Trainings august 1 - 4 CISO
Summit August 4 Briefings August 5 Arsenal August 5 Sponsored Sessions
August 5 Sponsored Workshops August 5 Briefings August 6 Arsenal August 6 Sponsored Sessions
August 6 Sponsored Workshops August 6

Briefings | August 5

07:00

Registration

08:00

Breakfast
Brought to you by Black Hat USA Diamond Sponsors

08:50

Welcome & Introduction to Black Hat USA 2015

09:00

The Lifecycle of a RevolutionJennifer Granick Mandalay Bay Ballroom 09:00 - 10:00
 

10:00

Break

10:20

Android Security State of the UnionAdrian Ludwig Mandalay Bay GH 10:20 - 11:10
 
Bring Back the Honeypots...Haroon Meer & Marco Slaviero South Seas ABE 10:20 - 11:10
 
How to Hack Government: Technologists as Policy MakersAshkan Soltani & Terrell McSweeny Lagoon K 10:20 - 11:10
 
Internet Plumbing for Security Professionals: The State of BGP SecurityWim Remes Mandalay Bay BCD 10:20 - 11:10
 
Server-Side Template Injection: RCE for the Modern Web AppJames Kettle Jasmine Ballroom 10:20 - 11:10
 
Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data ServiceColby Moore South Seas GH 10:20 - 11:10
 
Unicorn: Next Generation CPU Emulator FrameworkNguyen Anh Quynh & Hoang-Vu Dang South Seas IJ 10:20 - 11:10
 
Why Security Data Science Matters and How It's Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat IntelligenceJoshua Saxe South Seas CDF 10:20 - 11:10
 
Writing Bad @$$ Malware for OS XPatrick Wardle Mandalay Bay EF 10:20 - 11:10
 

11:10

Coffee Service
Brought to you by Black Hat USA Diamond Sponsors

11:30

Attacking Interoperability - An OLE EditionHaifei Li & Bing Sun Mandalay Bay BCD 11:30 - 12:20
 
Breaking HTTPS with BGP HijackingArtyom Gavrichenkov Lagoon K 11:30 - 12:20
 
Defeating Pass-the-Hash: Separation of PowersSeth Moore & Baris Saydag Mandalay Bay EF 11:30 - 12:20
 
Emanate Like a Boss: Generalized Covert Data Exfiltration with FuntennaAng Cui Jasmine Ballroom 11:30 - 12:20
 
Take a Hacker to Work Day - How Federal Prosecutors Use the CFAALeonard Bailey South Seas ABE 11:30 - 12:20
 
The Battle for Free Speech on the InternetMatthew Prince South Seas GH 11:30 - 12:20
 
Understanding and Managing Entropy UsageBruce Potter & Sasha Wood South Seas IJ 11:30 - 12:20
 
Why Security Data Science Matters and How It's Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat IntelligenceJoshua Saxe South Seas CDF 11:30 - 12:20
 
Winning the Online Banking WarSean Park Mandalay Bay GH 11:30 - 12:20
 

12:20

Lunch Break

13:50

Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorer's Isolated Heap and MemoryProtectionBrian Gorenc & Abdul-Aziz Hariri & Simon Zuckerbraun South Seas CDF 13:50 - 14:40
 
Adventures in Femtoland: 350 Yuan for Invaluable FunAlexey Osipov & Alexander Zaitsev Mandalay Bay BCD 13:50 - 14:40
 
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and SharingAlex Pinto & Alexandre Sieira Lagoon K 13:50 - 14:40
 
Exploiting the DRAM Rowhammer Bug to Gain Kernel PrivilegesMark Seaborn & Halvar Flake Jasmine Ballroom 13:50 - 14:40
 
GameOver Zeus: Badguys and BackendsElliott Peterson & Michael Sandee & Tillmann Werner Mandalay Bay GH 13:50 - 14:40
 
Red vs. Blue: Modern Active Directory Attacks, Detection, and ProtectionSean Metcalf Mandalay Bay EF 13:50 - 14:40
 
SMBv2: Sharing More than Just Your FilesJonathan Brossard & Hormazd Billimoria South Seas ABE 13:50 - 14:40
 
The Tactical Application Security Program: Getting Stuff DoneCory Scott & David Cintz South Seas GH 13:50 - 14:40
 
These are Not Your Grand Daddy's CPU Performance Counters - CPU Hardware Performance Counters for SecurityNishad Herath South Seas IJ 13:50 - 14:40
 

15:00

Back Doors and Front Doors Breaking the Unbreakable SystemJames Denaro & Matthew Green South Seas ABE 15:00 - 15:50
 
Big Game Hunting: The Peculiarities of Nation-State Malware ResearchMorgan Marquis-Boire & Marion Marschalek & Claudio Guarnieri Mandalay Bay GH 15:00 - 15:50
 
Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware AnalysisRodrigo Branco & Gabriel Negreira Barbosa & Alexander Matrosov & Eugene Rodionov South Seas GH 15:00 - 15:50
 
Remote Exploitation of an Unaltered Passenger VehicleCharlie Miller & Chris Valasek Mandalay Bay EF 15:00 - 15:50
 
Stagefright: Scary Code in the Heart of AndroidJoshua Drake Mandalay Bay BCD 15:00 - 15:50
 
Stranger Danger! What is the Risk from 3rd Party Libraries?Kymberlee Price & Jake Kouns South Seas IJ 15:00 - 15:50
 
Switches Get StitchesColin Cassidy & Robert Lee & Eireann Leverett South Seas CDF 15:00 - 15:50
 
Targeted Takedowns: Minimizing Collateral Damage Using Passive DNSPaul Vixie Jasmine Ballroom 15:00 - 15:50
 
WSUSpect - Compromising the Windows Enterprise via Windows UpdatePaul Stone & Alex Chapman Lagoon K 15:00 - 15:50
 

15:50

Networking Break
Brought to you by Black Hat USA Platinum Sponsors

16:20

Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless BackdoorMatthew Graeber Mandalay Bay EF 16:20 - 17:10
 
Attacking Hypervisors Using Firmware and HardwareYuriy Bulygin & Alexander Matrosov & Mikhail Gorobets & Oleksandr Bazhaniuk Mandalay Bay GH 16:20 - 17:10
 
Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as they Regulate CybersecurityMichael Daugherty South Seas IJ 16:20 - 17:10
 
Crash & Pay: How to Own and Clone Contactless Payment DevicesPeter Fillmore South Seas ABE 16:20 - 17:10
 
Faux Disk Encryption: Realities of Secure Storage on Mobile DevicesDaniel Mayer & Drew Suarez Lagoon K 16:20 - 17:10
 
Optimized Fuzzing IOKit in iOSLei Long & Peng Xiao & Aimin Pan Mandalay Bay BCD 16:20 - 17:10
 
Panel: Getting It Right: Straight Talk on Threat & Information SharingTrey Ford & Kevin Bankston & Rebekah Brown South Seas GH 16:20 - 17:10
 
Securing Your Big Data EnvironmentAjit Gaddam South Seas CDF 16:20 - 17:10
 
The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring SystemsKyle Wilhoit & Stephen Hilt Jasmine Ballroom 16:20 - 17:10
 

17:10

Break

17:30

Business Hall Reception
Brought to you by Black Hat USA Diamond and Platinum Plus Sponsors

17:30

Attacking ECMAScript Engines with RedefinitionNatalie Silvanovich South Seas CDF 17:30 - 18:00
 
Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical SecurityYu Yu Mandalay Bay EF 17:30 - 18:00
 
Commercial Mobile Spyware - Detecting the UndetectableJoshua Dalman & Valerie Hantke Mandalay Bay GH 17:30 - 18:00
 
Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in MalwareAlex Long Mandalay Bay BCD 17:30 - 18:00
 
How Vulnerable are We to Scams?Markus Jakobsson & Ting-Fang Yen South Seas ABE 17:30 - 18:00
 
Mobile Point of Scam: Attacking the Square ReaderAlexandrea Mellen & John Moore & Artem Losev South Seas GH 17:30 - 18:00
 
Subverting Satellite Receivers for Botnet and ProfitSofiane Talmat Lagoon K 17:30 - 18:00
 
The Node.js Highway: Attacks are at Full ThrottleMaty Siman & Amit Ashbel Jasmine Ballroom 17:30 - 18:00
 
THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android MalwareYeongung Park & Jun Young Choi South Seas IJ 17:30 - 18:00
 

18:30

Pwnie Awards