Black Hat USA 2009 //Media Archives

Caesars Palace Las Vegas, NV • July 25-30


white paper document

audio recording

video recording


source material

Event AUDIO & VIDEO: The Source of Knowledge will be onsite to sell audio and video recordings of the Briefings sessions. Their booth will be located outside of the Fourth Floor (Promenade Level), Emperor's Ballroom. You can download the order form here or purchase the media onsite: [ PDF ]

Alessandro Acquisti

I Just Found 10 Million SSN's

Dmitri Alperovitch, Keith Mularski

Fighting Russian Cybercrime Mobsters: Report from the Trenches

Andrea Barisani, Daniele Bianco

Sniff Keystrokes With Lasers/Voltmeters
Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage

Marc Bevand

MD5 Chosen-Prefix Collisions on GPUs

Bill Blunden

Anti-Forensics: The Rootkit Connection

Hristo Bojinov, Dan Boneh, Elie Bursztein

Embedded Management Interfaces: Emerging Massive Insecurity

Michael Brooks, David Aslanian

BitTorrent Hacks

Jesse Burns

Exploratory Android Surgery

K. Chen

Reversing and Exploiting an Apple® Firmware Update

Matt Conover

SADE: Injecting Agents into VM Guest OS

Dino Dai Zovi

Advanced Mac OS X Rootkits


Lockpicking Forensics

Mike Davis

Recoverable Advanced Metering Infrastructure

Nitesh Dhanjani

Psychotronica: Exposure, Control, and Deceit

Mark Dowd, Ryan Smith, David Dewey

The Language of Trust: Exploiting Trust Relationships in Active Content

Muhaimin Dzulfakar

Advanced MySQL Exploitation

Michael Eddington

Demystifying Fuzzers


Using Guided Missiles in Drive-by's: Automatic browser fingerprinting and exploitation with Metasploit

Rachel Engel

Gizmo: A Lightweight Open Source Web Proxy

Stefan Esser

State of the Art Post Exploitation in Hardened PHP Environments

Tony Flick

Hacking the Smart Grid

Andrew Fried, Paul Vixie, Dr. Chris Lee

Internet Special Ops: Stalking Badness Through Data Mining

Chris Gates

Breaking the "Unbreakable" Oracle with Metasploit

Travis Goodspeed

A 16 bit Rootkit and Second Generation Zigbee Chips

Joe Grand, Jacob Appelbaum, Chris Tarnovsky

"Smart" Parking Meter Implementations, Globalism, and You

Jennifer Granick

Computer Crime Year In Review: MySpace, MBTA, Boston College and More

Jeremiah Grossman, Trey Ford

Mo' Money Mo' Problems: Making A LOT More Money on the Web the Black Hat Way

Peter Guerra

How Economics and Information Security Affects Cyber Crime and What It Means in the Context of a Global Recession

Nathan Hamiel, Shawn Moyer

Weaponizing the Web: More Attacks on User-Generated Content

Nick Harbour

Win at Reversing: Tracing and Sandboxing through Inline Hooking

Riley Hassell

Exploiting Rich Content

Billy Hoffman, Matt Wood

Veiled: A Browser-based Darknet

Mikko Hypponen

The Conficker Mystery

Vincenzo Iozzo, Charlie Miller

Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone

Dan Kaminsky

Something about Network Security

Peter Kleissner

Stoned Bootkit

Kostya Kortchinsky

Cloudburst: Hacking 3D (and Breaking Out of VMware)

Zane Lackey, Luis Miras

Attacking SMS

Aaron LeMasters, Michael Murphy

Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe

Robert Lentz

Keynote: Cyberspace, A Fragile Ecosystem

Felix "FX" Lindner

Router Exploitation

Kevin Mahaffey, Anthony Lineberry, John Hering

Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices

Moxie Marlinspike

More Tricks For Defeating SSL

John McDonald, Chris Valasek

Practical Windows XP/2003 Heap Exploitation

Haroon Meer, Nick Arvanitis, Marco Slaviero

Clobbering the Cloud!

Download file contains 11 videos

Erez Metula

Managed Code Rootkits: Hooking into the Runtime Environments

Charlie Miller, Collin Mulliner

Fuzzing the Phone in your Phone

David Mortman

A Black Hat Vulnerability Risk Assessment

Graeme Neilson

Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances

Steve Ocepek

Long-Term Sessions: This Is Why We Can't Have Nice Things

Jeongwook Oh

Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries

Alfredo Ortega, Anibal Sacco

Deactivate the Rootkit

Danny Quist, Lorie Liebrock

Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization

Tiffany Strauchs Rad, James Arlen

Your Mind: Legal Status, Rights and Securing Yourself

Daniel Raygoza

Automated Malware Similarity Analysis

Bruce Schneier

Re-conceptualizing Security

Peter Silberman, Steve Davis

Metasploit Autopsy: Reconstructing the Crime Scene

Val Smith, Colin Ames, David Kerb


Mike Zusman, Alexander Sotirov

Breaking the security myths of Extended Validation SSL Certificates

Kevin Stadmeyer, Garrett Held

Worst of the Best of the Best

Alex Stamos, Andrew Becherer, Nathan Wilcox

Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade

Bryan Sullivan

Defensive Rewriting: A New Take on XSS/XSRF/Redirect-Phishing Defense

Chris Tarnovsky

What the hell is inside there?

Alexander Tereshkin, Rafal Wojtczuk

Introducing Ring -3 Rootkits

Steve Topletz, Jonathan Logan and Kyle Williams

Global Spying: Realistic Probabilities in Modern Signals Intelligence

Michael Tracy, Chris Rohlf, Eric Monti

Ruby for Pentesters

Dustin "I)ruid" Trammell

Metasploit Telephony

Eduardo Vela Nava, David Lindsay

Our Favorite XSS Filters and How to Attack Them

Mario Vuksan, Tomislav Pericin

Fast & Furious Reverse Engineering with TitanEngine

Chris Weber

Unraveling Unicode: A Bag of Tricks for Bug Hunting

Jeff Williams

Enterprise Java Rootkits

Rafal Wojtczuk, Alexander Tereshkin

Attacking Intel® BIOS