Black Hat Briefings USA 08 Schedule

Day One • August 6, 2008

Skip to Day 2

08:00 to 08:50 Regisration and Continental Breakfast: Fourth Floor Palace Tower Convention Floor - sponsored by
08:50 to 09:00 Introduction by Black Hat Founder and Director, Jeff Moss
09:00 to 09:50 Keynote Ian Angell Professor of Information Systems, London School of Economics - "Complexity in Computer Security - a Risky Business"
09:50 to 10:00 Break
Root Kits Roman Ballroom	0-Day Palace 1	App Sec 1.0/2.0 Augustus 3&4	Bots & Malware Palace 3	Deep Knowledge Florentine 1-4	The Network Augustus 5&6	Over The Air Augustus 1&2	Reverse Engineering Palace 2
10:00 to 11:00
Deeper Door: Exploiting the NIC Chipset Sherri Sparks, Shawn Embleton	Pointers and Handles Alex Ionescu	AppSec A-Z Jared DeMott	Bad Sushi: Beating Phishers at Their Own Game Nitesh Dhanjani, Billy K Rios	When Lawyers Attack: Dealing With the New Rules of Electronic Discovery John Benson	Nmap: Scanning the Internet Fyodor Vaskovich	Mobitex Network Security olle B	Next Generation Collaborative Reversing with Ida Pro and CollabREate Chris Eagle Tim Vidas
11:00 to 11:15
Coffee Service: Fourth Floor Palace Tower Convention Floor - sponsored by
11:15 to 12:30
A New Breed of Rootkit: The System Management Mode (SMM) Rootkit Shawn Embleton, Sherri Sparks	Attacking the Vista Heap Ben Hawkes	AppSec A-Z Jared DeMott	Jinx - Malware 2.0 Itzik Kotler, Jonathan Rom	When Lawyers Attack: Dealing With the New Rules of Electronic Discovery John Benson	Leveraging the Edge: Abusing SSL VPNs Mike Zusman	Highway to Hell: Hacking Toll Systems Nate Lawson	Decompilers and Beyond Ilfak Guilfanov
12:30 to 13:45
Lunch: Pavillion at Caesars - sponsored by
13:45 to 15:00
Insane Detection of Insane Rootkits Yuriy Bulygin	Cisco IOS Shellcodes/ Backdoors Gyan Chawdhary Varun Uppal	Client-side Security Petko D. Petkov	Protocols and Encryption of the Storm Botnet Joe Stewart	Iron Chef: Fuzzing Challenge Jacob West Charlie Miller Geoff Morrison Jacob Honoroff Sean Fay Brian Chess	The Four Horsemen of the Virtualization Security Apocalypse Christofer Hoff	Software Radio and the Future of Wireless Security Michael Ossmann	Temporal Reverse Engineering Danny Quist Colin Ames
15:15 to 16:30
Viral Infections on Cisco IOS Sebastian Muniz	Return-Oriented Programming: Exploits Without Code Injection Hovav Shacham	Living in the RIA World Alex Stamos David Thiel Justine Osborne	Xploiting Google Gadgets: Gmalware and Beyond Tom Stracener	Iron Chef: Fuzzing Challenge Jacob West Charlie Miller Geoff Morrison Jacob Honoroff Sean Fay Brian Chess	Active 802.11 Fingerpinting Sergey Bratus Daniel Peebles Cory Cornelius Axel Hansen	Bluetooth v2.1 - a New Security Infrastructure and New Vulnerabilities Andrew Lindell	RE:Trace - Applied Reverse Engineering on OS X Tiller Beauchamp David Weston
16:30 to 16:45
Coffee Service: Fourth Floor Palace Tower Promenade - sponsored by
16:45 to 18:00
iRK - Crafting OS X Kernel Rootkits Jesse D'Aguanno	Reverse DNS Tunneling Shellcode Ty Miller	FLEX, AMF 3 and BlazeDS: An Assessment Jacob Carlson Kevin Stadmeyer	Xploiting Google Gadgets: Gmalware and Beyond Tom Stracener	MetaPost Explanation Val Smith	Malware Detection Through Network Flow Analysis Bruce Potter	New Classes of Security and Privacy Vulnerabilities for Implantable Wireless Medical Devices Tadayoshi Kohno Kevin Fu	Alternative Medicine: The Malware Analyst's Blue Pill Paul Royal

Day Two • August 7, 2008

Up to Day 1

08:00 to 08:50 Regisration and Continental Breakfast: Fourth Floor Palace Tower Convention Floor - sponsored by
08:50 to 09:00 Introduction by Black Hat Founder and Director, Jeff Moss
09:00 to 09:50 Keynote Rod Beckström, Director of the National Cyber Security Center (NCSC) - "TBD"
09:50 to 10:00 Break
0-Day Defense Roman Ballroom	App Sec 1.0/2.0 Augustus 3&4	Deep Knowledge Florentine 1&4	Forensics Augustus 5&6	Hardware Palace 1	Web 2.0 Augustus 1&2	Virtualization Palace 3
10:00 to 11:00
No More 0-Days (or Code-Based Intrusion Detection by Korset) Ohad Ben-Cohen	Encoded, Layered and Transcoded Syntax Attacks: Threading the Needle Past Web Application Security Arian Evans	Passive and Active Leakage of Secret Data from Non-Networked Computer Eric Filiol	Developments in Cisco IOS Forensics Felix Lindner	ePassports Reloaded Jeroen van Beek	Satan is on My Friends List: Attacking Social Networks Shawn Moyer Nathan Hamiel	Taking the Hype Out of Hypervisor Tal Garfinkel
11:00 to 11:15
Coffee Service: Fourth Floor Palace Tower Convention Floor - sponsored by
11:15 to 12:30
No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler UsingTraffic Profiling Ivan Ristic, Ofar Shezaf	Circumventing Automated JavaScript Analysis Tools Billy Hoffman	Passive and Active Leakage of Secret Data from Non-Networked Computer Eric Filiol	Visual Forensic Analysis and Reverse Engineering of Binary Data Greg Conti Erik Dean	SmartCard APDU Analysis Ivan Buetler	Threats to the 2008 Presidential Election (and more) Oliver Friedrichs	Suberverting the Xen Hypervisor Rafal Wojtczuk
12:30 to 13:45
Lunch: Pavillion at Caesars - sponsored by
13:45 to 15:00
A Hypervisor IPS based on Hardware Assisted Virtualization Technology Junichi Murakami	Concurrency Attacks in Web Applications Scott Stender Alexander Vidergar	TBD Dan Kaminsky	Hacking and Injecting Federal Trojans Lukas Grunwald	Side-channel Timing Attacks on MSP430 Microcontroller Firmware Travis Goodspeed	REST for the WIcked Bryan Sullivan	Detecting & Preventing the Xen Hypervisor Subversions Joanna Rutkowska Rafal Wojtczuk
15:15 to 16:30
Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World Mike Reavey Katie Moussouris Steve Adegbite	How To Impress Girls With Browser Memory Protection Bypasses Alexander Sotirov Mark Dowd	The Internet is Broken: Beyond Document.Cookie - Extreme Client-side Exploitation Nathan McFeters Rob Carter John Heasman	Hacking and Injecting Federal Trojans Lukas Grunwald	Mifare - Little Security, Despite Obscurity Karsten Nohl	Get Rich or Die Trying - Making Money on the Web, the Black Hat Way Jeremiah Grossman Arian Evans	Bluepilling the Xen Hypervisor Joanna Rutkowska Alexander Tereshkin
16:30 to 16:45
Coffee Service: Fourth Floor Palace Tower Promenade - sponsored by
16:45 to 18:00
Braving the Cold: New Methods for Preventing Cold Boot Attacks on Encryption Keys Patrick McGregor	Methods for Understanding Targetted Attacks with Office Documents Bruce Dang	Windows Hibernation File for Fun and Profit Matthieu Suiche	Oracle Forensics David Litchfield	Inducing Momentary Faults Within Secure Smartcards/ Microcontrollers Christopher Tarnovsky	Pushing the Camel Through the Eye of a Needle Haroon Meer	VirtuallySecure Oded Horovitz

08:00-08:50 Continental Breakfast: Fourth Floor Palace Tower Convention Floor - sponsored by Nokia

10:00-10:20 Winning the Race to Bare Metal – UEFI Hypervisors by Don Bailey, Martin Mocko

10:30-10:50  Metamorphic / Polymorphic Malware DNA by Chet Hosmer

11:00-11:15 Coffee Service: Fourth Floor Palace Tower Convention Floor - sponsored by Google

11:15-11:35  A Fox in the Hen House (UPnP IGD) by Jonathan Squire

11:45-12:05  SQL Injection Worms for Fun and Profit by Justin Clarke

12:15-12:35 Mobile Phone Messaging Anti-Forensics by Zane Lackey, Luis Miras

12:30-13:45 Lunch: Pavillion at Caesars - sponsored by Microsoft

13:45-14:05 Protecting Vulnerable Applications with IIS7 by Brian Holyfield

14:15-14:35  Got Citrix, Hack It! by Shanit Gupta

14:45-15:05  Vista and ActiveX Controls by Su Yong Kim

15:15-15:35  Fuzzing Proprietary SCADA Protocols by Sergey Bratus

15:45-16:05 Deobfuscator: an Automated Approach to the Identification and Removal of Code Obfuscation by Eric Laspe, Jason Raber

16:30-16:45 Coffee Service: Fourth Floor Palace Tower Promenade - sponsored by Core Security

16:45-17:05  Free-space Quantum Key Distribution at GHz Transmission Rates by Joshua Bienfang

17:15-17:35  Playing by Virtual Security Rules: How Virtualization Changes Everything and What to Do about It by Steve Pate

17:45-18:05  Meet the Owner of a Real Hacked Company - Forensic Analysis by Mark Shelhart