Black Hat USA 2011

Black Hat USA 2011 //schedule

Caesars Palace Las Vegas, NV - July 30 - August 4

   day one /USA2011( August 3 )

Day1 //Track 1 //Track 2 //Track 3 //Track 4 //Track 5 //Track 6 //Track 7 //Track 8 //Track 9
0800 - 0850 registration breakfast
TRACK //Bit Flow //Threat Intel //Next-Gen Web //Breaking Software //Embedded Exploitation //Turbo Talks //Deeper Analysis //Applied Knowledge Workshop
Alpha		 //Applied Knowledge Workshop
Beta
Room Augustus I + II Augustus III + IV Augustus V + VI Roman Pompeian Florentine Milano I - IV Milano V - VIII Neopolitan I - IV
0850 - 0900 + jeff moss: welcome & introduction to black hat usa 2011
0900 - 0950 +  keynote speaker: cofer black // 10th anniversary of 9/11 and lessons learned for black hat // augustus ballroom
0950 - 1000 + break
1000 - 1100 Don A. Bailey:
War Texting: Identifying and Interacting with Devices on the Telephone Network 		Alex Stamos + Aaron Grattafiori + Tom Daniels :
Macs in the Age of the APT 		Thomas Roth:
Analyzing SPDY: Getting to know the new web protocol 		Jon McCoy:
Hacking .Net Applications: The Black Arts 		Karsten Nohl + Chris Tarnovsky:
Reviving smart card analysis 		Ang Cui + Jatin Kataria + Salvatore Stolfo:
Killing the Myth of Cisco IOS Diversity: Towards Reliable, Large-Scale Exploitation of Cisco IOS
Aaron LeMasters
Heap spray detection with Heap Inspector 		Mario Vuksan + Tomislav Pericin:
Constant Insecurity: Things you didn't know about (PE) Portable Executable file format 		Cesar Cerrudo:
Easy and quick vulnerability hunting in Windows 		Vivek Ramachandran:
Advanced Wi-Fi Security Penetration Testing
1100 - 1115 + coffee service
1115 - 1230 Gabi Nakibly:
Owning the Routing Table - New OSPF Attacks 		Sung-ting Tsai + Ming-chieh Pan:
Weapons of Targeted Attack: Modern Document Exploit Techniques 		Matt Johansen + Kyle Osborn:
Hacking Google Chrome OS 		Chris Rohlf + Yan Ivnitskiy:
Attacking Clientside JIT Compilers 		John McNabb:
Vulnerabilities of Wireless Water Meter Networks 		Mark Kennedy + Igor Muttik:
IEEE Software Taggant System
Richard Costa:
The Troika of E-Discovery: Ethics, ESI, and Expertise in a Web 2.0 World
Andrey Belenko:
Overcoming iOS Data Protection to Re-enable iPhone Forensic 		Jamie Butler + Justin Murdock:
Physical Memory Forensics for Cache 		Cesar Cerrudo:
Easy and quick vulnerability hunting in Windows con't 		Vivek Ramachandran:
Advanced Wi-Fi Security Penetration Testing con't
1230 - 1345 + lunch
1345 - 1500 Dan Kaminsky:
Black Ops of TCP/IP 2011 		Julia Wolf:
The Rustock Botnet Takedown 		Bryan Sullivan:
Server-Side JavaScript Injection: Attacking NoSQL and Node.js 		Tarjei Mandt:
Windows Hooks of Death: Kernel Attacks Through User-Mode Callbacks 		Dillon Beresford:
Exploiting Siemens Simatic S7 PLCs 		Katie Moussouris:
From Redmond with Love!
Joe Skehan
SSH as the next back door. Are you giving hackers root access?		 Elie Bursztein + Ivan Fontarensky + Matthieu Martin + Jean-Michel Picod:
Beyond files undeleting. 		Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws 		Gal Diskin:
Binary Instrumentation workshop for security experts
1500 - 1515 + break
1515 - 1630 Ravi Borgaonkar + Nico Golde + Kevin Redon:
Femtocells: A poisonous needle in the operator's hay stack 		datagram:
Tamper Evident Seals - Design and Security 		Shreeraj Shah:
Reverse Engineering Browser Components - Dissecting and Hacking Silverlight, HTML 5 and Flex 		Dino Dai Zovi:
Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption 		Thanassis Giannetsos:
Spy-Sense: Spyware Tool for executing Stealthy Exploits against Sensor Networks 		Ivan Ristic:
The Ultimate Study of Real-Life SSL Issues
Jason Raber:
Function Rerouting from Kernel Land "Hades"
Khash Kiani
OAuth - Securing the Insecure 		Robert McGrew:
Covert Post-Exploitation Forensics With Metasploit 		Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws con't 		Gal Diskin:
Binary Instrumentation workshop for security experts con't
1630 - 1645 + coffee service
1645 - 1800 Artem Dinaburg:
Bit-squatting: DNS Hijacking without exploitation 		Richard Perkins + Mike Tassey:
Aerial Cyber Apocalypse: If we can do it... they can too. 		Fran Brown + Rob Ragan:
Pulp Google Hacking - The Next Generation Search Engine Hacking Arsenal 		Paul Sabanal + Mark Yason:
Playing In The Reader X Sandbox 		Long Le + Thanh Nguyen:
ARM exploitation ROPmap 		Sandy Clark:
Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities
Bradley Anstis:
Affiliate Programs: Legitimate Business or Fuelling Cybercrime?
Johnny Cache
PPI-Geolocation: The next generation of 802.11 visualization and geo-location 		Jonathan Brossard:
Post Memory Corruption Memory Analysis 		Sumit Siddharth:
The Art of Exploiting Lesser Known Injection Flaws con't 		Gal Diskin:
Binary Instrumentation workshop for security experts con't
1800 - 1930 reception & hacker court
1815 - 1900 pwnie awards
1900-2200 circuit – third floor

   day two /USA2011( August 4 )

Day1 //Track 1 //Track 2 //Track 3 //Track 4 //Track 5 //Track 6 //Track 7 //Track 8 //Track 9
0800 - 0850 registration breakfast
TRACK //The World at Large //Enterprise Concerns //Scoping the Issue //Web Hacking //Expanding Complexity //Building 127.0.0.1 //The Mobile Track //Applied Knowledge Workshop
Alpha		 //Applied Knowledge Workshop
Beta
Room Augustus I + II Augustus III + IV Augustus V + VI Roman Pompeian Florentine Milano I - IV Milano V - VIII Neopolitan I - IV
0850 - 0950 +  keynote speaker: peiter "mudge" zatko // how a hacker has helped influence the government - and vice versa // augustus ballroom
0900 - 0950 + break
1000 - 1100 Robert Clark:
Legal Aspects of Cybersecurity - (AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my (alleged) answers 		Nelson Elhage:
Virtualization under attack: Breaking out of KVM 		Jeremiah Grossman + Brad Arkin + Alex Hutton + Adrain Lane + John Johnson:
Trillions of Lines of Code and Counting - Securing Applications At Scale 		Kevin Johnson + Tom Eston + Joshua Abraham:
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers 		Andy Davis:
USB - Undermining Security Barriers 		Chris Paget:
Microsoft Vista: NDA-less The Good, The Bad, and The Ugly 		Riley Hassell + Shane Macaulay:
Hacking Androids for Profit 		Mark Russinovich:
Zero Day Malware Cleaning with the Sysinternals Tools 		Thomas Roth:
Breaking Encryption in the cloud: Cheap, GPU assisted supercomputing for everyone
1100 - 1115 + coffee service
1115 - 1230 Jennifer Granick:
The Law of Mobile Privacy and Security 		Michael Sutton:
Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers 		Tavis Ormandy:
Sophail: A Critical Analysis of Sophos Antivirus 		Marco Slaviero :
Sour Pickles 		Charlie Miller:
Battery Firmware Hacking 		Richard Thieme:
Staring into the Abyss: The Dark Side of Secuirity and Professional Intelligence 		Stefan Esser:
Exploiting the iOS Kernel 		Mark Russinovich:
Zero Day Malware Cleaning with the Sysinternals Tools con't 		Thomas Roth:
Breaking Encryption in the cloud: Cheap, GPU assisted supercomputing for everyone con't
1230 - 1345 + lunch
1345 - 1500 Moxie Marlinspike:
SSL And The Future Of Authenticity 		David Schuetz:
Inside Apple's MDM Black Box		 James Arlen:
Security When Nano-seconds Count 		Thomas Ptacek:
Crypto for Pentesters 		Greg Ose:
Exploiting USB Devices with Arduino 		Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey 		Tyler Shields + Anthony Lineberry + Charlie Miller + Chris Wysopal + Dino Dai Zovi + Ralf-Phillipp Weinmann + Nick Depetrillo + Don Bailey:
Owning Your Phone at Every Layer - A Mobile Security Panel 		Justin Searle:
Pentesting the Smart Grid 		Andrew Case:
Investigating Live CDs using Volatility and Physical Memory Analysis
1500 - 1515 + break

Booksigning with Mark Russinovich and his book "Zero Day: A Novel"
1515 - 1630 Alessandro Acquisti:
Faces Of Facebook - Or, How The Largest Real ID Database In The World Came To Be 		Alexander Polyakov:
A Crushing Blow At The Heart of SAP J2EE Engine 		Fabian Yamaguchi:
Vulnerability Extrapolation or 'Give me more Bugs like that, please!' 		Nathan Hamiel + Justin Engler + Seth law + Gregory Fleischer:
Smartfuzzing The Web: Carpe Vestra Foramina 		Jerome Radcliffe:
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System 		Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey con't 		Anthony Lineberry + Tim Strazzere + Tim Wyatt:
Don't Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle 		Justin Searle:
Pentesting the Smart Grid con't 		Andrew Case:
Investigating Live CDs using Volatility and Physical Memory Analysis con't
1630 - 1645 + coffee service
1645 - 1800 George Chamales:
Lives On The Line: Defending Crisis Maps in Libya, Sudan, and Pakistan 		David Litchfield:
Hacking and Forensicating an Oracle Database Server 		Chuck Willis + Kris Britton:
Sticking to the Facts: Scientific Study of Static Analysis Tools 		Marco Balduzzi:
Automated Detection of HPP Vulnerabilities in Web Applications 		Adam Laurie + Zac Franken + Andrea Barisani + Daniele Bianco:
Chip & PIN is definitely broken 		Lee Kushner + Mike Murray:
InfoSec 2021 - A Career Odyssey con't 		Neil Daswani:
Mobile Malware Madness, and How To Cap the Mad Hatters by 		Justin Searle:
Pentesting the Smart Grid con't		 Andrew Case
Investigating Live CDs using Volatility and Physical Memory Analysis con't