Black Hat USA 2009 //Schedule

Caesars Palace Las Vegas, NV • July 25-30

( Build & Print Your Own Schedule: Click Here )

day one /USA09( JULY 29 )

0800 - 0850 + breakfast Black Hat  Sponsor Cisco Systems
0850 - 0900 + jeff moss: welcome & introduction to black hat usa 2009
0900 - 0950 + keynote speaker: douglas c. merrill / augustus ballroom
TRACK » //Privacy //Infrastructure //Legal: Management //Rootkits //Testing/ Exploiting //Exploitation //Metasploit //Panels //Breakout
LOCATION » Third Floor
Milano Ballroom 5+6+7+8
Third Floor
Roman Ballroom
Third Floor
Milano Ballroom 1+2+3+4
Fourth Floor
Augustus Ballroom 1+2
Fourth Floor
Augustus Ballroom 3+4
Fourth Floor
Augustus Ballroom 5+6
Florentine Ballroom Pompeian Ballroom
Genoa Ballroom
0950 - 1000 + break
1000 - 1100 Billy Hoffman & Matt Wood:
Veiled - A Browser Based Darknet
Router Exploitation
Rod Beckstrom:
Beckstrom's Law
Peter Kleissner:
Stoned Bootkit
Michael Tracy, Chris Rohlf & Eric Monti:
Ruby for Pentesters
John McDonald & Chris Valasek:
Practical Windows XP/2003 Heap Exploitation
Dino Dai Zovi:
Macsploitation with Metasploit
Mike Kershaw:
Kismet and MSF
Chris Gates:
Breaking the "Unbreakable" Oracle with Metasploit
The Laws of Vulnerabilities Research Version 2.0:
Comparing Critical Infrastructure Industries
Hack Your Car with the OpenOtto Project
1100 - 1115 + coffee service Black Hat Platinum Sponsor RSA
1115 - 1230 Andrea Barisani & Daniele Bianco:
Sniff keystrokes with Lasers /Voltmeters
Aaron LeMasters & Michael Murphy:
Rapid Enterprise Triaging
Dmitri Alperovitch:
Fighting Russian Cybercrime Mobsters
Dino Dai Zovi:
Advanced Mac OS X Rootkits
Michael Eddington:
Demystifying Fuzzers
Nathan Hamiel & Shawn Moyer:
Weaponizing the Web
Peter Silberman & Steve Davis:
Metasploit Autopsy - Reconstructing the Crime Scene
CSO Panel:
Black Hat Strategy Meeting
1230 - 1345 + lunch
1345 - 1500 Nitesh Dhanjani:
Graeme Neilson:
Netscreen of the Dead
Tiffany Rad & James Arlen:
Your Mind - Legal Status, Rights and Securing Yourself
Erez Metula:
Managed Code Rootkits
Eduardo Vela Nava & David Lindsay:
Our Favorite XSS Filters and How to Attack Them
Moxie Marlinspike:
More Tricks for Defeating SSL
Using Guided Missiles in Drive-Bys - Automatic Browser Fingerprinting
Analyzing Security Research in the Media
Watcher: Open Source Web-App Security Testing Project
1500 - 1515 + break
1515 - 1630 Steve Topletz, Jonathan Logan & Kyle Williams:
Global Spying
Dan Kaminsky, Len Sassaman:
Something to do with Network Security?
Cormac Herley:
Economics and the Underground Economy
Jeff Williams:
Enterprise Java Rootkits
Stefan Esser:
State of the Art Post Exploitation in Hardened PHP Environments
Mark Dowd, Ryan Smith & David Dewey:
The Language of Trust
MSF & Telephony
Val Smith, Colin Ames & David Kerb:
MetaPhish pt. 1
DC Panel:
Update from Washington
1630 - 1645 + coffee service
1645 - 1800 Alessandro Acquisti:
I just found 10 Million SSNs
Andrew Fried, Paul Vixie & Christopher Lee:
Internet Special Ops
Jennifer Granick:
Computer Crime Year in Review
Alexander Tereshkin, Rafal Wojtczuk:
Introducing Ring -3 Rootkits
Riley Hassell:
Exploiting Rich Content
Joshua "Jabra" Abraham, Robert "RSnake" Hansen:
Unmasking You
Val Smith, Colin Ames & David Kerb:
MetaPhish pt. 2
VC Panel:
Security Business Strategies During a Recession
OWASP and Critical Infra-
1800 - 1930 + gala reception

The Gala Reception will take place on the Fourth Floor, Palace Ballroom.

day two /USA09( JULY 30 )

0800 - 0850 + breakfast Black Hat Sponsor Qualys
0850 - 0950 + keynote speaker: robert lentz / augustus ballroom
TRACK » //Hardware //Reverse Engineering //Cloud/Virtualization //Mobile //Random //Turbo //Panels //Breakout
LOCATION » Third Floor
Milano Ballroom 5+6+7+8
Fourth Floor
Augustus Ballroom 1+2
Fourth Floor
Augustus Ballroom 3+4
Third Floor
Milano Ballroom 1+2+3+4
Fourth Floor
Augustus Ballroom 5+6
Third Floor
Roman Ballroom
Pompeian Ballroom
Genoa Ballroom
0950 - 1000 + break
1000 - 1100 Rafal Wojtczuk, Alexander Tereshkin:
Attacking Intel® Bios
Jeongwook Oh:
Fight Against 1-Day Exploits
Alex Stamos, Andrew Becherer & Nathan Wilcox:
Cloud Computing Models and Vulnerabilities - Raining on the Trendy New Parade
Zane Lackey, Luis Miras:
Attacking SMS
Lockpicking Forensics
Alfredo Ortega:
Deactivate the Rootkit
Kevin Stadmeyer:
Worst of the Best of the Best
Hacker Court OWASP ModSecurity
1100 - 1115 + coffee service
1115 - 1230 Travis Goodspeed:
A 16-bit Rootkit and Second Generation Zigbee Chips
Nick Harbour:
Win at Reversing
Matt Conover:
SADE: Injecting agents in to VM guest OS
Charlie Miller, Collin Mulliner:
Fuzzing the Phone in your Phone
Jeremiah Grossman, Trey Ford:
Mo' Money Mo' Problems
Daniel Raygoza:
Automated Malware Similarity Analysis
Chris Weber:
Unraveling Unicode
Hacker Court con't
1230 - 1345 + lunch Black Hat Sustaining Sponsor Microsoft
1345 - 1500 Joe Grand, Jacob Appelbaum & Chris Tarnovsky:
"Smart" Parking Meter Implementations, Globalism, and You
Danny Quist, Lorie Liebrock:
Reverse Engineering by Crayon
Haroon Meer, Nick Arvanitis & Marco Slaviero:
Clobbering the Cloud!
Kevin Mahaffey, Anthony Lineberry & John Hering:
Is Your Phone Pwned?
Hristo Bojinov, Elie Bursztein & Dan Boneh:
Embedded Management Interfaces
Bryan Sullivan:
Defensive Rewriting
Rachel Engel:
Tony Flick:
Hacking the Smart Grid
Closed Roundtable Discussion
1500 - 1515 + break
1515 - 1630 Chris Tarnovsky:
What the hell is inside there?
K. Chen:
Reversing and Exploiting an Apple® Firmware Update
Kostya Kortchinsky:
Cloudburst - Hacking 3D and Breaking out of VMware
Jesse Burns:
Exploratory Android Surgery
Alexander Sotirov & Mike Zusman:
Breaking the Security Myths of Extended Validation SSL Certificates
Marc Bevand:
MD5 Collisions
Steve Ocepek:
Long-Term Sessions - This Is Why We Can't Have Nice Things
Peter Guerra:
How Economics and Information Security Affects Cyber Crime
Meet the Feds:
Feds vs. Ex-Feds
ACS: Cross-browser Content Security Policy
1630 - 1645 + ice cream sundae social
1645 - 1800 Mike Davis:
Recoverable Advanced Metering Infrastructure
Mario Vuksan & Tomislav Pericin:
Fast & Furious Reverse Engineering with TitanEngine
Bruce Schneier:
Reconceptualizing Security
Vincenzo Iozzo & Charlie Miller:
Post Exploitation Bliss - Loading Meterpreter on a Factory iPhone
Bill Blunden:
Anti-Forensics: The Rootkit Connection
Michael Brooks:
BitTorrent hacks
Mikko Hypponen:
The Conficker Mystery
Muhaimin Dzulfakar:
Advanced MySQL Exploitation
A Black Hat Vulnerability Risk Assessment

18:15 //

iPhone 3.x Exploitation: Pitfalls, Challenges, and Solutions
please note that the schedule is subject to change for either day