K1/K2 Welcome & Introduction to Black Hat USA 2010 / Keynote Speaker (Video Only)

Jeff Moss / Deputy Secretary: Jane Holl Lute

K3 Keynote Speaker (Video Only)
Gen (Ret.) Michael Hayden
BP1 State of SSL on the Internet: 2010 Survey, Results and Conclusions
Ivan Ristic
BP2 Becoming the Six-Million-Dollar Man
Gunter Ollmann
BP3 Defenseless in Depth
Alex Wheeler, Ryan Smith
BP4 Need a Hug? Im Secure
Steve Ocepek, Charles Henderson
BP5 Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing
Francis Brown, Rob Ragan
BC1 Industrial Bug Mining - Extracting, Grading and Enriching the Ore of Exploits
Ben Nagy
BC2 Virtual Forensics
Christiaan Beek
BC3 Network Stream Debugging with Mallory
Raj Umadas, Jeremy Alleny
BC4 JavaSnoop: How to Hack Anything Written in Java
Arshan Dabirsiaghi
BC5 Exploiting the Forest with Trees
Meredith L. Patterson, Len Sassaman
CS1 How to Hack Millions of Routers
Craig Heffner
CS2 HTTPS Can Byte Me
Robert Hansen, Josh Sokol
CS3 Blitzableiter - The Release
FX
CS4 Hacking Browsers DOM - Exploiting Ajax and RIA
Shreeraj Shah
CS5 Bad Memories
Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, Dan Boneh
KEYNOTE (DISC 1)
BIG PICTURE (DISC 2)
BUG COLLECTING (DISC 2)
CLIENT SIDE (DISC 2)
CV1 CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy
Back to Information Centricity
Christofer Hoff
CV2 Secure Use of Cloud Storage
Grant Bugher
CV3 Virtually Pwned: Pentesting Virtualization
Claudio Criscione
CV4 Virt-ICE: Next Generation Debugger for Malware Analysis
Nguyen Anh Quynh, Kuniyasu Suzaki
CV5 dirtbox: A Highly Scalable x86/Windows Emulator
Georg Wicherski
CW1 Drivespoit: Circumventing Automated and Manual Detection of Browser Exploits
Wayne Huang, Jack Yu
CW2 Balancing the Pwn Trade Defcit
Val Smith, Anthony Lai, Colin Ames
CW3 Social Networking Special Ops: Extending Data Visualization Tools for faster Pwnage
Chris Sumner
CW4 Finger Pointing for Fun, Proft and War?
Tom Parker
CW5 Getting in Bed with Robin Sage
Thomas Ryan
E1 Optimizing the Security Researcher and CSO Relationship (Video Only)
Panel
E2 The Future of DNS Security (Video Only)
Panel
E3 One on One Interview (Video Only)
Gen (Ret.) Michael Hayden
E4 Security Innovation Network: Connecting Buyers, Builders, and the Research
Community (Video Only)
Panel
CLOUD VIRTUALIZATION (DISC 3)
CYBER WAR & PEACE (DISC 3)
EXECUTIVE (DISC 3)
EX1 Memory Corruption Attacks: The (Almost) Complete History
Haroon Meer
EX2 Theres a Party at Ring0 (and Youre Invited)
Julien Tinnes, Tavis Ormandy
EX3 Return-Oriented Exploitation
Dino Dai Zovi
EX4 Understanding the Low-Fragmentation Heap: From Allocation to Exploitation
Chris Valasek
EX5 Advanced AIX Heap Exploitation Methods
Tim Shelton
I1 The Emperor Has No Clothes: Insecurities in Security Infrastructure
Ben Feinstein, Jeff Jarmoc, Dan King
I2 Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters
Jonathan Pollet, Joe Cummins
I3 SCADA and ICS for Security Experts: How to Avoid Cyberdouchery
James Arlen
I4 Black Ops of Fundamental Defense: Web Edition
Dan Kaminsky
I5 Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios
Shawn Moyer, Nathan Keltner
MF1 Malware Freak Show 2010: The Client-Side Boogaloo
Nicholas J. Percoco, Jibran Ilyas
MF2 Malware Attribution: Tracking Cyber Spies and Digital Criminals
Greg Hoglund
MF3 mod_antimalware: A Novel Apache Module for Containing web-based Malware Infections
Neil Daswani
MF4 BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing
Patrick Thomas
MF5 Mastering the Nmap Scripting Engine
Fyodor Vaskovitch, David Fifeld
EXPLOITATION (DISC 4)
INFRASTRUCTURE (DISC 4)
MALWARE + FINGERPRINTING (DISC 4)
ME1 Panel: CSI: TCP/IP
Panel
ME2 Panel: Policy, Privacy, Deterrence and Cyber War
Panel
ME3 Panel: Human Intel
Panel
ME4 Panel: Ex-Fed Confessions
Panel
MO1 Base Jumping: Attacking GSM Base Station Systems and Mobile Phone Base Bands
Grugq
MO2 More Bugs In More Places: Secure Development On Mobile Platforms
David Kane-Parry
MO3 These Arent the Permissions Youre Looking For
Anthony Lineberry, Tim Wyatt, David Luke Richardson
MO4 Everybody Be Cool This is a Roppery!
Vincenzo Iozzo, Ralf-Philipp Weinmann, Tim Kornau
MO5 App Attack: Surviving the Mobile Application Explosion
Kevin Mahaffey, John Hering
N1 WPA Migration Mode: WEP is Back to Haunt You
Leandro Meiners, Diego Sor
N2 Extreme-Range RFID tracking
Chris Paget
N3 Burning Asgard - What Happens When Loki Breaks Free
Enno Rey, Daniel Mende, Rene Graf
N4 Exploiting Timing Attacks in Widespread Systems
Nate Lawson, Taylor Nelson
N5 PSUDP: A Passive Approach to Network-Wide Covert Communication
Kenton Born
MEET THE FEDS (DISC 5)
MOBILE (DISC 5)
NETWORK (DISC 5)
OS1 Attacking Kerberos Deployments
Scott Stender, Rachel Engel, Brad Hill
OS2 Understanding the Windows SMB NTLM Weak Nonce Vulnerability
Hernan Ochoa, Agustin Azubel
OS3 Adventures in Limited User Post Exploitation
Tim Elrod, Nathan Keltner
OS4 Ushering in the Post-GRC World: Applied Threat Modeling
Alex Hutton, Allison Miller
OS5 Standing on the Shoulders of the Blue Monster: Hardening Windows Applications
olle b
PR1 New Threats to Privacy
Moxie Marlinspike
PR2 Unauthorized Internet Wiretapping: Exploiting Lawful Intercept
Tom Cross
PR3 The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this
Intellectual Property Legislation Chills Research, Disclosure and Innovation
Tiffany Rad, Christopher Mooney
PR4 Attacking Phone Privacy
Karsten Nohl
PR5 Carmen Sandiego is On the Run!
Don Bailey, Nicholas DePetrillo
P1 Payload Already Inside: Data Re-Use for ROP Exploits
Long Le
P2 Aleatory Persistent Threat
Nicolas Waisman
P3 Hacking Java Clients
Stephen de Vries
P4 Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research
Lurene Grenier, Richard Johnson
P5 SAP Backdoors: A Ghost at the Heart of Your Business
Mariano Nuez Di Croce
OS WARS (DISC 6)
PRIVACY (DISC 6)
PROGRAMMATIC (DISC 6)
RE1 ExploitSpotting: Locating Vulnerabilities Out of Vendor Patches Automatically
Jeongwook Oh
RE2 Crash Analysis Using BitBlaze
Charlie Miller, Noah Johnson
RE3 Jackpotting Automated Teller Machines Redux
Barnaby Jack
RE4 Blue Screen of the Death is Dead
Matthieu Suiche
RE5 Semiconductor Security Awareness, Today & Yesterday
Christopher Tarnovsky
RR1 pyREtic Reversing Obfuscated Python Bytecode & Live Python Objects
Rich Smith
RR2 Voyage of the Reverser: A Visual Study of Binary Species
Sergey Bratus, Greg Conti
RR3 TitanMist: Your First Step to Reversing Nirvana
Mario Vuksan, Tomislav Pericin
RR4 NEPTUNE: Dissecting Web-Based Malware via Browser and OS Instrumentation
Rami Kawach
RR5 Goodware Drugs for Malware: On-The-Fly Malware Analysis and Containment
Damiano Bolzoni, Christiaan Schade
SE1a Cloud Security Alliance Summit, Pt.1a
Panel
SE1b Cloud Security Alliance Summit, Pt.1b
Panel
SE2a Cloud Security Alliance Summit, Pt.2a (Video Only)
Panel
SE2b Cloud Security Alliance Summit, Pt.2b
Panel
SE2c Cloud Security Alliance Summit, Pt.2c
Panel
REVERSE ENGINEERING (DISC 7)
REVERSE ENGINEERING REDUX (DISC 7)
SPECIAL EVENTS (DISC 7)
SE3a Cloud Security Alliance Summit, Pt.3a
Panel
SE3b Cloud Security Alliance Summit, Pt.3b
Panel
SE4 Hacker Court, Pt.1
Panel
SE5 Hacker Court, Pt.2
Panel
SE6 Breakout Session: Regional Collegiate Cyberdefense Competition
Panel
SE7 Your Career = Your Business
Lee Kushner, Mike Murray
SE8 Things You Wanted To Know But Were Afraid To Ask About Managing Your Information
Security Career
Lee Kushner, Mike Murray
SE9 Responsible, Full, Half and Half, Medium-Rare: Flavors of Disclosure (Video Only)
ISSA
TT1a Microsoft Powershell - Its Time to Own
David Kennedy, Joshua Kelley
TT1b Breaking Browsers: Hacking Auto-Complete
Jeremiah Grossman
TT2a You Will be Billed $90,000 for This Call
Mikko Hypponen
TT2b The Black Art of Binary Hijacking
Nick Harbour
TT3a Elevation of Privilege: The Easy way to Threat Model
Adam Shostack
TT3b ISC SIE Passive DNS vs. Apache Cassandra
Paul Vixie
TT3c Reverse Engineering with Hardware Debuggers
Jason Raber, Jason Cheatham
SPECIAL EVENTS (CONT.) (DISC 7)
TURBO (DISC 8)
TT4a SprayPAL: How Capturing and Replaying Attack Traffc Can Save Your IDS
Patrick Engebretson, Josh Pauli, Kyle Cronin
TT4b Hadoop Security Design? Just Add Kerberos? Really?
Andrew Becherer
TT4c ISC DNSDB
Robert Edmonds
TT5a USB - HID, The Hacking Interface Design
Paul Carugati, Jason Pisani, Richard Rushing
TT5b Cache on Delivery
Marco Slaviero
TT5c Security is Not a Four Letter Word
Michael Davis
WA1 Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits
Stefan Esser
WA2 Constricting the Web: Offensive Python for Web Hackers
Nathan Hamiel, Marcin Wielgoszewski
WA3 GWT Security: Dont Get Distracted By Bright Shiny Objects
David Byrne, Charles Henderson
WA4 How I Met Your Girlfriend
Samy Kamkar
WA5 Deconstructing ColdFusion
Chris Eng, Brandon Creighton
WD1 Keeping the Good Stuff In: Confdential Information Firewalling with the CRM114
Spam Filter & Text Classifer
William Yerazunis
WD2 Hacking Oracle From Web Apps
Sumit Siddharth
WD3 Token Kidnappings Revenge
Cesar Cerrudo
TURBO (CONT.) (DISC 8)
WEB APPS (DISC 8)
WHERE THE DATA LIVES (DISC 8)
WD4 Hacking and Protecting Oracle Database Vault
Esteban Martinez Fayo
WD5 Cryptographic Agility: Defending Against the Sneakers Scenario
Bryan Sullivan
WHERE THE DATA LIVES (CONT.) (DISC 8)