Black Hat USA 2011

Black Hat USA 2011 //schedule

Caesars Palace Las Vegas, NV - July 30 - August 4

   day one /USA2011( August 3 )

Day1 //Track 1 //Track 2 //Track 3 //Track 4 //Track 5 //Track 6 //Track 7 //Track 8 //Track 9
0800 - 0850 registration breakfast
TRACK //Bit Flow //Threat Intel //Next-Gen Web //Breaking Software //Embedded Exploitation //Turbo Talks //Deeper Analysis //Applied Knowledge Workshop
Alpha
//Applied Knowledge Workshop
Beta
Room Augustus I + II Augustus III + IV Augustus V + VI Roman Pompeian Florentine Milano I - IV Milano V - VIII Neopolitan I - IV
0850 - 0900 + jeff moss: welcome & introduction to black hat usa 2011
0900 - 0950 +  keynote speaker: cofer black // 10th anniversary of 9/11 and lessons learned for black hat // augustus ballroom
0950 - 1000 + break
1000 - 1100 Don A. Bailey:
War Texting: Identifying and Interacting with Devices on the Telephone Network
Alex Stamos + Aaron Grattafiori + Tom Daniels :
Macs in the Age of the APT
Thomas Roth:
Analyzing SPDY: Getting to know the new web protocol
Jon McCoy:
Hacking .Net Applications: The Black Arts
Karsten Nohl + Chris Tarnovsky:
Reviving smart card analysis
Ang Cui + Jatin Kataria + Salvatore Stolfo:
Killing the Myth of Cisco IOS Diversity: Towards Reliable, Large-Scale Exploitation of Cisco IOS
Aaron LeMasters
Heap spray detection with Heap Inspector
Mario Vuksan + Tomislav Pericin:
Constant Insecurity: Things you didn't know about (PE) Portable Executable file format
Cesar Cerrudo:
Easy and quick vulnerability hunting in Windows
Vivek Ramachandran:
Advanced Wi-Fi Security Penetration Testing
1100 - 1115 + coffee service
1115 - 1230 Gabi Nakibly:
Owning the Routing Table - New OSPF Attacks
Sung-ting Tsai + Ming-chieh Pan:
Weapons of Targeted Attack: Modern Document Exploit Techniques
Matt Johansen + Kyle Osborn:
Hacking Google Chrome OS
Chris Rohlf + Yan Ivnitskiy:
Attacking Clientside JIT Compilers
John McNabb:
Vulnerabilities of Wireless Water Meter Networks
Mark Kennedy + Igor Muttik:
IEEE Software Taggant System
Richard Costa:
The Troika of E-Discovery: Ethics, ESI, and Expertise in a Web 2.0 World
Andrey Belenko:
Overcoming iOS Data Protection to Re-enable iPhone Forensic
Jamie Butler + Justin Murdock:
Physical Memory Forensics for Cache
Cesar Cerrudo:
Easy and quick vulnerability hunting in Windows con't
Vivek Ramachandran:
Advanced Wi-Fi Security Penetration Testing con't
1230 - 1345 + lunch
1345 - 1500 Dan Kaminsky:
Black Ops of TCP/IP 2011
Julia Wolf:
The Rustock Botnet Takedown
Bryan Sullivan:
Server-Side JavaScript Injection: Attacking NoSQL and Node.js
Tarjei Mandt:
Windows Hooks of Death: Kernel Attacks Through User-Mode Callbacks
Dillon Beresford:
Exploiting Siemens Simatic S7 PLCs
Katie Moussouris:
From Redmond with Love!
Joe Skehan
SSH as the next back door. Are you giving hackers root access?
Elie Bursztein + Ivan Fontarensky + Matthieu Martin + Jean-Michel Picod:
Beyond files undeleting.
Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws
Gal Diskin:
Binary Instrumentation workshop for security experts
1500 - 1515 + break
1515 - 1630 Ravi Borgaonkar + Nico Golde + Kevin Redon:
Femtocells: A poisonous needle in the operator's hay stack
datagram:
Tamper Evident Seals - Design and Security
Shreeraj Shah:
Reverse Engineering Browser Components - Dissecting and Hacking Silverlight, HTML 5 and Flex
Dino Dai Zovi:
Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption
Thanassis Giannetsos:
Spy-Sense: Spyware Tool for executing Stealthy Exploits against Sensor Networks
Ivan Ristic:
The Ultimate Study of Real-Life SSL Issues
Jason Raber:
Function Rerouting from Kernel Land "Hades"
Khash Kiani
OAuth - Securing the Insecure
Robert McGrew:
Covert Post-Exploitation Forensics With Metasploit
Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws con't
Gal Diskin:
Binary Instrumentation workshop for security experts con't
1630 - 1645 + coffee service
1645 - 1800 Artem Dinaburg:
Bit-squatting: DNS Hijacking without exploitation
Richard Perkins + Mike Tassey:
Aerial Cyber Apocalypse: If we can do it... they can too.
Fran Brown + Rob Ragan:
Pulp Google Hacking - The Next Generation Search Engine Hacking Arsenal
Paul Sabanal + Mark Yason:
Playing In The Reader X Sandbox
Long Le + Thanh Nguyen:
ARM exploitation ROPmap
Sandy Clark:
Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities
Bradley Anstis:
Affiliate Programs: Legitimate Business or Fuelling Cybercrime?
Johnny Cache
PPI-Geolocation: The next generation of 802.11 visualization and geo-location
Jonathan Brossard:
Post Memory Corruption Memory Analysis
Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws con't
Gal Diskin:
Binary Instrumentation workshop for security experts con't
1800 - 1930 reception & hacker court
1815 - 1900 pwnie awards
1900-2200 circuit – third floor

   day two /USA2011( August 4 )

Day1 //Track 1 //Track 2 //Track 3 //Track 4 //Track 5 //Track 6 //Track 7 //Track 8 //Track 9
0800 - 0850 registration breakfast
TRACK //The World at Large //Enterprise Concerns //Scoping the Issue //Web Hacking //Expanding Complexity //Building 127.0.0.1 //The Mobile Track //Applied Knowledge Workshop
Alpha
//Applied Knowledge Workshop
Beta
Room Augustus I + II Augustus III + IV Augustus V + VI Roman Pompeian Florentine Milano I - IV Milano V - VIII Neopolitan I - IV
0850 - 0950 +  keynote speaker: peiter "mudge" zatko // how a hacker has helped influence the government - and vice versa // augustus ballroom
0900 - 0950 + break
1000 - 1100 Robert Clark:
Legal Aspects of Cybersecurity - (AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my (alleged) answers
Nelson Elhage:
Virtualization under attack: Breaking out of KVM
Jeremiah Grossman + Brad Arkin + Alex Hutton + Adrain Lane + John Johnson:
Trillions of Lines of Code and Counting - Securing Applications At Scale
Kevin Johnson + Tom Eston + Joshua Abraham:
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Andy Davis:
USB - Undermining Security Barriers
Chris Paget:
Microsoft Vista: NDA-less The Good, The Bad, and The Ugly
Riley Hassell + Shane Macaulay:
Hacking Androids for Profit
Mark Russinovich:
Zero Day Malware Cleaning with the Sysinternals Tools
Thomas Roth:
Breaking Encryption in the cloud: Cheap, GPU assisted supercomputing for everyone
1100 - 1115 + coffee service
1115 - 1230 Jennifer Granick:
The Law of Mobile Privacy and Security
Michael Sutton:
Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers
Tavis Ormandy:
Sophail: A Critical Analysis of Sophos Antivirus
Marco Slaviero :
Sour Pickles
Charlie Miller:
Battery Firmware Hacking
Richard Thieme:
Staring into the Abyss: The Dark Side of Secuirity and Professional Intelligence
Stefan Esser:
Exploiting the iOS Kernel
Mark Russinovich:
Zero Day Malware Cleaning with the Sysinternals Tools con't
Thomas Roth:
Breaking Encryption in the cloud: Cheap, GPU assisted supercomputing for everyone con't
1230 - 1345 + lunch
1345 - 1500 Moxie Marlinspike:
SSL And The Future Of Authenticity
David Schuetz:
Inside Apple's MDM Black Box
James Arlen:
Security When Nano-seconds Count
Thomas Ptacek:
Crypto for Pentesters
Greg Ose:
Exploiting USB Devices with Arduino
Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey
Tyler Shields + Anthony Lineberry + Charlie Miller + Chris Wysopal + Dino Dai Zovi + Ralf-Phillipp Weinmann + Nick Depetrillo + Don Bailey:
Owning Your Phone at Every Layer - A Mobile Security Panel
Justin Searle:
Pentesting the Smart Grid
Andrew Case:
Investigating Live CDs using Volatility and Physical Memory Analysis
1500 - 1515 + break

Booksigning with Mark Russinovich and his book "Zero Day: A Novel"

1515 - 1630 Alessandro Acquisti:
Faces Of Facebook - Or, How The Largest Real ID Database In The World Came To Be
Alexander Polyakov:
A Crushing Blow At The Heart of SAP J2EE Engine
Fabian Yamaguchi:
Vulnerability Extrapolation or 'Give me more Bugs like that, please!'
Nathan Hamiel + Justin Engler + Seth law + Gregory Fleischer:
Smartfuzzing The Web: Carpe Vestra Foramina
Jerome Radcliffe:
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System
Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey con't
Anthony Lineberry + Tim Strazzere + Tim Wyatt:
Don't Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle
Justin Searle:
Pentesting the Smart Grid con't
Andrew Case:
Investigating Live CDs using Volatility and Physical Memory Analysis con't
1630 - 1645 + coffee service
1645 - 1800 George Chamales:
Lives On The Line: Defending Crisis Maps in Libya, Sudan, and Pakistan
David Litchfield:
Hacking and Forensicating an Oracle Database Server
Chuck Willis + Kris Britton:
Sticking to the Facts: Scientific Study of Static Analysis Tools
Marco Balduzzi:
Automated Detection of HPP Vulnerabilities in Web Applications
Adam Laurie + Zac Franken + Andrea Barisani + Daniele Bianco:
Chip & PIN is definitely broken
Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey con't
Neil Daswani:
Mobile Malware Madness, and How To Cap the Mad Hatters by
Justin Searle:
Pentesting the Smart Grid con't
Andrew Case
Investigating Live CDs using Volatility and Physical Memory Analysis con't