Black Hat USA 2010 //schedule

Caesars Palace Las Vegas, NV • July 28-29

( Build & Print Your Own Schedule: Click Here )

day one /USA2010( JULY 28 )

0800 - 0850 + breakfast Black Hat  Sponsor Adobe Systems
0850 - 0900 + jeff moss: welcome & introduction to black hat usa 2010
0900 - 0950 +  keynote speaker: jane holl lute, dhs // augustus ballroom
TRACK //Programmatic //OS Wars //Infrastructure //Reverse Engineering //Mobile //Executive //Cyber War & Peace //Malware
//Network //Bug Collecting //Special Events
ROOM Milano 1+2+3+4 Milano 5+6+7+8 Roman Augustus 1+2 Augustus 3+4 Forum 25 Florentine Augustus 5+6 Forum 24 Neopolitan 1+2+3+4 Pompeian
0950 - 1000 + break
1000 - 1100 Long Le:
Payload Already Inside: Data Re-Use for ROP exploits
Scott Stender,Rachel Engel, Brad Hill:
Attacking Kerberos Deployments
Ben Feinstein, Jeff Jarmoc & Dan King:
The Emperor Has No Clothes: Insecurities in Security Infrastructure
Jeongwook Oh:
ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
The Grugq:
Base Jumping: Attacking GSM Base Station Systems and Mobile Phone Base Bands
Optimizing the Security Researcher and CSO Relationship
Wayne Huang, Caleb Sima:
Drivesploit: Circumventing both automated AND manual drive-by-download detection
Nicholas J. Percoco,
Jibran Ilyas:
Malware Freak Show 2010: The Client-Side Boogaloo
Leandro Meiners,
Diego Sor:
WPA Migration Mode: WEP is back to haunt you…
Ben Nagy:
Industrial Bug Mining - Extracting, Grading and Enriching the Ore of Exploits
Cloud Security Alliance Summit
more info »
1100 - 1115 + coffee service Black Hat  Sponsor Cisco Systems
1115 - 1230 Nicolas Waisman:
Aleatory Persistent Threat
Hernan Ochoa, Agustin Azubel:
Understanding the Windows SMB NTLM Weak Nonce Vulnerability
Jonathan Pollet, Joe Cummins:
Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters
Charlie Miller, Noah Johnson:
Crash Analysis using BitBlaze
David Kane-
More Bugs In More Places: Secure Development On Moble Platforms
Systemic DNS Vulnerabilities and Risk Management
Val Smith, Colin Ames & Anthony Lai:
Balancing the Pwn Trade Deficit
Greg Hoglund:
Malware Attribution: Tracking Cyber Spies and Digital Criminals
Chris Paget:
Extreme-range RFID tracking
Christiaan Beek:
Virtual Forensics
Cloud Security Alliance Summit
more info »
1230 - 1345 + lunch
1345 - 1500 Stephen de Vries:
Hacking Java Clients
Nathan Keltner, Tim Elrod:
Adventures in Limited User Post Exploitation
James Arlen:
SCADA and ICS for Security Experts: How to avoid Cyberdouchery
Barnaby Jack:
Jackpotting Automated Teller Machines Redux
Anthony Lineberry, Timothy
Wyatt & David Richardson:
These Aren't the Permissions You're Looking For
General Michael Hayden:
Cyber war...Are we at war? And if we are, how should we fight it?
Interview: One on One interview with General Michael Hayden
Chris Sumner:
Social Networking Special Ops: Extending Data Visualization Tools for faster Pwnage
Neil Daswani:
mod_antimalware: A Novel Apache Module for Containing web-based Malware Infections
Enno Rey, Daniel Mende:
Burning Asgard - What happens when Loki breaks free
Raj Umadas, Jeremy Allen:
Network Stream Debugging with Mallory
Cloud Security Alliance Summit
more info »
1500 - 1515 + break
1515 - 1630 Lurene Grenier, Richard Johnson:
Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research
olle b:
Standing on the Shoulders of the Blue Monster: Hardening Windows Applications
Dan Kaminsky:
Black Ops Of Fundamental Defense: Web Edition
Matthieu Suiche:
Blue Screen Of the Death is Dead.
Vincenzo Iozzo, Ralf-Philipp Weinmann, Tim Kornau:
Everybody be cool this is a roppery!
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community
Tom Parker:
Finger Pointing for Fun, Profit and War?
Patrick Thomas:
BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing
Nate Lawson, Taylor Nelson:
Exploiting Timing Attacks in Widespread Systems
Arshan Dabirsiaghi:
JavaSnoop: How to Hack Anything Written in Java
Hacker Court
1630 - 1645 + coffee service Black Hat Sustaining Sponsor Microsoft
1645 - 1800 Mariano Nuñez Di Croce:
SAP Backdoors: A Ghost at the Heart of Your Business
Alex Hutton, Allison Miller:
Ushering in the Post-GRC World: Applied Threat Modeling
Shawn Moyer, Nathan Keltner:
Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios
Chris Tarnovsky
Semiconductor Security Awareness, Today and Yesterday
Kevin Mahaffey, John Hering:
App Attack: Surviving the Mobile Application Explosion
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community
Thomas Ryan:
Getting In Bed With Robin Sage
David Fifield:
Mastering the Nmap Scripting Engine
Kenton Born:
PSUDP: A Passive Approach to Network-Wide Covert Communication
Meredith L. Patterson, Len Sassaman:
Exploiting the Forest with Trees
Hacker Court (cont.)
1800 - 1930 + gala reception

The Gala Reception will take place on the Fourth Floor, Palace Ballroom.

+ pwnie awards: presentation »

   day two /USA2010( JULY 29 )

0800 - 0850 + breakfast Black Hat Sponsor Nitro Security
0850 - 0950 +  keynote speaker: general (ret.) michael hayden // augustus ballroom
TRACK //Web Apps //Exploitation //Where the Data Lives //Privacy //Cloud Virtualization //Turbo //Client Side //Meet the Feds //Big Picture //Reverse Engineering Redux //Special Events
ROOM Milano 1+2+3+4 Augustus 1+2 Roman Milano 5+6+7+8 Augustus 3+4 Florentine Augustus 5+6 Forum 25 Forum 24 Neopolitan 1+2+3+4 Pompeian
0950 - 1000 + break
1000 - 1100 Nathan Hamiel, Marcin Wielgoszewski:
Constricting the Web: Offensive Python for Web Hackers
Haroon Meer:
Memory Corruption Attacks: The (almost) Complete History...
William Yerazunis:
Keeping the Good Stuff In: Confidential Information Firewalling with the CRM114 Spam Filter & Text Classifier
Moxie Marlinspike:
New Threats to Privacy: From TIA to Google
Christofer Hoff:
CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity
David Kennedy, Joshua Kelley:
Microsoft Powershell - It's time to own
Jeremiah Grossman:
Breaking Browsers: Hacking Auto-Complete
Craig Heffner:
How to Hack Millions of Routers
Ivan Ristic:
State of SSL on the Internet: 2010 Survey, Results and Conclusions Routers
Rich Smith:
pyREtic – Reversing obfuscated Python bytecode & live Python objects
Breakout Session:
Regional Collegiate Cyberdefense Competition

1100 - 1115 + coffee service Black Hat Sponsor Rapid 7
1115 - 1230 Stefan Esser:
Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits
Julien Tinnes, Tavis Ormandy:
There's a party at Ring0 (and you're invited)
Sumit Siddharth:
Hacking Oracle From Web Apps
Tom Cross:
Unauthorized Internet Wiretapping: Exploiting Lawful Intercept
Grant Bugher:
Secure Use of Cloud Storage
Mikko Hypponen:
You Will be Billed $90,000 for This Call
Adam Shostack:
Elevation of Privilege: The Easy way to Threat Model
Robert Hansen, Josh Sokol:
HTTPS Can Byte Me
Policy, Privacy, Deterrence and Cyber War
Gunter Ollmann:
Becoming the six-million-dollar man
Greg Conti, Sergey Bratus:
Voyage of the Reverser: A Visual Study of Binary Species
Lee Kushner, Mike Murray:
Your Careeer = Your Business
1230 - 1345 + lunch Black Hat Sponsor Qualys
1345 - 1500 David Byrne, Charles Henderson:
GWT Security: Don’t Get Distracted by Bright Shiny Objects
Dino Dai Zovi:
Return-Oriented Exploitation
Cesar Cerrudo:
Token Kidnapping's Revenge
Tiffany Rad:
The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this
Intellectual Property Legislation Chills Research, Disclosure and Innovation
Claudio Criscione:
Virtually Pwned: Pentesting Virtualization
Paul Vixie:
ISC SIE Passive DNS vs. Apache Cassandra
Jason Raber, Jason Cheatham:
Reverse Engineering with Hardware Debuggers
Blitzableiter - the Release
Human Intel
Ryan Smith:
Defenseless in Depth
Mario Vuksan, Tomas Pericin:
TitanMist: Your First Step to Reversing Nirvana
Lee Kushner, Mike Murray:
Things You Wanted To Know But Were Afraid To Ask About Managing Your Information Security Career
1500 - 1515 + break
1515 - 1630 Samy Kamkar:
How I Met Your Girlfriend
Chris Valasek:
Understanding the Low-
Fragmentation Heap: From Allocation to Exploitation
Esteban Martínez Fayó:
Hacking and protecting Oracle Database Vault
Karsten Nohl:
Attacking Phone Privacy
Quynh Nguyen Anh, Kuniyasu Suzaki:
Virt-ICE: Next Generation Debugger for Malware Analysis
Patrick Engebretson, Dr. Josh Pauli & Kyle Cronin:
SpewPAL: How capturing and replaying attack traffic can save your IDS
Andrew Becherer:
Hadoop Security Design? Just Add Kerberos? Really?
Nick Harbour:
The Black Art of Binary Hijacking
Shreeraj Shah:
Hacking Browser's DOM - Exploiting Ajax and RIA
Ex-Fed Confessions
Steve Ocepek, Charles Henderson:
Need a hug? I'm secure.
Rami Kawach:
NEPTUNE: Dissecting Web-based Malware via Browser and OS Instrumentation
Responsible, Full, Half and Half, Medium-Rare: Flavors of Disclosure // ISSA
1630 - 1645 + ice cream sundae social Black Hat Platinum Sponsor RSA
1645 - 1800 Chris Eng, Brandon Creighton:
Deconstructing ColdFusion
Tim Shelton:
Advanced AIX Heap Exploitation Methods
Bryan Sullivan:
Cryptographic Agility: Defending Against the Sneakers Scenario
Don Bailey, Nicholas DePetrillo:
Carmen Sandiego is On the Run!
Georg Wicherski:
dirtbox: a Highly Scalable x86/Windows Emulator
Richard Rushing:
USB - HID, The Hacking Interface Design
Marco Slaviero:
Lifting the Fog
Michael Davis:
Security is Not a Four Letter Word
Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt:
Bad Memories
Meet the Feds Reception
Francis Brown, Rob Ragan:
Lord of the Bing: Taking back search engine hacking from Google and Bing
Damiano Bolzoni, Christiaan Schade:
Goodware drugs for malware: on-the-fly malware analysis and containment
Responsible, Full, Half and Half, Medium-Rare: Flavors of Disclosure // ISSA (cont.)
please note that the schedule is subject to change for either day