Black Hat Digital Self Defense USA 2006

Black Hat USA 2007 Main Conference Overview

Black Hat Briefings Speakers Black Hat Briefings Schedule Black Hat Sponsors Black Hat Training Black Hat Hotel & Venue Black Hat FAQ Black Hat Registration
Black Hat Briefings Registration Hours
Tuesday, July 31, 17:00 - 21:00
Wednesday, August 1, 08:00 - 18:00
Thursday, August 2, 08:00 - 18:00
July 31 • Informal gathering at 18:00. Gather at the Registration Desk.
This is a great time to meet and network with friends, colleagues and the speakers.
Day 1 • August 1, 2007
08:00 - 08:50
Registration and Continental Breakfast: Fourth Floor Palace Tower Convention Floor sponsored by

Black Hat Sponsor: Core Technologies

08:50 - 09:00 Introduction, Jeff Moss
09:00 - 09:50

Palace Ballroom 1

Keynote: A Story About Digital Security in 2017
Richard Clarke

Augustus Ballroom 1

Keynote: The NSA Information Assurance Directorate and the National Security Community
Tony Sager

09:50 - 10:00

Break & Booksigning with Richard Clarke, author of "Breakpoint"

Location & Times

Voice Services Security

The Network

Kernel Down

Application Security

Forensics & Anti-Forensics

Zero Day Attack

Privacy & Anonymity

Cool Stuff

Human Network

Augustus 5+6

Augustus 3+4

Augustus 1+2

Palace 1

Palace 2

Palace 3

Tiberius Ballroom 1+2+5+6

Tiberius Ballroom 3+4+7+8

Claudius 3+4

10:00 - 11:00

Something Old (H.323), Something New (IAX), Something Hollow (Security), and Something Blue (VoIP Administrators)

Himanshu Dwivedi & Zane Lackey

Black Ops 2007: Design Reviewing The Web

Dan Kaminksy

OpenBSD Remote Exploit

Alfredo Ortega

Intranet Invasion With Anti-DNS Pinning

David Byrne

A Picture's Worth...

Dr. Neal Krawetz

Understanding the Heap by Breaking It

Justin N. Ferguson

Traffic Analysis—The Most Powerful and Least Understood Attack Methods

Jon Callas, Raven Alder, Riccardo Bettati & Nick Mathewson

Kick Ass Hypervisoring: Windows Server Virtualization

Brandon Baker

11:00 - 11:15

Coffee Service: Fourth Floor Palace Tower Promenade sponsored by

Black Hat Sponsor: Microsoft

Booksigning with Mark Dowd & John McDonald, authors of "The Art of Software Security Assessment"

11:15 - 12:30


Phil Zimmermann

PISA: Protocol Identification via Statistical Analysis

Rohit Dhamankar & Rob King

Don't Tell Joanna, The Virtualized Rootkit Is Dead

Thomas Ptacek & Nate Lawson

Hacking Intranet Websites from the Outside (Take 2)—"Fun With and Without JavaScript Malware"

Jeremiah Grossman & Robert Hansen

Database Forensics

David Litchfield

Remote and Local Exploitation of Network Drivers

Yuriy Bulygin

Anonymous Authentication— Preserving Your Privacy Online

Dr. Andrew Lindell

It's All About The Timing

Haroon Meer & Marco Slaviero

12:30 - 13:45

Lunch: Pavilion at Caesars sponsored by

Black Hat Sponsor: Symantec

Booksigning with Jeremiah Grossman, author of "Cross Site Scripting (XSS)" (12:30-12:45)

13:45 - 15:00

VoIP Security: Methodology and Results

Barrie Dempster

OpenID: Single Sign-On for the Internet

Eugene Tsyrklevich & Vlad Tsyrklevich

Kernel Wars

Joel Eriksson, Christer Öberg, Claes Nyberg & Karl Janmar

Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

Brad Hill

SQL Server Database Forensics

Kevvie Fowler

Timing Attacks for Recovering Private Entries From Database Engines

Ariel Waissbein & Damian Saura

Securing the Tor Network

Mike Perry

Tactical Exploitation (Part 1)

15:00 - 15:15

Coffee Service: Fourth Floor Palace Tower Promenade sponsored by

Black Hat Sponsor: Norman

Booksigning with Michael Sutton, Pedram Amini, Adam Greene, authors of "Fuzzing: Brute Force Vulnerability Discovery"

15:15 - 16:30

Transparent Weaknesses in VoIP

Peter Thermos


Attacking the Windows Kernel

Jonathan Lindsay

Premature Ajax-ulation

Bryan Sullivan & Billy Hoffman

Blackout: What Really Happened...

Jamie Butler & Kris Kendall

Dangling Pointer

Jonathan Afek

Tor and Blocking-resistance

Roger Dingledine

Tactical Exploitation (Part 2)

HD Moore & Valsmith

16:30 - 16:45

Coffee Service: Fourth Floor Palace Tower Promenade sponsored by

Black Hat Sponsor: Cisco

Booksigning with Johnny Long, Tim Mullen and Ryan Russell, authors of "Stealing the Network: How to Own a Shadow"

16:45 - 18:00

Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

Krishna Kurapati


Dror-John Roecher & Michael Thumann

IsGameOver(), anyone?

Joanna Rutkowska & Alexander Tereshkin

CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript

Ben Feinstein & Daniel Peck

Breaking Forensics Software: Weaknesses in Critical Evidence Collection

Chris Palmer, Tim Newsham, Alex Stamos & Chris Ridder

Other Wireless: New ways of being Pwned

Luis Miras

Anonymity and its Discontents

Len Sassaman

Observing the Tidal Waves of Malware

Stefano Zanero

Executive Women's Forum


18:00 - 20:00

Hosted Gala Reception: Eat, Drink, Network and be Merry! Location: Palace Tower Promenade

Johnny Long presents "No-Tech Hacking" in Palace 1 beginning at 18:15.
Hacker Court in Palace 2 beginning at 18:15

Reception sponsored by

Black Hat Sponsor: Red Lambda

sponsor: RIM
Sponsor: netForensics
Sponsor: Vantos
Sponsor: BigFix

19:00 - 22:00

Third Annual Black Hat No Limit Hold ‘Em Poker Tournament. Register at Location: Claudius I & II, Third Floor. Vendors ineligible. Hosted by:

Black Hat Sponsor: Red Lambda

Day 2 • August 2, 2007
08:00 - 09:00
Registration and Continental Breakfast: Fourth Floor Palace Tower Promenade sponsored by

Location & Times

Good Stuff


Reverse Engineering

Fuzzing & Testing

Application Security

Zero Day Defense

Policy, Management and the Law

Human Network

Turbo Talks

Augustus 5+6

Augustus 3+4

Augustus 1+2

Palace 2

Palace 1

Palace 3

Tiberius Ballroom 1+2+5+6

Claudius 3+4

Tiberius Ballroom 3+4+7+8

09:00 - 09:50

Keynote: The Psychology of Security
Bruce Schneier

09:50 - 10:00 Break & Booksigning with Bruce Schneier, author of "Beyond Fear" and "Secrets & Lies"
10:00 - 11:00

Vista Network Attack Surface Analysis and Teredo Security Implications

Jim Hoagland

Hacking the Extensible Firmware Interface

John Heasman

Covert Debugging: Circumventing Software Armoring Techniques

Danny Quist & Valsmith

Exposing Vulnerabilities in Media Software

David Thiel

Building and Breaking the Browser

Window Snyder & Mike Shaver

Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook

David Maynor & Robert Graham

Computer and Internet Security Law—A Year in Review 2006–2007

Robert W. Clark


Social Network Site Data Mining

Stephen Patton

10:00 - 10:20

Point, Click, RTPInject

Zane Lackey, & Alex Garbutt

10:30 - 10:50

11:00 - 11:15
Coffee Service: Fourth Floor Palace Tower Promenade sponsored by

Black Hat Sponsor: IOActive

Booksigning with Chris Wysopal, Dino Dai Zovi & Lucas Nelson, authors of "The Art of Software Security Testing"

11:15 - 12:30

Stealth Secrets of the Malware Ninjas

Nick Harbour

Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

Andrea Barisani & Daniele Bianco

The Art of Unpacking

Mark Vincent Yason

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing

Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch

The Little Hybrid Web Worm that Could

Billy Hoffman & John Terrill

A Dynamic Technique for Enhancing the Security and Privacy of Web Applications

Ezequiel D. Gutesman & Ariel Waissbein

Disclosure and Intellectual Property Law: Case Studies

Jennifer Granick

Meet the VCs


Just Another Windows Kernel Perl Hacker

Joe Stewart

11:15 - 11:35

The Security Analytics Project: Alternatives in Analysis

Mark Ryan del Moral Talabis

11:45 - 12:05

Unforgivable Vulnerabilities

Steve Christey

12:15 - 12:35

12:30 - 13:45

Lunch: Pavilion at Caesars sponsored by

Black Hat Sponsor: Red Lambda

Booksigning with Neal Krawetz, author of "Introduction to Network Security"

13:45 - 15:00

Estonia: Information Warfare and Strategic Lessons

Gadi Evron

RFIDIOts!!!– Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)

Adam Laurie

PyEmu: A multi-purpose scriptable x86 emulator

Cody Pierce

Blind Security Testing—An Evolutionary Approach

Scott Stender

Active Reversing: The Next Generation of Reverse Engineering

Greg Hoglund

Sphinx: An Anomaly-based Web Intrusion Detection System

Damiano Bolzoni & Emmanuel Zambon

Greetz from Room 101

Kenneth Geers

Spyware 2010: Center for Democracy & Technology Anti-Spyware Coalition


Reflection DNS Poisoning

Jerry Schneider

13:45 - 14:05

Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage

Jeff Morin

14:15 - 14:35

Hacking Capitalism

Dave G., & Jeremy Rauch

14:45 - 15:05

15:00 - 15:15

Coffee Service: Fourth Floor Palace Tower Promenade sponsored by

Black Hat Sponsor: SC Magazine

Booksigning with Brian Chess & Jacob West, authors of "Secure Programming with Static Analysis"

15:15 - 16:30

Meet the Fed

Jim Christy

Strengths and Weaknesses of Access Control Systems

Eric Schmiedl & Mike Spindel

Breaking C++ Applications

Mark Dowd, John McDonald, Neel Mehta

Fuzzing Sucks! (or Fuzz it Like you Mean it!)

Pedram Amini & Aaron Portnoy

Heap Feng Shui in JavaScript

Alexander Sotirov

(un)Smashing the Stack

Shawn Moyer

Building an Effective Application Security Practice on a Shoestring Budget

David Coffey & John Viega

Defeating Information Leak Prevention

Eric Monti & Dan Moniz

Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004–2007

Greg Wroblewski

15:15 - 15:35

Longhorn Server Foundation & Server Roles

Iain McDonald

15:45 - 16:05

Practical Sandboxing - Techniques for Isolating Processes

David LeBlanc

16:15 - 16:35

16:30 - 16:45
Coffee & Ice Cream Service: Fourth Floor Palace Tower Promenade sponsored by

16:45 - 18:00

Status of Cell Phone Malware in 2007

Mikko Hypponen

Side Channel Attacks (DPA) and Countermeasures for Embedded Systems

Job De Haas

Reversing C++

Paul Vincent Sabanal

Iron Chef Blackhat

Brian Chess, Jacob West, Sean Fay & Toshinari Kureha

Defeating Web Browser Heap Spray Attacks

Stephan Chenette & Moti Joseph

Static Detection of Application Backdoors

Chris Wysopal & Chris Eng

Smoke 'em Out!

Rohyt Belani & Keith Jones

Ethics Challenge!


Hacking Leopard: Tools and techniques for attacking the newest Mac OS X

Charlie Miller

16:45 - 17:05

RFID for Beginners++

Chris Paget

17:15 - 17:35

Reverse Engineering Automation with Python

Ero Carrera

17:45 - 18:05

sponsor: Ounce Labs
sponsor: Configuresoft
Black Hat Sponsor: TriGeo
Black Hat Sponsor: Cenzic
sponsor: Aruba
sponsor: Aruba
Conference-At-A-Glance EWF Reception



Poker Tournament

Press Room

Wireless Access

Note that this schedule is subject to change.

Wireless internet access is available during the show. Bring your wireless cards.

Attendees must wear badges at all times in the conference areas. Badges and/or conference proceedings that are lost or reported stolen will incur a $500 replacement fee.
All attendees must be 18 years of age or older to be on the conference floor.

Have a question about your registration, or the conference in general? Try our FAQ.

Black Hat Logo
(c) 1996-2007 Black Hat