BlackhatUSA 2011 Aug. 3, 2011 to Aug. 4, 2011, Las Vegas,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote Speaker:10th Anniversary of 9/11 and Lessons Learned for Black Hat Cofer Black N/A
How a Hacker Has Helped Influence the Government - and Vice Versa Peiter "mudge" Zatko Mudge, front man for the L0pht, founder of @stake, author of L0phtCrack, and a pioneer ...
Faces Of Facebook-Or, How The Largest Real ID Database In The World Came To Be Alessandro Acquisti Have online social networks created one of the largest databases of identities in the world? ...
Security When Nano-seconds Count James Arlen There's a brave new frontier for IT Security-a place where "best practices" does not even ...
War Texting: Identifying and Interacting with Devices on the Telephone Network Don Bailey Devices have been attached to the telephone network for years. Typically, we think of these ...
Automated Detection of HPP Vulnerabilities in Web Applications Marco Balduzzi HTTP Parameter Pollution (HPP) is a recent class of web vulnerabilities that consists of injecting ...
Exploiting Siemens Simatic S7 PLCs Dillon Beresford During this presentation we will cover newly discovered Siemens Simatic S7-1200 PLC vulnerabilities. I plan ...
Femtocells: A poisonous needle in the operator's hay stack Nico Golde , Ravishankar Borgaonkar , Kevin Redon Femtocells are an emerging technology deployed by the operators around the world to enhance 3G ...
Post Memory Corruption Memory Analysis Jonathan Brossard In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, ...
Pulp Google Hacking:The Next Generation Search Engine Hacking Arsenal Rob Ragan , Fran Brown Last year's Lord of the Bing presentation stabbed Google Hacking in the heart with a ...
Beyond files undeleting: OWADE Elie Bursztein , Matthieu Martin , Ivan Fontarensky , Jean-michel Picod You recovered a bunch of files from a used hard drive and now what ? ...
Physical Memory Forensics for Cache Jamie Butler , Justin Murdock Physical memory forensics has gained a lot of traction over the past five or six ...
Lives On The Line: Defending Crisis Maps in Libya, Sudan, and Pakistan George Chamales Crisis maps collect and present open source intelligence (Twitter, Facebook, YouTube news reports) and direct ...
Legal Aspects of Cybersecurity(AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my (alleged) answers Robert Clark The past year has recently gotten really busy. Jailbreaking and Sony are going places not ...
Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption Dino Dai Zovi As the popular smartphone platforms have increased in popularity with consumers, many enterprises and businesses ...
Mobile Malware Madness, and How To Cap the Mad Hatters Neil Daswani This talk surveys mobile malware (such as DroidDream, Ikee, and Zitmo) that have recently infected ...
Tamper Evident Seals: Design and Security Datagram Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. Defcon ...
USB: Undermining Security Barriers Andy Davis Although the concept of identifying and exploiting vulnerabilities in USB drivers is not new, the ...
Bit-squatting: DNS Hijacking without exploitation Artem Dinaburg Barring deliberate sabotage, we generally assume that computer hardware will work as described. This assumption ...
Virtualization Under Attack: Breaking out of KVM Nelson Elhage KVM, the Linux Kernel Virtual Machine, seems destined to become the dominant open-source virtualization solution ...
Exploiting the iOS Kernel Stefan Esser The iPhone user land is locked down very tightly by kernel level protections. Therefore any ...
Spy-Sense: Spyware Tool for Executing Stealthy Exploits Against Sensor Networks Thanassis Giannetsos As the domains of pervasive computing and sensor networking are expanding, a new era is ...
The Law of Mobile Privacy and Security Jennifer Granick Increasingly, individuals use mobile devices to communicate and access the internet. Mobile security is thus ...
PANEL: Trillions of Lines of Code and Counting: Securing Applications At Scale Alex Hutton , Jeremiah Grossman , Brad Arkin , Adrain Lane , John Johnson As the entire computer security industry is fully and painfully aware, applications are the #1 ...
Smartfuzzing The Web: Carpe Vestra Foramina Nathan Hamiel , Gregory Fleischer , Justin Engler , Seth Law It can be scary to think about how little of the modern attack surface many ...
Hacking Google Chrome OS Kyle Osborn , Matt Johansen Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company ...
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Kevin Johnson , Tom Eston , Joshua Abraham Over the years web services have become an integral part of web and mobile applications. ...
Black Ops of TCP/IP 2011 Dan Kaminsky Remember when networks represented interesting targets, when TCP/IP was itself a vector for messiness, when ...
Chip & PIN is definitely broken Andrea Barisani , Daniele Bianco , Zac Franken , Adam ( Major Malfunction ) Laurie Credit Card skimming and PIN harvesting in an EMV world. We analyze the practicality of ...
ARM exploitation ROPmap Long Le , Thanh Nguyen It is no doubt that ARM will be the next mainstream of exploitation with hundred ...
Don't Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle Anthony Lineberry , Tim Wyatt , Tim Strazzere A new Android vulnerability is discovered today. When will the phone in your pocket be ...
Hacking and Forensicating an Oracle Database Server David Litchfield N/A
Windows Hooks of Death: Kernel Attacks Through User-Mode Callbacks Tarjei Mandt 15 years ago, Windows NT 4.0 introduced Win32k.sys to address the inherent limitations of the ...
SSL And The Future Of Authenticity Moxie Marlinspike In the early 90's, at the dawn of the World Wide Web, some engineers at ...
Hacking .Net Applications: The Black Arts Jon Mccoy This presentation will cover the Black Arts of Cracks, KeyGens, Malware on .NET Framework applications. ...
Covert Post-Exploitation Forensics With Metasploit Robert Mcgrew In digital forensics, most examinations take place after the hardware has been physically seized (in ...
Vulnerabilities of Wireless Water Meter Networks John Mcnabb Why research wireless water meters? Because they are a potential security hole in a critical ...
Battery Firmware Hacking Charlie Miller Ever wonder how your laptop battery knows when to stop charging when it is plugged ...
Owning the Routing Table: New OSPF Attacks Gabi Nakibly The holy grail of routing attacks is owning the routing table of a router. We ...
Reviving Smart Card Analysis Karsten Nohl , Chris Tarnovsky Smart cards chips -- originally invented as a protection for cryptographic keys -- are increasingly ...
Sophail: A Critical Analysis of Sophos Antivirus Tavis Ormandy Antivirus vendors often assert they must be protected from scrutiny and criticism, claiming that public ...
Exploiting USB Devices with Arduino Greg Ose Hardware devices are continually relied upon to maintain a bridge between physical and virtual security. ...
Microsoft Vista: NDA-less The Good, The Bad, and The Ugly Chris Paget Five years ago I signed one of the most draconian Non-Disclosure Agreements in the computer ...
Aerial Cyber Apocalypse: If we can do it... they can too. Richard Perkins , Mike Tassey What could a low observable autonomous aircraft carrying 10 pounds of cyber-attack tools do to ...
A Crushing Blow At the Heart of SAP J2EE Engine Alexander mikhailovich Polyakov Nowadays SAP NetWeaver platform is the most widespread platform for developing enterprise business applications. It's ...
Crypto for Pentesters Thomas Ptacek , Michael Tracy Some people, when confronted with a problem, think "I know, I'll use cryptography." Now they ...
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System Jerome Radcliffe As a diabetic, I have two devices attached to me at all times; an insulin ...
Attacking Clientside JIT Compilers Chris Rohlf , Yan Ivnitskiy Just-In-Time (JIT) compilers help power most modern web browsers and are prevalent in interpreted virtual ...
Analyzing SPDY: Getting to know the new web protocol Thomas Roth SPDY is Googles approach to a new standard-protocol for the web. As a replacement for ...
Playing In The Reader X Sandbox Paul Vincent Sabanal , Mark Vincent Yason In an effort to mitigate the effects of successful exploitation of Adobe Reader vulnerabilities, Adobe ...
Inside Apple's MDM Black Box David Schuetz Mobile Device Management (MDM) has become a hot topic as organizations are pressured to bring ...
Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex Shreeraj Shah Hacking browser components by Reverse Engineering is emerging as the best way of discovering potential ...
PANEL: Owning Your Phone at Every Layer Anthony Lineberry , Don Bailey , Nick Depetrillo , Tyler ( Txs ) Shields , Chris Wysopal , Charlie Miller , Dino Dai Zovi , Ralf-Philipp Weinmann According to IDC, 100 million smartphones were shipped in the fourth quarter of 2010, compared ...
Sour Pickles Marco Slaviero Python's Pickle module provides a known capability for running arbitrary Python functions and, by extension, ...
Macs in the Age of the APT Alex Stamos , Aaron Grattafiori , Tom Daniels , Paul Youn , B.j. Orvis The term "Advanced Persistent Threat" has been wildly overused, often by intrusion victims attempting to ...
Server-Side JavaScript Injection: Attacking NoSQL and Node.js Bryan Sullivan Fallout from the browser wars has given us blazingly fast JavaScript engines - engines so ...
Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers Michael Sutton Today, everything from kitchen appliances to television sets come with an IP address. Network connectivity ...
Staring into the Abyss: The Dark Side of Security and Professional Intelligence Richard Thieme Nothing is harder to see than things we believe so deeply we don't even see ...
Weapons of Targeted Attack: Modern Document Exploit Techniques Sung-ting Tsai , Ming-chieh Pan The most common and effective way is using document exploit in the targeted attack. Due ...
Constant Insecurity: Things you didn't know about (PE) Portable Executable file format Mario Vuksan , Tomislav Pericin One constant challenge of modern security will always be the difference between published and implemented ...
Sticking to the Facts: Scientific Study of Static Analysis Tools Chuck Willis , Kris Britton The National Security Agency's Center for Assured Software (CAS) researches tools and techniques that can ...
The Rustock Botnet Takedown Julia Wolf , Alex Lanstein The Rustock botnet operated for several years, and at several times was the largest operating ...
Vulnerability Extrapolation or 'Give me more Bugs like that, please? Fabian "fabs" Yamaguchi Security researchers and vendors alike know the situation: A vulnerability has been identified but it ...
WORKSHOP - Investigating Live CDs using Volatility and Physical Memory Analysis Andrew Case Traditional digital forensics encompasses the examination of data from an offline or "dead" source such ...
WORKSHOP - Easy and quick vulnerability hunting in Windows Cesar Cerrudo This short workshop will teach attendees how to easily and quickly find vulnerabilities in Windows ...
WORKSHOP - Binary Instrumentation Workshop for Security Experts Gal Diskin Binary instrumentation, in particular dynamic binary instrumentation (DBI), is a valuable tool for hackers and ...
WORKSHOP - Infosec 2021: A Career Odyssey Lee Kushner , Mike Murray "There is no doubt that the future looks promising for Information Security professionals. Slowly but ...
WORKSHOP - Advanced Wi-Fi Security Penetration Testing Vivek Ramachandran This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis ...
WORKSHOP - Breaking Encryption in the Cloud: Cheap, GPU Assisted Supercomputing for Everyone Thomas Roth It has been known since some time now that the massive parallel architecture of modern ...
WORKSHOP - Zero Day Malware Cleaning with the Sysinternals Tools Mark Russinovich Learn how to analyze and clean zero day malware using the Sysinternals tools directly from ...
WORKSHOP - Pentesting the Smart Grid Justin Searle This workshop will take a deep dive into the penetration testing of the hardware and ...
WORKSHOP - The Art of Exploiting Lesser Known Injection Flaws Sumit "sid" Siddharth , Aleksander Gorkowienko OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical ...
Affiliate Programs: Legitimate Business or Fuelling Cybercrime? Bradley Anstis The market appears to have made some progress in fighting cybercrime, spam and all the ...
Overcoming iOS Data Protection to Re-enable iPhone Forensic Andrey Belenko Data protection is a feature available for iOS 4 devices with hardware encryption: iPhone 4, ...
PPI-Geolocation: The Next Generation of 802.11 Visualization and Geo-Location Johnny Cache Johnny will present his results of his latest R&D efforts: PPI-Geo location. PPI-Geolocation is a ...
Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities Sandy Clark Good programmers write code, great programmers reuse" is one of the most well known truisms ...
The Troika of E-Discovery: Ethics, ESI, and Expertise in a Web 2.0 World Richard Costa A primer of the 20 most recent "e-discovery" legal court decisions concisely covered in 20 ...
Killing the Myth of Cisco IOS Diversity: Towards Reliable, Large-Scale Exploitation of Cisco IOS Ang Cui , Salvatore Stolfo , Jatin Kataria iOS firmware diversity, the unintended consequence of a complex firmware compilation process, has historically made ...
IEEE Software Taggant System Igor Muttik , Mark Kennedy Packed files are a huge problem in the software security world. Many attackers use packers ...
OAuth Securing the Insecure Khash Kiani OAuth is an emerging open-web specification for a growing number of organizations to access protected ...
Heap Spray Detection with Heap Inspector Aaron Lemasters HeapInspector is a heap visualization and analysis tool. It has the ability to collect a ...
From Redmond with Love! Katie Moussouris In 2008, people thought we'd lost our minds when we announced three strategic programs: sharing ...
Function Rerouting from Kernel Land "Hades" Jason Raber Hades is a function rerouting tool that will subvert Windows application functions from the Kernel ...
The Ultimate Study of Real-Life SSL Issues Ivan Ristic Big breaches make for interesting headlines, but in real life it's the small stuff that's ...