by Tim Mullen,

Michael Howard & David LeBlanc's presentation on writing secure code, and

Saumil Shah's presentation on assessment techniques utilizing the Fire &

Water tool-kit.

Greg Hoglund, founder of www.rootkit.com and Cenzic, has been added to the

training agenda, and is giving a two day class titled "Aspects of Offensive

Root-kit Technology". This is a first time offering of a class specifically

focusing on Root-kit technology and promises to be stellar.

- Second, almost 75 new presentations have been added on-line! All the
video from Black Hat Windows Security 2002 AND Black Hat USA 2002 are now

on-line. Richard Clarke was the keynote speaker at the July show, and while

there were many excellent technical talks, Jeff Jonas' lunchtime talk on

NORA was not to be missed. We are encoding at a higher quality with a bit

higher resolution. Check out:

- Last I would like to remind everyone that Black Hat has opened the CFP

for our Europe conference which will be held in May in Amsterdam. In the

next few weeks the CFPs for the July, Federal, and Asia conferences will
put on-line. We look forward to your submissions.

Thank you, and I hope your mail client knows how to word wrap.

Jeff Moss
Black Hat

PS: If you want to see the talk David Litchfield gave at the July show in

which he reveals the MS SQL UDP problem that turned into the SQL
Hell/Slammer/Sapphire worm, fire up Real Player and check out the video:
[ InsurrectoR @ 22.02.2003. 12:34 ] @
Call For Papers Announcement: Black Hat Briefings Amsterdam

Whoop! Whoop!


Papers and presentations are now being accepted for The Black Hat Briefings

Amsterdam 2003 event in Amsterdam, The Netherlands, May 14th - 15th, 2003.

Papers and requests to speak will be received and reviewed until March 25th.


The Black Hat Briefings was created to fill the need for computer security

professionals to better understand the security risks and potential threats

to their information infrastructures and computer systems. Black Hat
accomplishes this by assembling a group of vendor-neutral security
professionals and having them speak candidly about the problems businesses

face and their solutions to those problems. No gimmicks -- just straight

talk by people who make it their business to explore the ever-changing
security space.


The Black Hat Europe 2003 Briefings & Training Conference will take place

May 12-15, 2003 at the Grand Hotel Krasnapolsky, Amsterdam, the
Netherlands. Please see the Europe Briefings pages for more information on

hotel, venue, schedules, etc.


March 25, 2003: Call for Papers closes for Black Hat Europe 2003
May 12-13, 2003 Black Hat Europe 2003 Training at the Grand Hotel
Krasnapolsky, Amsterdam, the Netherlands
May 14-15, 2003: Black Hat Europe 2003 Briefings at the Grand Hotel
Krasnapolsky, Amsterdam, the Netherlands


Training Costs vary per class, and Conference costs are $1,095 before April

25th, $1,295 after.


Please visit http://www.blackhat.com/ for previous conference archives,
information, and speeches. Updated announcements will be posted when available.

If you can not submit a CFP for the Amsterdam conference, please consider

the USA conference. The CFP and registration go
live next week.

I hope to see some of you in Seattle for the Windows show!

Jeff Moss
[ InsurrectoR @ 20.07.2003. 19:19 ] @
Black Hat Briefings 2003 - Announcement

B.K. DeLong


Top Academic Researchers & Industry Gurus will Focus on Key
and Offer Comprehensive Strategies to Todays Security Problems; PGP
Phil Zimmermann to Keynote.

http://www.blackhat.com/ -- Black Hat Inc. announced today preliminary
speaker sessions for this summer's Black Hat Briefings and Training 2003,

the annual conference and workshop designed to help computer
better understand the security risks to their computer and information
infrastructures by potential threats. This year's show will focus on 10
tracks of hot topics including Incident Response & Computer Forensics,
Firewalls, Access Control, Routing & Infrastructure, Application
Intrusion Detection, Log Analysis, Privacy & Anonymity, and Law &
The Briefings event is being held 30 through 31 July 2003 at the Caesars

Palace Hotel and Casino in the heart of Las Vegas, with two days of
training preceding it.

Top-notch speakers will deliver to the conference's core audience of IT
network security experts, consultants and administrators the newest
developments on the vital security issues facing organizations using
networks with a mix of operating systems.

"Our goal is to present a vendor-neutral environment where conference
attendees can receive key intelligence in a face-to-face environment
the people developing the tools used by and against hackers," says Jeff
Moss, founder of Black Hat Inc. "Our speakers discuss the strategies
involved in correcting existing problems and inform attendees on
issues, preparing them for the future."

Phil Zimmermann, cryptographic technologist, will be one of the keynotes

headlining the event. Zimmermann is the creator of Pretty Good Privacy
currently a special advisor and consultant for the PGP Corporation. He
best known for being the target of a three-year criminal investigation,
because the US Government held that export restrictions for
software were violated when PGP was spread around the world following
1991 publication as freeware. Zimmermann currently consults for a number
companies and industry organizations on matters cryptographic, and is
a Fellow at the Stanford Law School's Center for Internet and Society.
Before founding PGP Inc, Zimmermann was a software engineer with more
20 years of experience specializing in cryptography and data security,
communications, and real-time embedded systems.

The lineup of Black Hat Briefings presenters for 2003 include:

-- Thomas Akin, Founding Director, Southeast Cybercrime
Institute. Akin is
a Certified Information Systems Security Professional (CISSP) who has
worked in Information Security for almost a decade. He is the founding
director of the Southeast Cybercrime Institute a division or Continuing
Education at Kennesaw State University. He serves as chairman for the
Institute's Board of Advisors and is an active member of the Georgia
Cybercrime Task Force.

-- Jay Beale, Senior Research Scientist, George Washington
Cyber Security Policy and Research Institute. Beale is a security
specialist focused on host lockdown and security audits. He is the Lead
Developer of the Bastille project, which creates a hardening script for
Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and a core

participant in the Center for Internet Security.

-- Chris Conacher, Black Hat Consulting. Conacher has over 6
experience in formal Information Security roles. This time has been
with the Fortune 500 companies BAE Systems (formerly British Aerospace
Marconi Space Systems), BAE Systems Airbus and Intel Corporation. He has

also worked for the Information Risk Management consultancy practice of
'Big 5' firm KPMG LLP where he specialized in 'High-Tech' companies.
time in Information Security has seen him working in England, France,
Germany, Greece, Russia and the USA. His specialties include the
development, deployment and review of corporate information security
programs; the secure integration of Mergers & Acquisitions; data
in disaster recovery planning; and information security business impact

-- Roger Dingledine, Founder & Owner, Moria Research Labs.
Dingledine is a
security and privacy researcher. While at MIT under professor Ron Rivest,

he developed Free Haven, one of the early peer-to-peer systems that
emphasized resource management while retaining anonymity for its
users.Currently he consults for the US Navy to design and develop
for anonymity and traffic analysis resistance. Recent work includes
anonymous publishing and communication systems, traffic analysis
resistance, censorship resistance, attack resistance for decentralized
networks, and reputation.

-- Himanshu Dwivedi, Managing Security Architect, @stake. At @stake,

Himanshu leads the Storage Center of Excellence (CoE), which focuses
research and training around storage technology, including Network
Storage (NAS) and Storage Area Networks (SAN). Himanshu's focus in
is networking technology and storage architecture, specifically Fibre
Channel Security.

-- Jennifer Granick, Litigation Director, Center for Internet
and Society,
Stanford Law School. Ms. Granick's work focuses on the interaction of
speech, privacy, computer security, law and technology. She is on the
of Directors for the Honeynet Project and has spoken at the NSA, to law
enforcement and to computer security professionals from the public and
private sectors in the United States and abroad. Before coming to
Law School, Ms. Granick practiced criminal defense of unauthorized
and email interception cases nationally. She has published articles on
wiretap laws, workplace
privacy and trademark law.

-- The Honeynet Project is a non-profit, all volunteer security
organization dedicated to researching the blackhat community, and
the lessons learned. Made up of thirty security professional, the
deploys Honeynet around the world to capture and analzye blackhat
These lessons are then shared with the security community. The Honeynet
Project began in 1999 and continues to grow with the founding of the
Honeynet Research Alliance.

-- Larry Leibrock, Associate Dean and Technology Officer,
University of
Texas McCombs Business School. Leibrock has held or currently holds
clinical teaching and research appointments at McCombs Business School,
Institute for Advanced Technology, The University of Texas Law School,
Emory University, Helsinki School of Economics and Monterrey
in Mexico City and Monterrey. He is a member of IEEE, ACM, Internet
Society, FIRST and USENIX/SAGE and is also a member of the Department of

Defense Software Engineering Institute and a participant in the Air
Software Technology Conference.

-- Neel Mehta, Application Vulnerability Researcher, ISS X-Force.
works as an application vulnerability researcher at ISS X-Force, and
many other security researchers comes from a reverse-engineering
background. His reverse engineering experience was cultivated through
extensive consulting work in the copy protection field, and has more
recently been focused on application security. Neel has done extensive
research into binary and source-code auditing, and has applied this
knowledge to find many vulnerabilities in critical and widely deployed
network applications.

-- Richard Salgado, Senior Counsel, Computer Crime and
Property Section of the United States Department of Justice. Salgado
specializes in investigating and prosecuting computer network cases,
as computer hacking, denial of service attacks, illegal sniffing, logic
bombs, viruses and other technology-driven privacy crimes. Often such
crimes cross international jurisdictions; Mr. Salgado helps coordinate
manage the investigation and prosecution of those cases and participates
policy development relating to emerging technologies such as the growth
wireless networks, voice-over Internet Protocol, surveillance tools and
forensic techniques.

Black Hat Inc. will also conduct computer security training for several
different topics several days prior to the briefings - 26 through 29

Subjects include:

-- Infrastructure Attacktecs™ & Defentecs™: "Hacking Cisco
-- Aspects of Offensive Root-kit Technology
-- Network Application Design & Secure Implementation
-- NSA InfoSec Assessment Methodology Course
-- OSSTMM Professional Security Analyst (OPSA)
-- Forensics Tools and Processes for Windows XP® Platforms
-- Discover the Hidden: Steganography Investigator Training
-- Enterprise Security From Day 1 to Completion: A Practical
Approach to
Developing an InfoSec Program
-- Microsoft Ninjitsu: Securely Deploying MS Technologies
-- Securing Solaris and Locking Down Linux
-- Ultimate Hacking: Expert Edition

The instructors for the training segment of this year's Black Hat are
of the top experts in their field and are fully-active in the computer
security community. You won't find most of these speakers anywhere else
these handpicked security gurus will train participants in understanding

the real threats to any network and how to keep them from being

To register for BlackHat Briefings, visit the Web site at
http://www.blackhat.com. Direct any conference-related questions to

For press registration, contact B.K. DeLong via email at

About Black Hat Inc.

Black Hat Inc. was originally founded in 1997 by Jeff Moss to fill the
for computer security professionals to better understand the security
and potential threats to their information infrastructures and computer
systems. Black Hat accomplishes this by assembling a group of
vendor-neutral security professionals and having them speak candidly
the problems businesses face and their solutions to those problems.
Hat Inc. produces 5 briefing & training events a year on 3 different
continents. Speakers and attendees travel from all over the world to
and share in the latest advances in computer security. In addition to
Briefings, Black Hat has grown to provide training and consulting
For more information, visit their Web site at http://www.blackhat.com