K1/K2 Welcome & Introduction to Black Hat USA 2010 / Keynote Speaker (Video Only)
Jeff Moss / Deputy Secretary: Jane Holl Lute
K3 Keynote Speaker (Video Only) Gen (Ret.) Michael Hayden BP1 State of SSL on the Internet: 2010 Survey, Results and Conclusions Ivan Ristic BP2 Becoming the Six-Million-Dollar Man Gunter Ollmann BP3 Defenseless in Depth Alex Wheeler, Ryan Smith BP4 Need a Hug? Im Secure Steve Ocepek, Charles Henderson BP5 Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing Francis Brown, Rob Ragan BC1 Industrial Bug Mining - Extracting, Grading and Enriching the Ore of Exploits Ben Nagy BC2 Virtual Forensics Christiaan Beek BC3 Network Stream Debugging with Mallory Raj Umadas, Jeremy Alleny BC4 JavaSnoop: How to Hack Anything Written in Java Arshan Dabirsiaghi BC5 Exploiting the Forest with Trees Meredith L. Patterson, Len Sassaman CS1 How to Hack Millions of Routers Craig Heffner CS2 HTTPS Can Byte Me Robert Hansen, Josh Sokol CS3 Blitzableiter - The Release FX CS4 Hacking Browsers DOM - Exploiting Ajax and RIA Shreeraj Shah CS5 Bad Memories Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, Dan Boneh KEYNOTE (DISC 1) BIG PICTURE (DISC 2) BUG COLLECTING (DISC 2) CLIENT SIDE (DISC 2) CV1 CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity Christofer Hoff CV2 Secure Use of Cloud Storage Grant Bugher CV3 Virtually Pwned: Pentesting Virtualization Claudio Criscione CV4 Virt-ICE: Next Generation Debugger for Malware Analysis Nguyen Anh Quynh, Kuniyasu Suzaki CV5 dirtbox: A Highly Scalable x86/Windows Emulator Georg Wicherski CW1 Drivespoit: Circumventing Automated and Manual Detection of Browser Exploits Wayne Huang, Jack Yu CW2 Balancing the Pwn Trade Defcit Val Smith, Anthony Lai, Colin Ames CW3 Social Networking Special Ops: Extending Data Visualization Tools for faster Pwnage Chris Sumner CW4 Finger Pointing for Fun, Proft and War? Tom Parker CW5 Getting in Bed with Robin Sage Thomas Ryan E1 Optimizing the Security Researcher and CSO Relationship (Video Only) Panel E2 The Future of DNS Security (Video Only) Panel E3 One on One Interview (Video Only) Gen (Ret.) Michael Hayden E4 Security Innovation Network: Connecting Buyers, Builders, and the Research Community (Video Only) Panel CLOUD VIRTUALIZATION (DISC 3) CYBER WAR & PEACE (DISC 3) EXECUTIVE (DISC 3) EX1 Memory Corruption Attacks: The (Almost) Complete History Haroon Meer EX2 Theres a Party at Ring0 (and Youre Invited) Julien Tinnes, Tavis Ormandy EX3 Return-Oriented Exploitation Dino Dai Zovi EX4 Understanding the Low-Fragmentation Heap: From Allocation to Exploitation Chris Valasek EX5 Advanced AIX Heap Exploitation Methods Tim Shelton I1 The Emperor Has No Clothes: Insecurities in Security Infrastructure Ben Feinstein, Jeff Jarmoc, Dan King I2 Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters Jonathan Pollet, Joe Cummins I3 SCADA and ICS for Security Experts: How to Avoid Cyberdouchery James Arlen I4 Black Ops of Fundamental Defense: Web Edition Dan Kaminsky I5 Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios Shawn Moyer, Nathan Keltner MF1 Malware Freak Show 2010: The Client-Side Boogaloo Nicholas J. Percoco, Jibran Ilyas MF2 Malware Attribution: Tracking Cyber Spies and Digital Criminals Greg Hoglund MF3 mod_antimalware: A Novel Apache Module for Containing web-based Malware Infections Neil Daswani MF4 BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing Patrick Thomas MF5 Mastering the Nmap Scripting Engine Fyodor Vaskovitch, David Fifeld EXPLOITATION (DISC 4) INFRASTRUCTURE (DISC 4) MALWARE + FINGERPRINTING (DISC 4) ME1 Panel: CSI: TCP/IP Panel ME2 Panel: Policy, Privacy, Deterrence and Cyber War Panel ME3 Panel: Human Intel Panel ME4 Panel: Ex-Fed Confessions Panel MO1 Base Jumping: Attacking GSM Base Station Systems and Mobile Phone Base Bands Grugq MO2 More Bugs In More Places: Secure Development On Mobile Platforms David Kane-Parry MO3 These Arent the Permissions Youre Looking For Anthony Lineberry, Tim Wyatt, David Luke Richardson MO4 Everybody Be Cool This is a Roppery! Vincenzo Iozzo, Ralf-Philipp Weinmann, Tim Kornau MO5 App Attack: Surviving the Mobile Application Explosion Kevin Mahaffey, John Hering N1 WPA Migration Mode: WEP is Back to Haunt You Leandro Meiners, Diego Sor N2 Extreme-Range RFID tracking Chris Paget N3 Burning Asgard - What Happens When Loki Breaks Free Enno Rey, Daniel Mende, Rene Graf N4 Exploiting Timing Attacks in Widespread Systems Nate Lawson, Taylor Nelson N5 PSUDP: A Passive Approach to Network-Wide Covert Communication Kenton Born MEET THE FEDS (DISC 5) MOBILE (DISC 5) NETWORK (DISC 5) OS1 Attacking Kerberos Deployments Scott Stender, Rachel Engel, Brad Hill OS2 Understanding the Windows SMB NTLM Weak Nonce Vulnerability Hernan Ochoa, Agustin Azubel OS3 Adventures in Limited User Post Exploitation Tim Elrod, Nathan Keltner OS4 Ushering in the Post-GRC World: Applied Threat Modeling Alex Hutton, Allison Miller OS5 Standing on the Shoulders of the Blue Monster: Hardening Windows Applications olle b PR1 New Threats to Privacy Moxie Marlinspike PR2 Unauthorized Internet Wiretapping: Exploiting Lawful Intercept Tom Cross PR3 The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this Intellectual Property Legislation Chills Research, Disclosure and Innovation Tiffany Rad, Christopher Mooney PR4 Attacking Phone Privacy Karsten Nohl PR5 Carmen Sandiego is On the Run! Don Bailey, Nicholas DePetrillo P1 Payload Already Inside: Data Re-Use for ROP Exploits Long Le P2 Aleatory Persistent Threat Nicolas Waisman P3 Hacking Java Clients Stephen de Vries P4 Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research Lurene Grenier, Richard Johnson P5 SAP Backdoors: A Ghost at the Heart of Your Business Mariano Nuez Di Croce OS WARS (DISC 6) PRIVACY (DISC 6) PROGRAMMATIC (DISC 6) RE1 ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches Automatically Jeongwook Oh RE2 Crash Analysis Using BitBlaze Charlie Miller, Noah Johnson RE3 Jackpotting Automated Teller Machines Redux Barnaby Jack RE4 Blue Screen of the Death is Dead Matthieu Suiche RE5 Semiconductor Security Awareness, Today & Yesterday Christopher Tarnovsky RR1 pyREtic Reversing Obfuscated Python Bytecode & Live Python Objects Rich Smith RR2 Voyage of the Reverser: A Visual Study of Binary Species Sergey Bratus, Greg Conti RR3 TitanMist: Your First Step to Reversing Nirvana Mario Vuksan, Tomislav Pericin RR4 NEPTUNE: Dissecting Web-Based Malware via Browser and OS Instrumentation Rami Kawach RR5 Goodware Drugs for Malware: On-The-Fly Malware Analysis and Containment Damiano Bolzoni, Christiaan Schade SE1a Cloud Security Alliance Summit, Pt.1a Panel SE1b Cloud Security Alliance Summit, Pt.1b Panel SE2a Cloud Security Alliance Summit, Pt.2a (Video Only) Panel SE2b Cloud Security Alliance Summit, Pt.2b Panel SE2c Cloud Security Alliance Summit, Pt.2c Panel REVERSE ENGINEERING (DISC 7) REVERSE ENGINEERING REDUX (DISC 7) SPECIAL EVENTS (DISC 7) SE3a Cloud Security Alliance Summit, Pt.3a Panel SE3b Cloud Security Alliance Summit, Pt.3b Panel SE4 Hacker Court, Pt.1 Panel SE5 Hacker Court, Pt.2 Panel SE6 Breakout Session: Regional Collegiate Cyberdefense Competition Panel SE7 Your Career = Your Business Lee Kushner, Mike Murray SE8 Things You Wanted To Know But Were Afraid To Ask About Managing Your Information Security Career Lee Kushner, Mike Murray SE9 Responsible, Full, Half and Half, Medium-Rare: Flavors of Disclosure (Video Only) ISSA TT1a Microsoft Powershell - Its Time to Own David Kennedy, Joshua Kelley TT1b Breaking Browsers: Hacking Auto-Complete Jeremiah Grossman TT2a You Will be Billed $90,000 for This Call Mikko Hypponen TT2b The Black Art of Binary Hijacking Nick Harbour TT3a Elevation of Privilege: The Easy way to Threat Model Adam Shostack TT3b ISC SIE Passive DNS vs. Apache Cassandra Paul Vixie TT3c Reverse Engineering with Hardware Debuggers Jason Raber, Jason Cheatham SPECIAL EVENTS (CONT.) (DISC 7) TURBO (DISC 8) TT4a SprayPAL: How Capturing and Replaying Attack Traffc Can Save Your IDS Patrick Engebretson, Josh Pauli, Kyle Cronin TT4b Hadoop Security Design? Just Add Kerberos? Really? Andrew Becherer TT4c ISC DNSDB Robert Edmonds TT5a USB - HID, The Hacking Interface Design Paul Carugati, Jason Pisani, Richard Rushing TT5b Cache on Delivery Marco Slaviero TT5c Security is Not a Four Letter Word Michael Davis WA1 Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits Stefan Esser WA2 Constricting the Web: Offensive Python for Web Hackers Nathan Hamiel, Marcin Wielgoszewski WA3 GWT Security: Dont Get Distracted By Bright Shiny Objects David Byrne, Charles Henderson WA4 How I Met Your Girlfriend Samy Kamkar WA5 Deconstructing ColdFusion Chris Eng, Brandon Creighton WD1 Keeping the Good Stuff In: Confdential Information Firewalling with the CRM114 Spam Filter & Text Classifer William Yerazunis WD2 Hacking Oracle From Web Apps Sumit Siddharth WD3 Token Kidnappings Revenge Cesar Cerrudo TURBO (CONT.) (DISC 8) WEB APPS (DISC 8) WHERE THE DATA LIVES (DISC 8) WD4 Hacking and Protecting Oracle Database Vault Esteban Martinez Fayo WD5 Cryptographic Agility: Defending Against the Sneakers Scenario Bryan Sullivan WHERE THE DATA LIVES (CONT.) (DISC 8)