Black Hat Digital Self Defense USA 2006

Black Hat USA 2006 Main Conference Overview

Black Hat USA 2006 Briefings Speakers Black Hat USA 2006 Briefings Schedule Black Hat USA 2006 Sponsors Black Hat USA 2006 Training Black Hat USA 2006 Hotel & Venue Black Hat USA 2006 FAQ Black Hat Registration
Black Hat Briefings Registration Hours
Tuesday, August 1, 17:00 - 21:00
Wednesday, August 2, 08:00 - 18:00
Thursday, August 3, 08:00 - 18:00
August 1 • Informal gathering at 18:00. Gather at the Registration Desk.
This is a great time to meet and network with friends, colleagues and the speakers.
Day 1 • August 2, 2006
08:00 - 08:50
Registration and Continental Breakfast: Fourth Floor Palace Tower Convention Floor

sponsored by

sponsor: RIM

08:50 - 09:00 Introduction, Jeff Moss
09:00 - 09:50

Palace Ballroom 1

Keynote: Fighting Organized Cyber Crime – War Stories and Trends
Dan Larkin, Unit Chief, Internet Crime Complaint Center, Federal Bureau of Investigation

09:50 - 10:00 Break
Location & Times

Database Security

Voice Services Security


Zero Day Attack

Deep Knowledge


Panels, Forums & Breakouts

Human Network

Augustus 5 & 6

Augustus 3 & 4

Augustus 1 & 2

Palace Ballroom 1

Palace Ballroom 3

Palace Ballroom 2

Emperors Salon 1

Emperors Salon 2

10:00 - 11:00


David Litchfield

Hacking VoIP Exposed

David Endler & Mark Collier

You Are What You Type: Non-Classical Computer Forensics

Dr. Neal Krawetz

Bypassing Network Access Control (NAC) Systems

Ofir Arkin

The Trusted Computing Revolution

Bruce Potter

Black Ops 2006

Dan Kaminsky

RE 2006: New Challenges Need Changing Tools

Halvar Flake

11:00 - 11:15
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

sponsor: Ernst & Young

11:15 - 12:30

How to Unwrap Oracle PL/SQL

Pete Finnigan

SIP Stack Fingerprinting and Stack Difference Attacks

Hendrik Scholz

Physical Memory Forensics

Mariusz Burdach

Fuzzing Selected Win32 Interprocess Communication Mechanisms

Jesse Burns

A Tale of Two Proxies


Do Enterprise Management Applications Dream of Electric Sheep?

Tom Ptacek & Dave Goldsmith

Writing Metasploit Plugins - From Vulnerability to Exploit

Saumil Shah

12:30 - 13:45
Lunch: Pavilion at Caesars

sponsored by


13:45 - 15:00

SQL Injections by Truncation

Bala Neerumalla

Phishing with Asterisk PBX

Jay Schulman

The State of Incidence Response

Kevin Mandia

Sidewinder: An Evolutionary Guidance System
for Malicious Input Crafting

Shawn Embleton, Sherri Sparks & Ryan Cunningham

Device Drivers

johnny cache & David Maynor

Taming Bugs: The Art and Science of Writing Secure Code

Paul Böhm

Center for Democracy and Technology Anti-Spyware Coalition Public Forum on Corporate Spyware Threats

Ari Schwartz, Ron Davidson, Gerhard Eschelbeck, John Heasman, Dan Kaminsky, Andre Gold, Phil Harris, Drew Maness, Eileen Harrington, Jerry Dixon

15:00 - 15:15
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

Black Hat Sponsor: Microsoft

15:15 - 16:30

Oracle Rootkits 2.0: The Next Generation

Alexander Kornbrust

Defending Against Social Engineering with Voice Analytics

Doug Mohney

Web Application Incident Response & Forensics: A Whole New Ball Game!

Chuck Willis & Rohyt Belani

Attacking Internationalized Software

Scott Stender

Analysing Complex Systems: the BlackBerry Case


PDB: The Protocol DeBugger

Jeremy Rauch

Center for Democracy and Technology Anti-Spyware Coalition Public Forum on Corporate Spyware Threats

16:30 - 16:45
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

Black Hat Sponsor: Microsoft

16:45 - 18:00

Auditing Data Access Without Bringing Your Database To Its Knees

Kimber Spradlin & Dale Brocklehurst

Carrier VoIP Security

Nicolas Fischbach

Death by 1000 Cuts

Johnny Long

Punk Ode: Hiding Shellcode In Plain Sight

Michael Sutton & Greg MacManus

Open to Attack: Vulnerabilities of the Linux Random Number Generator

Zvi Gutterman

Metasploit Reloaded

HD Moore

Hacker Court


Executive Women’s Forum Panel and Reception: No More Geek Speak

Joyce Brocaglia, Dena Haritos Tsamitis, Becky Bace, Merike Kaeo, Rhonda McLean

18:00 - 20:00

Hosted Gala Reception: Eat, Drink, Network and be Merry! Location: Palace Tower Promenade

Reception sponsored by

sponsor: ITDefense
sponsor: Qualys

Black Hat Sponsor: Solorix

Hacker Court con't

Day 2 • August 3, 2006
08:00 - 09:00
Registration and Continental Breakfast: Fourth Floor Palace Tower Promenade

sponsored by


Location & Times Web Security

Hardware Security


Zero Day Defense

Windows Vista Security


Turbo Talks

Palace Ballroom 1

Augustus 1 & 2

Palace Ballroom 3

Augustus 5 & 6

Augustus 3 & 4

Emperor's Salon 1

Palace Ballroom 2

09:00 - 09:50

Zero Day Subscriptions: Using RSS and Atom Feeds as Attack Delivery Systems

Robert Auger & Caleb Sima

RFID Malware Demystified

Melanie Rieback

R^2: The Exponential Growth of Rootkit Techniques

Jamie Butler, Nick Petroni & William Arbaugh

NIDS: False Positive Reduction Through Anomaly Detection

Emmanuelle Zambon & Damiano Bolzoni

Microsoft Security Fundamentals: Engineering, Response and Outreach

Andrew Cushman

Meet the Feds: OODA Loop and the Science of Security

Jason Beckett, Ovie Carroll, James Christy, Andy Fried, Mike Jacobs, Ken Privette, Keith Rhodes, Dave Thomas, Bob Hopper, Hilary Stanhope, Tim Fowler

Attacking Apple’s Xsan

Charles Edge

09:00 - 09:20

MatriXay—When WebApp&Database Security Pen-Test/Audit Is a Joy

Yuan Fan & Xiao Rong

09:30 - 09:50

09:50 - 10:00 Break
10:00 - 11:00

Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous"

Jeremiah Grossman & TC Niedzialkowski

New Attack RFID-systems and Their Middleware and Backends

Lukas Grunwald

Hardware Virtualization Based Rootkits

Dino Dai Zovi

Hotpatching and the Rise of Third-Party Patches

Alexander Sotirov

Security Engineering in Windows Vista

John Lambert

Breaking Crypto Without Keys: Analyzing Data in Web Applications

Chris Eng

Finding and Preventing Cross-site request Forgery

Tom Gallagher

10:00 - 10:20

Investigating Evil Websites with Monkeyspaw: The Greasemonkey Security Professional's Automated Webthinger

Tod Beardsley

10:30 - 10:50

11:00 - 11:15
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by

Black Hat Sponsor: Cisco

11:15 - 12:30

AJAX (in)security

Billy Hoffman

The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device

Claudio Merloni & Luca Carettoni

RAIDE: Rootkit Analysis Identification Elimination v1.0

Peter Silberman & Jamie Butler

Thermoptic Camoflauge: Total IDS Evasion

Brian Caswell & HD Moore

The NetIO Stack: Reinventing TCP/IP in Windows Vista

Abolade Gbadegesin

Hacking, Hollywood Style

Johnny Long

I’m going to shoot the next person who says VLANs

Himanshu Dwivedi

11:15 - 11:35

VOIP Security Essentials

Jeff Waldron

11:45 - 12:05

$30, 30 minutes, 30 networks (Project Cowbird)

Jonathan Squire

12:15 - 12:35

12:30 - 13:45

Booksigning: Hacker’s Challenge 3 with Jeremiah Grossman and Himanshu Dwivedi

Lunch: Pavilion at Caesars

13:45 - 15:00

Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

Alex Stamos & Zane Lackey

Bluetooth Defense Kit

Bruce Potter

Hacking World of Warcraft®: An Exercise in Advanced Rootkit Design

Greg Hoglund

Host Based Anomaly Detection on System Call Arguments

Stefano Zanero

WiFi in Windows Vista: A Peek Inside the Kimono

Noel Anderson & Taroon Mandhana

Disclosure (Public)

Jeff Moss, Paul Proctor, David Mortman, John Stewart, Derrick Scholl, Michael Sutton, Raven, Tom Ptacek, Pamela Fusco, Scott Blake, Jerry Dixon

Wi-Fi Advanced Stealth

Franck Veysset & Laurent Butti

13:45 - 14:05

Code Integration-Based Vulnerability Auditing

William Kimball

14:15 - 14:35

The Speed of (In)security: Analysis of The Speed of Security vs Insecurity

Stefan Frei & Dr. Martin May

14:45 - 15:05

15:00 - 15:15 Break
15:15 - 16:30

Six Degrees of XSSploitation

Dan Moniz & HD Moore

Vulnerabilities in Not-So Embedded Systems

Brendan O'Connor

Rootkits: Attacking Personal Firewalls

Alexander Tereshkin

IPS Shortcomings

Renaud Bidou

Windows Vista Heap Management Enhancements– Security, Reliability and Performance

Adrian Marinescu

Jericho Forum and Challenge

Paul Simmonds, Henry Teng, Bob West & Justin Somaini

Finding Gold in the Browser Cache

Corey Benninger

15:15 - 15:35

Automated Malware Classification/Analysis Though Network Theory and Statistics

Daniel Bilar

15:45 - 16:05

Defending Black Box Web Applications: Building an Open Source Web Security Gateway

Shawn Moyer

16:15 - 16:35

16:30 - 16:45
Coffee Service: Fourth Floor Palace Tower Promenade

sponsored by


16:45 - 18:00

Analysis of Web Application Worms and Viruses

Billy Hoffman

Faster Pwning Assured: Hardware Hacks and Cracks with FPGAs

David Hulton & Dan Moniz

Subverting Vista Kernel For Fun And Profit

Joanna Rutkowska

The Statue of Liberty: Utilizing Active Honeypots for Hosting Potentially Malicious Events

Philip Trainor

Case Study: The Secure Development Lifecycle and Internet Explorer 7

Rob Franco

Jericho Forum

Building Security into the Software LifeCycle, A Business Case

Marco Morana

16:45 - 17:05

BlackHat Stand-up Take Two: So What If I don’t Sell My Vulnerabilities…

James C. Foster

17:15 - 17:35

Runtime Packers: The Hidden Problem?

Maik Morgenstern & Tom Brosch

17:45 - 18:05

Association Alley:
Black Hat Sponsor: CVE MITRE


sponsor: Computer Securoity Jobs


sponsor: Configuresoft

Black Hat Sponsor: TriGeo


Black Hat Sponsor: Cenzic


Black Hat Sponsor: Computer Security Jobs

Wireless Access:

sponsor: Aruba
Note that this schedule is subject to change.

Wireless internet access is available during the show. Bring your 802.11b cards!

Attendees must wear badges at all times in the conference areas.
Badges and/or conference proceedings that are lost or reported stolen will incur a $500 replacement fee.
All attendees must be 18 years of age or older to be on the conference floor.

Have a question about your registration, or the conference in general? Try our FAQ.

Black Hat Logo
(c) 1996-2007 Black Hat