We were distressed to wake up this morning to the realization that Black Hat Europe is exactly one month away -- clearly, it's time to stop procrastinating and throw together an official-looking schedule! And here it is, the official Black Hat Europe 2012 Briefing Schedule
For those similarly groggy, Black Hat Europe 2012 will occur between March 14th - March 16th at the Grand Krasnapolsky Hotel in Amsterdam, the Netherlands. If you're interested in attending Black Hat Europe 2012, be sure to rouse yourself long enough to register by February 29th to enjoy a lower registration cost than will be offered to late and onsite registrations.
While you're up, here are a few choice picks from our dozens-strong schedule of briefings, trainings, and special events:
// David Litchfield, everyone's favorite Oracle hacker, will be returning to present An Assortment of Database Goodies at Black Hat Europe. It will no doubt shock you to learn that he's found a number of new exploits and security weaknesses in Oracle Database Server, and he'll be giving demonstrations on exploiting them to gain DBA privileges. Never change, David.
// Every day software developers churn out millions of lines of code -- some good, some buggier than a 10-Euro hostel. But which industries write the most secure code? And the least? Should you worry more about internally built apps, open source, commercial software, or outsourcers? To answer these questions, Chris Wysopal, of Veracode and L0pht infamy, used static binary analysis on thousands of apps of all stripes, creating an anonymized vulnerability data set. Attend his session, Data Mining a Mountain of Zero Day Vulnerabilities, to find out who sucks most.
// Apple and Google very famously have their differences, but they also both want your trust. And that doesn't come easily. Join FX for his Black Hat Europe session, Apple vs. Google Client Platforms, where he'll delve into the similarities and differences in the approaches Apple and Google take on their iPad and Chromebook client platforms, from security architecture to what powers they grant to attackers through fails in logic, binary, and HTML. It could get messy, so bring protective clothing.
// Threat modeling is typically a defensive, anticipatory action, but in Offensive Threat Modeling for Attackers - Turning Threat Modeling on its Head, Rafal Los and Shane MacDougall will show how offensive threat modeling can give attackers a powerful new weapon. Unorthodox tactics are the name of their game, with a focus on the key concepts of Posture, Position, and Predisposition. Social engineering, misdirection, employee home network attacks, reverse honeypots, psychological profiling... by the end of the session you will understand that you should never, ever mess with Rafal or Shane.
// HTML5 is on everyone's minds, and as Blueinfy founder Shreeraj Shah is keenly aware, that includes the minds of potential attackers. At Black Hat Europe Shreeraj will present his new talk and paper, HTML5: Top 10 Threats, Stealth Attacks, and Silent Exploits, in which he'll walk you through the new technology's architectures, attack surfaces, and possible threats. From clickjacking and phishing via mixed layers and iframes to abusing thick client features, Shreeraj'll show you how to plan your defense, as well as some new tricks for scanning for HTML5 vulnerabilities.
The sessions outlined above are just a fraction of the myriad and varied briefings, trainings, and special events planned for Black Hat Europe 2012. Check out the the official Black Hat Europe 2012 Briefing Schedule for a complete picture of what to expect from Black Hat Europe 2012.