Blackhat USA 2010 July 1, 2010 to July 1, 2010, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Malware Attribution: Tracking Cyber Spies And Digital Criminals Greg Hoglund Security Malware
Security Is Not A Four Letter Word Michael L. Davis When security professionals talk with executives about security a four letter word normally comes to ... Security Malware Business
Mod_Antimalware: A Novel Apache Module For Containing Web-Based Malware Infections Neil Daswani Drive-by downloads planted on legitimate sites (e.g., via "structural" and other vulnerabilities in web applications) ... Security Malware
Return-Oriented Exploitation Dino Dai Zovi The latest advances in exploitation of memory corruption vulnerabilities revolve around applying return-oriented exploitation techniques ... Security Exploitation
Javasnoop: How To Hack Anything Written In Java Arshan Dabirsiaghi Anybody who has assessed anything with a thick Java client has probably been frustrated beyond ... Security
Unauthorized Internet Wiretapping: Exploiting Lawful Intercept Tom ( Decius ) Cross For many years people have been debating whether or not surveillance capabilities should be built ... Security Access
Virtually Pwned: Pentesting Virtualization Claudio Criscione Virtualization systems are nowadays ubiquitus in enterprises of any size. Penetration testers and security auditors, ... Security Analysis
Voyage Of The Reverser: A Visual Study Of Binary Species Greg Conti , Sergey Bratus When analyzing large binary objects such as process memory dumps, proprietary data files, container file ... Security Others Forensics
Token Kidnapping'S Revenge Cesar Cerrudo On April 14, 2009 Microsoft released a patch (documented here) to fix the issues detailed ... Security
Gwt Security: Don’T Get Distracted By Bright Shiny Objects David Byrne , Charles Henderson The Google Web Toolkit (GWT) produces some of the slickest web-based applications out there; it’s ... Security Testing
Bad Memories Elie Bursztein , Baptiste Rydstedt No matter which kind of cryptography you are using to defend your network, , sooner ... Security Cryptography
Secure Use Of Cloud Storage Grant Bugher Cloud storage systems like Microsoft's Windows Azure Storage and Amazon's Simple Storage Service allow web ... Security Cloud
Psudp: A Passive Approach To Network-Wide Covert Communication Kenton Born This presentation analyzes a novel approach to covert communication over DNS by introducing PSUDP, a ... Security Browser
Goodware Drugs For Malware: On-The-Fly Malware Analysis And Containment Damiano Bolzoni , Christiaan Schade In this presentation we will show a new approach to perform on-the-fly malware analysis (even ... Security Analysis Malware
Virtual Forensics Christiaan Beek This presentation will be about the problems we are facing when forensic research has to ... Security Forensics
Hadoop Security Design? Just Add Kerberos? Really? Andrew Becherer Distributed computing is a alive and well in 2010. The Hadoop project is carrying the ... Security Media Development
Carmen Sandiego Is On The Run! Don Bailey , Nick Depetrillo The global telephone network is often an opaque and muddy environment where many false assumptions ... Security Privacy
Standing On The Shoulders Of The Blue Monster - Hardening Windows Applications Olle B Microsoft has implemented lots of useful functionality in Windows that they use in their own ... Security
Scada And Ics For Security Experts: How To Avoid Cyberdouchery James Arlen The traditional security industry has somehow decided that they are the white knights who are ... Security
Virt-Ice: Next Generation Debugger For Malware Analysis Quynh Nguyen Anh , Kuniyasu Suzaki Dynamic malware analysis is an important method to analyze malware. The most important tool for ... Security Analysis Malware
Utilizing Code Reuse/Return Oriented Programming In Php Web Application Exploits Stefan Esser In 2009 one of the hottest topics has been code reuse and return oriented programming ... Security Web
Hacking And Protecting Oracle Database Vault Esteban Martínez Fayó Oracle Database Vault was launched a few years ago to put a limit on DBAs ... Security Access Auditing
Spraypal: How Capturing And Replaying Attack Traffic Can Save Your Ids Patrick Engebretson , Kyle Pauli Testing Intrusion Detection Systems (IDS) to ensure the most malicious attacks are detected is a ... Security Testing
Sap Backdoors: A Ghost At The Heart Of Your Business Mariano Croce In any company, the ERP (Enterprise Resource Planning) is the heart of the business technological ... Security Business
Deconstructing Coldfusion Brandon Creighton , Chris Eng ColdFusion is a somewhat forgotten but still very prevalent web application development platform. This presentation ... Security Web Development
The Emperor Has No Clothes: Insecurities In Security Infrastructure Ben Feinstein , Jeff King Your security infrastructure (firewalls, IDS/IPS devices, management consoles, etc.) holds a very sensitive position of ... Security Infrastructure
Blitzableiter - The Release Felix ( FX ) Lindner The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content ... Security Web
Mastering The Nmap Scripting Engine David Fifield , Fyodor Most security practitioners can use Nmap for simple port scanning and OS detection, but the ... Security Web
Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research Lurene ( pusscat ) Grenier , Richard Johnson Much work has been presented in the past few years concerning bug discovery through fuzzing. ... Security Fuzzing Exploitation
Breaking Browsers: Hacking Auto-Complete Jeremiah Grossman Did you know a malicious website, laced with javascript malware, can steal passwords for other ... Security Others Browser
Base Jumping: Attacking Gsm Base Station Systems And Mobile Phone Base Bands The Grugq Recent technological advances have placed GSM tools within the reach of today's security researchers and ... Security Fuzzing
Constricting The Web: Offensive Python For Web Hackers Nathan Hamiel , Marcin Wielgoszewski It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, ... Security Web
Https Can Byte Me Josh Sokol , Robert ( Rsnake ) Hansen HTTPS was created to protect confidentiality and prove integrity of content passed over the web. ... Security Infrastructure Exploitation
The Black Art Of Binary Hijacking Nick Harbour This presentation will unveil a new tool for hijacking executables and discuss the underlying techniques ... Security
Cyber War... Are We At War? And If We Are, How Should We Fight It? Michael v. Hayden It appears that no contemporary issue is more discussed and less understood than "cyber war." ... Security
How To Hack Millions Of Routers Craig Heffner This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to ... Security Access
Cloudinomicon: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back To Information Centricity Christofer ( Hoff ) Hoff Mass-market, low-cost, commodity infrastructure-as-a-Service Cloud Computing providers abstract away compute, network and storage and deliver ... Security Infrastructure
Drivesploit: Circumventing Both Automated And Manual Drive-By-Download Detection Wayne Huang , Caleb Sima This year saw the biggest news in Web security ever­—Operation Aurora, which aimed at stealing ... Security Analysis Malware Browser
Ushering In The Post-Grc World: Applied Threat Modeling Alex Hutton , Allison Miller Risk management at a systemic level is complicated enough that many organizations deem it practically ... Security Risk
You Will Be Billed $90,000 For This Call Mikko Hypponen Computers do not have a built-in billing system. Phones do: it's called the phone bill. ... Security Malware
Everybody Be Cool This Is A Roppery! Tim Weinmann , Vincenzo Iozzo Return-oriented programming is one of the most advanced attack techniques available today. This talk presents ... Security Exploitation Development
Jackpotting Automated Teller Machines Redux Barnaby Jack The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA ... Security
Black Ops Of Fundamental Defense: Web Edition Dan Kaminsky Lets be honest: Year in, year out, we keep finding the same bugs in the ... Security Web
How I Met Your Girlfriend Samy Kamkar How I Met Your Girlfriend: The discovery and execution of entirely new classes of attacks ... Security Firewall Browser
More Bugs In More Places: Secure Development On Moble Platforms David Kane-parry Nothing succeeds like success, and with the attention garnered by Apple’s App Store, many companies ... Security Development
Neptune: Dissecting Web-Based Malware Via Browser And Os Instrumentation Rami Kawach Increased built-in security and robust standard configurations have made the classical operating system vulnerabilities a ... Security Malware Browser
Adventures In Limited User Post Exploitation Tim Elrod , Nathan Keltner Just how much damage *can* be done with EIP under a non-Administrative Windows environment? Much, ... Security Exploitation
Microsoft Powershell - It'S Time To Own David Kennedy , Joshua ( Winfang ) Kelley Microsoft Powershell is an extensible and powerful arsenal to any systems administrator... and hacker. Now ... Security
Exploiting Timing Attacks In Widespread Systems Nate Lawson , Taylor Nelson Much has been written about timing attacks since they first appeared over 15 years ago. ... Security
Payload Already Inside: Data Re-Use For Rop Exploits Long Le Return-oriented programming (ROP) is one of the buzzing advanced exploitation techniques these days to bypass ... Security Exploitation
& Tim Wyatt David Luke Richardson , Anthony Lineberry These Aren't the Permissions You're Looking For The rise of the robot revolution is among ... Security
Deputy Secretary, Department Of Homeland Security Jane holl Lute Ms. Lute has over thirty years of military and senior executive experience in the United ... Security
Changing Threats To Privacy: From Tia To Google Moxie Marlinespike A lot has changed since discussions around digital privacy began. The security community won the ... Security Infrastructure Privacy Community
Memory Corruption Attacks: The (Almost) Complete History... Haroon Meer Buffer Overflows, Stack Smashes and Memory Corruption Attacks have been the info sec headline stealers ... Security
Wpa Migration Mode: Wep Is Back To Haunt You... Leandro Federico Meiners , Diego Sor Cisco access points support WPA migration mode, which enables both WPA and WEP clients to ... Security Access
Crash Analysis Using Bitblaze Noah Johnson , Charlie Miller You’ve fuzzed your favorite application and found a mountain of crashes, now what? BitBlaze is ... Security Analysis
Wardriving The Smart Grid: Practical Approaches To Attacking Utility Packet Radios Nathan Keltner , Shawn Moyer If you haven't just emerged from a coma, you probably have some idea of the ... Security Wireless
Industrial Bug Mining - Extracting, Grading And Enriching The Ore Of Exploits Ben Nagy If bugs are the raw ore of exploits - Rootite, if you like - then ... Security
Attacking Phone Privacy Karsten Nohl Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, ... Security Privacy
Need A Hug? I'M Secure. Charles Henderson , Steve Ocepek 0-days are a lot of fun. Whether it’s an overlooked buffer overflow, a poorly implemented ... Security
Understanding The Windows Smb Ntlm Weak Nonce Vulnerability Hernan Ochoa , Agustin Azubel In February 2010, we found a vulnerability in the SMB NTLM Windows Authentication mechanism that ... Security Access
Exploitspotting: Locating Vulnerabilities Out Of Vendor Patches Automatically Jeongwook Oh We already have many kinds of binary patching systems available. There are commercial ones and ... Security Analysis
Becoming The Six-Million-Dollar Man Gunter Ollmann Starting a life of Internet crime is easy; in fact you’ve probably already doing it ... Security
Extreme-Range Rfid Tracking Chris Paget If you think that RFID tags can only be read a few inches away from ... Security Privacy
Finger Pointing For Fun, Profit And War? Tom Parker Recent incidents commonly thought to be linked to state sponsored activities have given rise to ... Security Analysis Business Forensics
Exploiting The Forest With Trees Meredith L. Patterson , Len Sassaman One of the most difficult aspects of securing a protocol implementation is simply bounding the ... Access Security
Malware Freak Show 2010: The Client-Side Boogaloo Nicholas J. Percoco , Jibran Ilyas We had a busy year. We investigated over 200 incidents in 24 different countries. We ... Security Malware
Electricity For Free? The Dirty Underbelly Of Scada And Smart Meters Jonathan Pollet SCADA Systems control the generation, transmission, and distribution of electric power, and Smart Meters are ... Security Business Statistics
Reverse Engineering With Hardware Debuggers Jason Raber , Jason Cheatham This is a brief tutorial of one of the reverse engineering tools (Hardware Emulator) used ... Security
The Dmca & Acta Vs. Academic & Professional Research: How Misuse Of This Intellectual Property Legislation Chills Research, Disclosure And Innovation Tiffany Rad , Christopher Mooney Fair use, reverse engineering and public discussion of research encourage innovation and self-regulate industries. However, ... Security
Lord Of The Bing: Taking Back Search Engine Hacking From Google And Bing Rob Ragan , Francis Brown During World War II the CIA created a special information intelligence unit to exploit information ... Security
Burning Asgard - What Happens When Loki Breaks Free Enno Rey , Daniel Mende I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ... Security Routing
State Of Ssl On The Internet: 2010 Survey, Results And Conclusions Ivan Ristic SSL (TLS) is the technology that protects the Internet, but very little is actually known ... Security SSL
Usb - Hid, The Hacking Interface Design Richard Rushing The USB HID class describes devices used with nearly every modern computer. Many predefined functions ... Security
Getting In Bed With Robin Sage Thomas Ryan Given the vast number of security breaches via the internet, the experiment seeks to exploit ... Security Exploitation
Hacking Browser'S Dom - Exploiting Ajax And Ria Shreeraj Shah Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams ... Security Access
Advanced Aix Heap Exploitation Methods Tim Shelton With the ever increasing importance of providing and maintaining reliable services for both infrastructure support ... Security Exploitation
Elevation Of Privilege: The Easy Way To Threat Model Adam Shostack Threat modeling is critical to secure development, and people find it intimidating and tough to ... Security
Hacking Oracle From Web Apps Sumit "sid" Siddharth This talk will focus on exploiting SQL injections in web applications with oracle back-end and ... Security Web
Lifting The Fog Marco Slaviero Cloud services continue to proliferate and new users continue to flock, in a clear demonstration ... Security Exploitation Cloud
Pyretic – Reversing Obfuscated Python Bytecode & Live Python Objects Rich Smith Increasing numbers of commercial and closed source applications are being developed in Python. The Developers ... Security Access
Defenseless In Depth Ryan Smith Defense in Depth (DiD) is a term commonly used by the security industry to describe ... Security
Balancing The Pwn Trade Deficit Colin Lai , Val Smith China has become a major player in the security community in recent years. From numerous ... Security Community Analysis
Attacking Kerberos Deployments Scott Stender , Brad Engel The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability ... Security
Blue Screen Of The Death Is Dead Matthieu Suiche This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and ... Security
Cryptographic Agility: Defending Against The Sneakers Scenario Bryan Sullivan In the movie Sneakers, a brilliant young mathematician invents a device that defeats a public-key ... Security Cryptography
Social Networking Special Ops: Extending Data Visualization Tools For Faster Pwnage Chris Sumner If you’re ever in a position when you need to pwn criminals via social networks ... Security Analysis
Semiconductor Security Awareness, Today And Yesterday Christopher Tarnovsky Walk through various countermeasures that have been found and overcome in various devices. Will include ... Security
Blindelephant: Webapp Fingerprinting And Vulnerability Inferencing Patrick Thomas Standard known web applications such as blogging, forum and e-commerce software make up over half ... Security Web Community Automation
There'S A Party At Ring0 (And Yore Invited) Julien Tinnes , Taviso Ormandy Getting to ring0 is the final step towards complete system compromise and can also be ... Security
Network Stream Debugging With Mallory Jeremy Allen , Rajendra Umadas Using the same techniques that governments use to surreptitiously read private email and SSL encrypted ... Security
Understanding The Low-Fragmentation Heap: From Allocation To Exploitation Chris Valasek Over the years, heap exploitation has continued to increase in difficulty, along with the complexity ... Security Exploitation
Sie Passive Dns And The Isc Dns Database Paul Vixie , Robert Edmonds Passive DNS replication is a technique invented by Florian Weimer for tracking changes to the ... Security DNS
Hacking Java Clients Stephen de Vries The presentation will demonstrate a complete analysis and compromise of a Java client-server application using ... Security Analysis Development Testing
Titanmist: Your First Step To Reversing Nirvana Mario Vuksan , Tomislav Pericin Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. ... Security Community Automation
Aleatory Persistent Threat Nicolas Waisman Over the years, exploitation objectives have changed alongside the associated efforts by vendors to protect ... Security Community Exploitation
Dirtbox, A Highly Scalable X86/Windows Emulator Georg Wicherski The increasing amount of new malware each day does not only put anti-virus companies up ... Security Analysis Malware
Keeping The Good Stuff In: Confidential Information Firewalling With The Crm114 Spam Filter & Text Classifier William Yerazunis In this whitepaper we consider the problem of outbound-filtering of emails to prevent accidental leakage ... Security
The Social Networking Corporate Threat Chen Gour-arie Social Networking Sites (SNS) and Web 2.0 platforms have been growing rapidly over the past ... Web Social Media