Black Hat Digital Self Defense USA 2004

Black Hat USA 2005 Main Conference Overview

Black Hat USA 2005 Briefings Speakers Black Hat USA 2005 Briefings Schedule Black Hat USA 2005 Sponsors Black Hat USA 2005 Training Black Hat USA 2005 Hotel & Venue Black Hat Registration
Black Hat Briefings Registration Hours
Tuesday, July 26, 16:00 - 21:00
Wednesday, July 27, 08:00 - 18:00
Thursday, July 28, 08:00 - 18:00

Presentations are now online!

July 26 • Informal gathering at 18:00. Gather at the Registration Desk. This is a great time to meet and network with friends, colleagues and the speakers.
Day 1 • July 27, 2005
08:00 - 08:50
Registration and Continental Breakfast: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: PiperJaffrey

08:50 - 09:00 Introduction, Jeff Moss
09:00 - 09:50

Keynote: Investing in Our Nation's Security, Gilman Louie, President and Chief Executive Officer, In-Q-Tel

09:50 - 10:00 Break
Location & Times

Application Security

Layer 0

Policy, Management, and the Law

Zero Day Attack

Deep Knowledge

Other Events

Roman Ballroom
Third Floor

Palace Salon II
Fourth Floor

Emperor's Ballroom
Fourth Floor

Palace Salon I
Fourth Floor

Palace Salon III
Fourth Floor

10:00 - 11:00

World Exclusive – Announcing the OWASP Guide To Securing Web Applications and Services 2.0

Andrew van der Stock

The Social Engineering Engagement Methodology

Joseph Klein

CISO Q&A with Jeff Moss

Scott Blake, Pamela Fusco, Andre Gold, Ken Pfeil, Justin Somaini

Cisco IOS Security Architecture

Michael Lynn

All new Ø Day

David Litchfield

11:00 - 11:15
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: Net IQ

11:15 - 12:30

Attacking Web Services: The Next Generation of Vulnerable Enterprise Apps

Alex Stamos & Scott Stender

Plug and Root, the USB Key to the Kingdom

Darrin Barrall & David Dewey

Legal Aspects of Computer Network Defense

Robert W. Clark

eEye BootRoot

Derek Soeder & Ryan Permeh

Black Ops 2005

Dan Kaminsky

12:30 - 13:45
Lunch: Pavilion at Caesars

sponsored by

sponsor: Bindview
13:45 - 15:00

Owning Anti-Virus: Weaknesses in a Critical Security Component

Alex Wheeler & Neel Mehta

The Non-Cryptographic Ways of Losing Information

Robert Morris

Hacking in a Foreign Language

Kenneth Geers

Trust Transience: Post Intrusion SSH Hijacking

Adam Boileau

Economics, Physics, Psychology and How They Relate to Technical Aspects of Counter Intelligence / Counter Espionage Within Information Security


15:00 - 15:15 Break

Florentine Ballroom
Third Floor

15:15 - 16:30

“Shadow Walker”: Raising The Bar For Rootkit Detection

Sherri Sparks & Jamie Butler

Can You Really Trust Hardware? Exploring Security Problems in Hardware Devices

Joe Grand

Top Ten Issues in Computer Security

Jennifer Stisa Granick

Remote Windows Kernel Exploitation - Step In To the Ring 0

Barnaby Jack

iSCSI Security (Insecure SCSI)

Himanshu Dwivedi

Executive Women’s Forum Panel and Reception - Sometimes, It Is All Who You Know!

Joyce Brocaglia, Pamela Fusco, Kelly Hansen, Rhonda E. MacLean

16:30 - 16:45
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: ISS

Booksigning with Jamie Butler and Greg Hoglund's newly released book "Rootkits : Subverting the Windows Kernel"

16:45 - 18:00

Phishing with Super Bait

Jeremiah Grossman

Long Range RFID and its Security Implications

Kevin Mahaffey, Mark McGovern, Paul Simmonds, Jon Callas

U.S National Security, Individual and Corporate Information Security, and Information Security Providers

Bryan Cunningham & C. Forrest Morgan

Beyond EIP

spoonm & skape

Automation - Deus ex Machina or Rube Goldberg Machine?


Executive Women’s Forum Panel con't

refreshments hosted by:

sponsor: Microsoft
sponsor: TippingPoint
18:00 - 20:00

Hosted Gala Reception: Eat, Drink, Network and be Merry! Location: Palace Tower Promenade

Reception sponsored by

sponsor: Bindview


sponsor: Tricipher


sponsor: SysCon


sponsor: Qualys


sponsor: Aruba

Booksigning with the authors of "Stealing the Network: How to Own an Identity" during the Gala Reception.


The First Annual Black Hat No Limit Hold'em Poker Tournament in Pompeian Ballroom. Participation in this event is by invite only, but Arbor Networks will be holding drawings in their booth for seats at the tournament. Visit the Arbor booth #16 for a chance to participate in the tournament and go head-to-head with the security elite and conference delegates at this special event. For more information, please contact Arbor Networks at

Presentations are now online!

Day 2 • July 28, 2005
08:00 - 09:00
Registration and Continental Breakfast: Fourth Floor Palace Tower Promenade

sponsored by

Location & Times Application Security

Computer Forensics & Log Analysis

Privacy & Anonymity

Zero Day Defense

Turbo Talks

Roman Ballroom
Third Floor

Palace Salon II
Fourth Floor

Palace Salon III
Fourth Floor

Palace Salon I
Fourth Floor

Emperor's Ballroom
Fourth Floor

09:00 - 09:50

The Art of File Format Fuzzing

Michael Sutton & Adam Greene

GEN III Honeynets: The birth of roo

Allen Harper and Edward Balas

Building Robust Backdoors In Secret Symmetric Ciphers

Adam L. Young

Stopping Injection Attacks with Computational Theory

Robert J. Hansen & Meredith L. Patterson

BlackHat Standup: “Yea I’m a Hacker…”

James C. Foster

09:00 - 09:20

Shakespearean Shellcode

Darrin Barrall

09:30 - 09:50

09:50 - 10:00 Break
10:00 - 11:00

CaPerl: Running Hostile Code Safely

Ben Laurie

The Defense Cyber Crime Center

Jim Christy

The Unveiling of My Next Big Project

Philip R. Zimmermann

Rogue Squadron: Evil Twins, 802.11intel, Radical RADIUS, and Wireless Weaponry for Windows

Beetle and Bruce Potter

Using Causal Analysis to Establish Meaningful Connections between Anomalous Behaviors in a Networking Environment

Ken Hines

10:00 - 10:20

Rapid Threat Modeling

Akshay Aggarwal

10:30 - 10:50

11:00 - 11:15
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: Ernst & Young

11:15 - 12:30

The Art of SIP fuzzing and Vulnerabilities Found in VoIP

Ejovi Nuwere & Mikko Varpiola

Performing Effective Incident Response

Kevin Mandia

Google Hacking for Penetration Testers

Johnny Long

Checking Array Bound Violation Using Segmentation Hardware

Tzi-cker Chiueh

Owning the C-suite: Corporate Warfare as a Social Engineering Problem

Shawn Moyer

11:15 - 11:35

A Dirty BlackMail DoS Story

Renaud Bidou

11:45 - 12:05

SPA: Single Packet Authorization

MadHat Unspecific & Simple Nomad

12:15 - 12:35

12:30 - 13:45

Lunch: Pavilion at Caesars

sponsored by

sponsor: Secure Enterprise
sponsor: Network Magazine

sponsor: Network Computing

Book Signing with J0hnny Long and his newly released book "Google Hacking for Penetration Testers"

13:45 - 15:00

NX: How Well Does It Say NO to Attacker’s eXecution Attempts?

David Maynor 

Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch…

James C. Foster & Vincent T. Liu

The Future of Personal Information

Joseph Ansanelli, Richard Baich, Adam Shostack, Paul Proctor

A New Hybrid Approach For Infrastructure Discovery, Monitoring and Control

Ofir Arkin

Toolkits: All-in-One Approach to Security

Kevin Cardwell

13:45 - 14:05

Injection Flaws: Stop Validating Your Input

Mike Pomraning

14:15 - 14:35

Shatter-proofing Windows

Tyler Close

14:45 - 15:05

15:00 - 15:15 Break
15:15 - 16:30

Advanced SQL Injection in Oracle Databases

Esteban Martínez Fayó

Beyond Ethereal: Crafting A Tivo for Security Datastreams

Greg Conti

The National ID Debate

David Mortman, Dennis Bailey, Jim Harper, Rhonda MacLean

Ozone HIPS: Unbreakable Windows

Eugene Tsyrklevich

Building Self-Defending Web Applications: Secrets of Session Hacking and Protecting Software Sessions

Arian J. Evans & Daniel Thompson

15:15 - 15:35

Demystifying MS SQL Server & Oracle Database Server Security

Cesar Cerrudo

15:45 - 16:05

Advance SQL Injection Detection by Join Force of Database Auditing and Anomaly Intrusion Detection

Yuan Fan

16:15 - 16:35

16:30 - 16:45
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: ISS

Book Signing with Dennis Bailey and his book "The Open Society Paradox: Why The 21st Century Calls For More Openness—Not Less"

16:45 - 18:00

Circumvent Oracle’s Database Encryption and Reverse Engineering of Oracle Key Management Algorithms

Alexander Kornbrust

The Art of Defiling: Defeating Forensic Analysis


Routing in the Dark: Scalable Searches in Dark P2P Networks

Ian Clarke & Oskar Sandberg

Preventing Child Neglect in DNSSEC-bis using Lookaside Validation

Paul Vixie

The Jericho Challenge - Finalist Architecture Presentations and Awards

Paul Simmonds

16:45 - 17:05

Press Room:

sponsor: Intellitactics


sponsor: Arbor Networks


sponsor: Configuresoft


sponsor: ISS

Poker Tournament:

sponsor: Arbor Networks

Bumper Stickers:

sponsor: Network Chemistry


sponsor: Citadel
Note that this schedule is subject to change.

Wireless internet access is available during the show. Bring your 802.11b cards!

Attendees must wear badges at all times in the conference areas.
Badges and/or conference proceedings that are lost or reported stolen will incur a $500 replacement fee.
All attendees must be 18 years of age or older to be on the conference floor.

Have a question about your registration, or the conference in general? Try our FAQ.

Black Hat Logo
(c) 1996-2007 Black Hat