rss feed icon and link header graphic

Black Hat USA 2009 Track Descriptions

CFP for USA 2009 Now Open.


The Ø-Day Attack track will only contain new presentations that reveal Ø-Days. If you are revealing a new Ø-Day to the world, this is the track for you. In return for not announcing in advance Black Hat will help promote your presentation in advance and afterwards. Here are the rules: Here are the rules:

1. Because Black Hat subscribes to the concept of responsible disclosure, the vendor or developer of the affected vuln should be notified in advance so they have time to respond. As long as the vendor and the bug finder don't announce before the Black Hat presentation you are good.

2. The Ø-Day has to be revealed to the reviewers to validate, and it won't be revealed to anyone but the reviewers.


"Ø-day" vulnerabilities are a fact of life, but how we deal with them varies greatly. Some build elaborate multi-layer defense in depth systems while some accept the risks and invest in response strategies. This track will deal with the strategies and technologies that have evolved to deal with the Ø-day. Topics might include how to defend against unknown vulnerabilities using system call tracing, randomized stack or heap memory, process sandboxes, tools for code auditing, MAC policies, etc. Lessons learned stories may include case studies of how your organization reacted to a Ø-day Malware attack or how you reversed a malicious binary, highlighting what worked and what didn't.


As network routers, fire walls, and operating systems become more mature, the security surrounding applications have become one of the most popular attack vectors, on and off the web. Talks may cover reverse engineering binaries to find or fix vulnerabilities, source code analysis, secure coding practices, black box testing tools, and configuration best practice guidelines would all be appropriate for this track.


You can't go a day without reading an article about the Storm or McColo bot nets, or the latest version of the WebAttacker or MPACK toolkits. What are the trends with massive botnets? How do we realistically deal with their implications? Tools, analysis and defenses related to botnets fit this new track.


Talks specifically dealing with web application security issues, from either the client browser or the server side. In the "Web 2.0" world this might mean format string problems, improper input validation testing, improper authentication, SQL injections, XSS and related problems. How do we find or fix these problems? Presentations may cover strategies for auditing web applications, vulerabilities in J2EE implimentations, browser bugs, etc.?


In depth presentations on a variety of topics. Not for the faint of heart. If your topic requires a minimum of 150 minutes, this track with give you the time necessary to cover your technical topic in depth.


So, you think you have been hacked? This track will deal with what you should do after you suspect a system or network compromise. Topics could include log analysis of HIDS or NIDS alerts, disk imaging and forensics, system baseline analysis, live system acquisition, memory dump analysis, etc. would be examples of the forensics portion of this track. On the anti-forensics front, techniques for hiding your processes in memory, strategies for never touching the disk to avoid drive analysis tools, 'evidence-eliminator' type tools and their limitations would all be appropriate.


With more and more bits of software running on embedded appliances, this track focuses on the security surrounding both attacking these devices as well as defending them. Talks might include reverse engineering security tokens, RFID chips, iPhones, or routers. Differential Power Attacks, tricky use of JTAG ports, or turning your PS3 into a SIMD password cracker.

I am particularly interested in attacks against "secure" hardware such as passports, tokens, crypto cards and accelerators, and TPM implementations.


Issues surrounding the network. What network you ask? Any network! SS7, x.25, IPv6, or maybe something is wrong with 802.11n or SCADA? As more networks are built and legacy systems integrated we are discovering all kinds of unintended consequences. Talks could cover network scanning, mapping, transient trust problems, driver issues, implementation disasters, or spoofing for example.


Have a topic you think is hot? Something that will pave the way to a new class of vulns, open the door to new areas of research? Found a problem with large implications? A defense that changes the game for attackers? Let the reviewers know why your topic is hot and it might land here.


OTA: Over the Air over the Air covers security related to all wireless technologies from HSDPA (3.5G), WiFi/WiMax, Infrared, RFID, GSM/3G, etc. While not technically a wireless security specific problem, Man in the Middle attacks against wireless systems would also fit in this track. From passive monitoring and decryption to active replay attacks, this track is wireless specific.


This track is intended for the growing set of topics that fall under the broad umbrella of virtualization. If you've got fresh research and insight into the world of virtualized security, this is the track for you.


Back again for 2009, The Turbo Talks track will consist of 20 minute talks covering subjects that do not require a full length presentation slot. Topics can range widely, and there are no specific guidelines for what must be included. Examples might include the announcement of a new security project or initiative, the release of research data, a quick tip or techniques talk on a very specific topic, a call for participation in a study, a question and answer session surrounding a new law, etc. Please note: Because of the nature of this track Black Hat will not pay a speaking, hotel, or airfare fee. Selected presenters will receive a full conference pass, though.

Questions may be sent to cfp at

1997-2009 Black Hat ™