SOURCE Boston 2010 April 20, 2010 to April 22, 2010, Boston, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote1 Andy Purdy None Security
Keynote2 Hd Moore None Security
Keynote3 Mary Ann Davidson None Security
Keynote4 Sam Curry None Security
0-Knowledge Fuzzing Vincenzo Iozzo Nowadays fuzzing is a pretty common technique used both by attackers and software developers. Currently ... Security Fuzzing
Linux Kernel Exploitation: Earning Its Pwnie A Vuln At A Time, Jon Oberheide As userspace applications and services become increasingly hardened against traditional memory corruption exploits, operating system ... Security Community Exploitation
Nt Object Insecurity Riley Hassell At the core of the Microsoft Windows operations system is the Object Manager. This subsystem ... Security
Windows File Pseudonyms: Pwnage And Poetry Daniel Crowley In Windows systems, path and filename normalization routines have some interesting quirks. One file can ... Security Access
An Uninvited Guest (Who Won'T Go Home) Bill Blunden While there are a multitude of battle-tested forensic tools that focus on disk storage, the ... Security Analysis
Attacking Webos Chris Clark WebOS developers work with a large spectrum of web and system languages, including JavaScript, Java, ... Security Fuzzing Web Testing
Into The Rabbit Hole: Execution Flow-Based Web Application Testing Matt Wood , Rafal Los Since the caveman first fashioned a spear humans have been using tools to make them ... Security Web Testing
Cracking The Foundation: Attacking Wcf Web Services Brian Holyfield Hacking a web service generally isn't rocket science. But what if the web service requires ... Security Web
Rooting Out The Bad Actors Alex Lanstein Considering the remarkably small number of data centers that host services for those groups who ... Security Malware Botnets
Managed Code Rootkits Ñ Hooking Into Runtime Environments Erez Metula This presentation introduces an underestimated threat of application level rootkit attacks on managed code environments, ... Security Rootkits
Rugged Software: A Value Based Strategy For Improving Our Digital Infrastructure Josh Corman Software has become modern infrastructure. Though we have made progress with tools and frameworks in ... Security Infrastructure
Breaking Zigbee Crypto Travis Goodspeed This lecture describes a vulnerability in the ZigBee Smart Energy Profile stack available from Texas ... Security
Anonymity, Privacy, And Circumvention With Tor In The Real World Jake Appelbaum , Moxie Marlinspike A lot has changed since discussions around digital privacy began. The security community won the ... Security Infrastructure Privacy Community
Practical Return-Oriented Programming Dino Dai Zovi This session will demonstrate the practical applications of return-oriented techniques for exploit payloads against systems ... Security
The Four Types Of Locks, Deviant Ollam Physical security is an oft-overlooked component of data and system security in the technology world. ... Security Access
Drinking From The Firehose: Ten Years Of Vulnerabilities Through The Cve Lens, Steven M. Christey In middle of the 1990's, the disclosure of vulnerabilities frequently occurred on a need-to-know basis. ... Security Media Analysis
Sccp Hacking, Attacking The Ss7 & Sigtran Applications One Step Further And Mapping The Phone System, Philippe Langlois Attacking the SS7 network was fun, but there's a world beyond pure SS7: the phone ... Security
How To Detect Penetration Testers Ron Gula In this talk we will examine the problem of detecting authorized penetration testers from a ... Security Firewall Monitoring
Reverse Engineering Broken Arrows Adam Meyers This session will introduce the concepts of exploit reverse engineering in support of incident response ... Security
Embedded System Hacking And My Plot To Take Over The World Paul Asadoorian It seems that as Moore's law is proven time and time again, we as a ... Security Wireless
Zigbee Hacking And The Kinetic World Josh Wright ZigBee has been established as a low-power wireless protocol, boasting features that make it attractive ... Security Wireless Testing
Neurosurgery With Meterpreter Colin Ames A crucial step in post-exploitation technology is memory manipulation. Metasploit's Meterpreter provides a robust platform ... Security Exploitation
We Found Carmen San Diego Don Bailey Using new resources in concert with new and old telephony tricks, the speakers have been ... Security Access
The Fine Art Of Hari Kari (.Js), And Other Approaches For The Strange Reality Of Web Defense Dan Kaminsky The web is remarkably difficult to secure. Browsers are ornery, powerful creations, and we security ... Security Web
Blackberry Mobile Spyware - The Monkey Steals The Berries (Part Deux) Tyler ( Txs ) Shields Spyware has become a primary tool used in the capture of personal and private data. ... Security Web Others Risk
Pci Done Right And Wrong Dr. Anton Chuvakin , Branden R. Williams We will go through some interesting and teaching examples of PCI DSS controls implemented right ... Security
Involuntary Case Studies In Data Breaches Rich Mogull It's absolutely bass ackwards, but while the bad guys constantly share details of their exploits, ... Security Compliance
Securely Moving Your Business Into The Cloud Alex Stamos Cloud computing has become an irresistible force in the IT industry, due to the unbeatable ... Security Business Cloud
Cloudifornication Redux: Stacked Turtles - Predicting The Future State Of Cloud Computing By Staring Wide-Eyed At The Present Chris Hoff Where and how our data is created, processed, accessed, stored, backed up and destroyed in ... Security Cloud
Why The Google Aurora Attack Will Happen Again. How To Analyze Your Defenses And Stay Out Of The Headlines Vikram Phatak What you donít know can hurt you. NSS Labs will share research findings from our ... Security Analysis
Cloud Security: The Road Ahead Cloud Security Alliance This presentation will provide an overview of strategic cloud security issues today and in the ... Security Cloud
Why Blackhats Always Win Val Chris From the origins of hacking and black hat hackers a new industry called penetration testing ... Security Risk Testing
Motivations And Objectives That Are Shaping Emerging And Future Information Security Threats Max Kilger As the information security threat matrix continues to grow exponentially, there are some important shifts ... Security
Knock, Knock. How Attackers Use Social Engineering To Bypass Your Defenses Lenny Zeltser Why bother breaking down the door if you can simply ask the person inside to ... Security Testing Phishing
Failagain'S Island - The Perils Of Banking In An Island Nation Andrew Hay According to Wikipedia, experts believe that as much as half the world's capital flows through ... Security Monitoring Malware
Protecting Customers From Online Threats Allison Miller New platforms and tools deployed via the web attract innovation, foster collaboration, and for many ... Security Web Privacy
Too Many Cooks Spoil The Broth: How Compliance Regulations Get Made - Panel Discussion David Mortman We've selected an all star panel of folks who have been intimately involved in the ... Security Panel Compliance
Understanding: The Key To Protecting Highly Sensitive Personally Identifiable Information Timothy Brueggemann Protection of Highly Sensitive Personally Identifiable Information (HSPII) data is essential to every organization and ... Security
Legal Aspects Of Computer Network Security And Privacy Robert Clark This presentation reviews the important legal opinions and law review articles of the past year ... Security Privacy Legal
Security Sucks Amit Yoran Security sucks. Ask the CISOs and security managers within government agencies and banks that have ... Security Compliance
Vulnerability Management - How Tough Can It Be? Vulnerabilities Are Identified, Categorized, And Then (Hopefully) Fixed Through Patches Or Upgrades. Simple Enough, Right? Actually, The Process Is Far Carole Fennelly , Hd Moore , Steven M. Christey , Jonathan Klein , Chris ( Weld Pond ) Wysopal , Bob Martin , Kelly Todd This panel will discuss various aspects of the vulnerability management cycle: the assignment of common ... Security Panel
Gain Comfort In Losing Control To The Cloud Randy Barr Cloud solutions are entering mainstream with vendors of all sizes flocking to build and dliver ... Security Cloud
The Realities Of Starting A Security Company - Part I: The Entrepreneurs Raffael Marty , Philippe Langlois , Eugene Kuznetsov , Rob Cheyne , Jonathan Cran Starting a company is difficult! The devil is in the details when it comes to ... Security Panel Business
The Realities Of Starting A Security Company - Part Ii: The Investors Emerson Tan , Jeff Fagnan , John Harthorne , Chris Swan , Vishy Venugopalan , Nick Selby Venture capital can be daunting. Lets dispel myths, and learn about what it takes to ... Security Panel