RSS feed logo header graphic

Black Hat USA 2009 Call For Papers

The Black Hat Briefings USA 2009 CFP is now open.

header graphic

Track listing for Black Hat USA 2009

Official terms list for Black Hat USA 2009

Submit proposals by completing the submissions form on the CFP server at We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Last year we were proud to add a new feature for paid Black Hat attendees – delegate access to our CFP server. Paid delegates can log into our CFP database, read and review our proposed presentations and share their ratings and comments with Black Hat. Your ratings will help us create the show you want to attend, and even help focus presentations as they’re being created. We are excited to see what kind of information interests our delegates and what kind of talks meet their needs best. We’ve always said that our delegates make Black hat the experience it is, and we’re glad to have the opportunity to extend their influence on the final product. To read more about this new opportunity, go to: the Blackpage entry on crowdsourcing. The official FAQ for this new feature is located here. The official FAQ for this new feature is located here.


The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the most important event of its kind, anywhere in the world.


Black Hat does not accept product or vendor related pitches. If your talk is a thinly-veiled advertisement for a new product or service your company is offering, please do not apply.

  1. All presentations must be submitted by the original authors.

  2. We currently only accept submissions by orginal authors of the presentations. PR firms, Speaking relation firms, and all other parties who are not direct authors of submitted presentations ARE NOT ALLOWED to submit materials on behalf of speakers or presenters. We require direct contact with presenters to expedite questions from the reviewers and to fulfill Speaker Obligations as detailed on the Call for Papers Terms and Conditions.

    You MAY NOT submit presentations if you are a third party that wishes to submit materials on behalf of a potential speaker. Only original authors of presentations may submit for the Call for Papers.

  3. Choose a Black Hat Event for your presentation.

  4. Speakers who are chosen to speak at one are not automatically chosen to speak at another. Selecting the event that you are speaking at will determine if you will meet the deadlines for the event. You are currently on the USA 2009 CFP page.

  5. Decide what key subjects/topics your presentation will cover and select the appropriate track.

  6. This is intended to help us place your talk in the appropriate subject/topic category. Because of the unique nature of this conference, the combining of some of the best hackers with security professionals, there will be an emphasis on where the rubber meets the road. What works, what doesn't, and what to do about it.

    The Black Hat USA 2009 Briefings tracks will be*:

    • Track 1: 0-Day
    • Track 2: 0-Day Defense
    • Track 3: Application Security 1.0/2.0
    • Track 4: Bots 'n Zombies
    • Track 5: Web App Sec
    • Track 6: Deep Knowledge
    • Track 7: Forensics & anti-Forensics
    • Track 8: Hardware
    • Track 9: The Network
    • Track 10: New Hotness
    • Track 11: OTA (Over the Air)
    • Track 12: Privacy and Anonymity
    • Track 13: Turbo Talks

    Submitters should check the Black Hat USA 2008 Track Description page to ensure they are submitting for the appropriate track.

    *Note: Track numbers do not indicate day on which it will be assigned and the schedule is subject to change. Tracks are subject to change. If selected, please be aware that you must be available to speak on either day.

  7. Understand the different time constraints.

  8. Generally, talks will be 20 minutes (Turbo Talks only), 75 minutes or 150 minutes. It is expected the speaker will budget time for audience participation and Q&A.

  9. Submit a presentation.

  10. Please submit all prospective proposals by completing the submissions form on the CFP server at

    Speakers may submit more than one proposal but each proposal must be submitted via separate submissions. Create an account at, verify your email address, and away you go.

    You MAY NOT submit presentations if you are a third party that wishes to submit materials on behalf of a potential speaker. Only original authors of presentations may submit for the Call for Papers.

    Submissions are due no later than May 1, 2009.

  11. Submit supporting material.

  12. Plese submit any additional materials after completing the online submission form. Additional materials may include but not be limited to items such as white papers, code, demos, proof of concept, references, resume, etc that may enable us to to help decide whether your topic would be appropriate. Materials should also be sent along to: cfp at

  13. Submit a Log Entry.

  14. We are asking all applicants to submit a log entry along with their presentation. A Black Hat Log entry is an unstructured description of your research written in the first person. Your log entry may be candid, conversational, and include hyperlinks to valuable supporting information. Please try to keep your entry succinct, informative, and fun. An ideal log entry is no longer than 250 words.

If you experience problems with send email to cfp and we will work to resolve the problem.


Talks will be reviewed through a voting process. Submissions get rated on a one to seven scale by each of the reviewers in four areas, and the resulting scores are added up. Those submissions in each category with the highest scores are considered first. In the case of topic overlap a lesser scoring submission may be selected to keep variety in the program. As the complexity and specialization of submissions grow more reviewers are added to the process.

People submitting a talk proposal will get email notification that Black Hat has received the proposal generally within 48-72 hours of receipt of the submission. Once selection has been completed you will receive in email a confirmation of acceptance or rejection.

Speakers will be contacted if there are any questions about their presentations. If your talk is accepted, you can continue to modify and evolve it up until the materials due date, at which time it is frozen for the printed materials and CD ROM.

All presentations must be vendor neutral (no sales pitches for services or products are permitted). Presentations which demonstrate proprietary tool(s) must provide a copy of the tool(s) for distribution on the Black Hat CD and web site. All sources of information, software, etc should be properly cited.

Things that get our attention:

  • Talks that are more technical or reveal new vulnerabilities are of more interest than a review of material covered many times before. We are striving to create a high-end technical conference and any talk that helps reach this goal will be given extra attention.
  • Original content or research that has been created specifically for Black Hat and has not been seen before always gets extra priority as well as demonstrations involving new material, or a new way of presenting information to the attendees.

Note: By speaking at the Black Hat Briefings you are granting Black Hat permission to reproduce, distribute, advertise and show your presentation including but not limited to, printed and/or electronic ads, fliers, mailers, etc.


To meet the goals outlined above, Black Hat expects several things from selected speakers.

If you are going to announce or demonstrate a new tool as the primary focus of your talk, that tool must be made available for the conference CD ROM. We don't want a room full of people all excited about what you have demonstrated only to learn the tool is $12,000 and not available to the general public.

Your completed materials for the printed conference proceedings and CD ROM MUST be submitted by the date specified on the CFP Letter of Acceptance or you will be dropped as a speaker and an alternative will be put in your place.

Black Hat expects speakers to be available during the lunches and reception in order to meet and mingle with the attendees. If you cannot do so, for example because of a business commitment, please let us know when you submit your materials.

Assume that the attendees already understand the basic concepts regarding your topic. For example, if you are talking about cryptography, assume that everyone knows the difference between public key vs. symmetric algorithms. Black Hat strives to be known as a more technical security conference, and as such, expect more high-level details from their speakers. If you must err in one direction or the other, err on the side of more technical.

In your presentation please include a reference to all of the tool(s), law(s), web site(s) or publication(s) you refer to. This bibliography will greatly help attendees who wish to learn more about your subject, but are not sure where to start.

The content you provide for the conference CD ROM should include a copy of all the RFCs, White Papers, and/or tools referenced in your presentation. Attendees really like this, and we do too.

If you are performing a demonstration we expect you to provide all the necessary equipment. We will only provide an internet connection, power, and AV equipment as detailed in the Presentation Resources section.

If your presentation discusses a problem, also present suggested solutions. If no solutions exist please explain why they are not possible or practical and what you think the impact will be. If you present a solution to a new problem also explain what the weaknesses to the solution are, as well as their impact on the problem.


Each presenter is responsible for bringing their own laptop, with US Power Supply/converter and VGA-ready output to run their presentation from. No loaner machines will be available.

We can accommodate most requests if it enhances your presentation and they are made at least four weeks before the show. Current tools we can make available to speakers include LCD projectors, microphones, video switch boxes, white boards and network access.

Black Hat currently provides 2 LCD projectors, 2 screens, a wired microphone, and a video switch box.

This year will be two LCD projectors in a session. If your talk requires any sort of demonstration we encourage you to set up a network (presenters are advised that they are responsible for providing their own hardware and software) and have each machine projecting on one of the LCDs. This way audience members will be able to follow along what is occurring on each node as the talks progress, or the speaker may provide different information on different screen, etc.

There will be internet connectivity should you need network access to demonstrate any aspect of your presentation.

Please forward any additional resource questions to cfp at


If you are selected for the "Turbo Talks" track you will only receive entrance to the Briefings. As a "Turbo Talks" presenter, you WILL NOT receive a speaking honorarium or compensation for hotel or travel.

Category 1 Speaker:

If you have never presented at Black Hat before, and you are selected to present, Black Hat will pay for one presenter's coach class roundtrip airfare and one hotel room for three nights at the Caesars Palace Las Vegas and a speaking honorarium of $500 USD.

Category 2 Speaker:

If you have spoken before at Black Hat you will receive one presenter's roundtrip coach class airfare, one hotel room for three nights at the official Black Hat venue hotel, and a speaking honorarium of $1,000 USD.

If you have been specifically invited to speak you fall into the second category.

If you work for a company that is also an official Black Hat sponsor, we are unable to offer any compensation for travel, accommodations or honorarium.

Speakers who are asked to participate in a panel but who also present on a topic will not be paid an additional honorarium.

Speakers who are asked to present on separate topics at the same conference will earn an honorarium for each presentation. Only the original airfare and hotel room will be covered (no additional rooms, room nights or travel expenses will be provided or reimbursed).

Full conference passes are given to those who actively participate as speakers on accepted presentations. These passes are non-transferable. Co-workers, PR persons, etc who wish to attend the session or conference must register and pay the appropriate conference fees.

Once you have been accepted, you will be contacted by us to make hotel and travel arrangements. Please make sure that you include a valid email address and telephone number (and fax if possible) where you can be reached.


The Black Hat USA 2008 Briefings & Training Conference will take place August 2-7 at the Caesars Palace Las Vegas. Please see the Black Hat USA 2008 Briefings pages for more information on hotel, venue, schedules, etc.


Please visit for previous conference archives, information, and speeches. Updated announcements will be posted to newsgroups, security mailing lists, and the Black Hat web site when available.

Thank you for your time!

Jeff Moss, Director

1997-2009 Black Hat ™