![Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference show](https://d3dthqtvwic6y7.cloudfront.net/podcast-covers/000/047/395/small/black-hat-briefings-las-vegas-2006-video-presentations-from-the-security-conference.jpg)
Summary: "This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a lesser degree). Audience members will learn techniques for identifying when and where these communication objects are being used by applications as well as how to programmatically intercept their creation to assist in fuzzing. iSEC will share tools used for interception and fuzzing including tools for hooking arbitrary executable's creation of IPC primitives. Working examples of fuzzers with source code written in Python and C++ will demonstrate altering of data flowing through these IPC channels to turn simple application functionality tests into powerful security-focused penetration tests. Attendees should be familiar with programming in C++ or Python, and have a security research interest in win32. Developers, QA testers, penetration testers, architects and researchers are the primary target audience for this somewhat technical talk. Jesse Burns is a Principal Partner at iSEC Partners, where he works as a penetration tester. Previous to founding iSEC Partners, Jesse was a Managing Security Architect with @Stake and a software developer who focused on security-related projects on Windows® and various flavors of Unix®. Jesse presented in December of 2004 at the SyScan conference in Singapore on exploiting weakness in the NTLM authentication protocol. He has also presented at OWASP, Directory Management World and for his many security consulting clients on issues ranging from cryptographic attacks to emerging web application threats. He is currently working on a book with Scott Stender and Alex Stamos on attacking modern web applications for publication with Addison Wesley."
