| 08:50 | welcome & introduction to black hat usa 2011 |
|
| 09:00 | Keynote |
|
| 10:00 |
Bailey
|
War Texting: Identifying and Interacting with Devices on the Telephone Network |
Daniels,
Grattafiori,
Stamos
|
Macs in the Age of the APT |
|
Roth
|
Analyzing SPDY: Getting to know the new web protocol |
|
McCoy
|
Hacking .Net Applications: The Black Arts |
|
Nohl,
Tarnovsky
|
Reviving smart card analysis |
|
Cui,
Kataria,
Stolfo
|
Killing the Myth of Cisco IOS Diversity: Towards Reliable, Large-Scale Exploitation of Cisco IOS |
|
Pericin,
Vuksan
|
Constant Insecurity: Things you didn't know about (PE) Portable Executable file format |
|
| 10:30 |
LeMasters
|
Heap spray detection with Heap Inspector |
| 11:15 |
Nakibly
|
Owning the Routing Table - New OSPF Attacks |
Pan,
Tsai
|
Weapons of Targeted Attack: Modern Document Exploit Techniques |
|
Johansen,
Osborne
|
Hacking Google Chrome OS |
|
Ivintskiy,
Rohlf
|
Attacking Clientside JIT Compilers |
|
McNabb
|
Vulnerabilities of Wireless Water Meter Networks |
|
Kennedy,
Muttik
|
IEEE Software Taggant System |
|
Physical Memory Forensics for Cache |
||
| 11:40 |
Costa
|
The Troika of E-Discovery: Ethics, ESI, and Expertise in a Web 2.0 World |
| 12:05 |
Belenko
|
Overcoming IOS Data Protection to Re-enable iPhone Forensics |
| 13:45 |
Kaminsky
|
Black Ops of TCP/IP 2011 |
Wolf
|
The Rustock Botnet Takedown |
|
Sullivan
|
Server-Side JavaScript Injection: Attacking NoSQL and Node.js |
|
Mandt
|
Windows Hooks of Death: Kernel Attacks Through User-Mode Callbacks |
|
Beresford
|
Exploiting Siemens Simatic S7 PLCs |
|
Moussouris
|
From Redmond with Love! |
|
Bursztein,
Fontarensky,
Martin,
Picod
|
Beyond files undeleting: OWADE |
|
| 14:20 |
Skehan
|
SSH as the next back door. Are you giving hackers root access? |
| 15:15 |
Borgaonkar,
Golde,
Redon
|
Femtocells: A poisonous needle in the operator's hay stack |
datagram
|
Tamper Evident Seals - Design and Security |
|
Shah
|
Reverse Engineering Browser Components - Dissecting and Hacking Silverlight, HTML 5 and Flex |
|
Dai Zovi
|
Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption |
|
Giannetsos
|
Spy-Sense: Spyware Tool for executing Stealthy Exploits against Sensor Networks |
|
Ristic
|
The Ultimate Study of Real-Life SSL Issues |
|
McGrew
|
Covert Post-Exploitation Forensics With Metasploit |
|
| 15:40 |
Raber
|
Function Rerouting from Kernel Land "Hades" |
| 16:05 |
Kiani
|
OAuth - Securing the Insecure |
| 16:45 |
Dinaburg
|
Bit-squatting: DNS Hijacking without exploitation |
Perkins,
Tassey
|
Aerial Cyber Apocalypse: If we can do it... they can too. |
|
Brown,
Ragan
|
Pulp Google Hacking - The Next Generation Search Engine Hacking Arsenal |
|
Sabanal,
Yason
|
Playing In The Reader X Sandbox |
|
Le,
Nguyen
|
ARM exploitation ROPmap |
|
Clark
|
Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulns |
|
Brossard
|
Post Memory Corruption Memory Analysis |
|
| 17:10 |
Anstis
|
Affiliate Programs: Legitimate Business or Fuelling Cybercrime? |
| 17:35 |
Cache
|
PPI-Geolocation: The next generation of 802.11 visualization and geo-location |
| 08:50 | Keynote |
|
| 10:00 |
Clark
|
Legal Aspects of Cybersecurity - (AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my |
Elhage
|
Virtualization under attack: Breaking out of KVM |
|
Arkin,
Grossman,
Hutton,
Johnson,
Lane
|
Trillions of Lines of Code and Counting - Securing Applications At Scale |
|
Abraham,
Eston,
Johnson
|
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers |
|
Davis
|
USB - Undermining Security Barriers |
|
Paget
|
Microsoft Vista: NDA-less The Good, The Bad, and The Ugly |
|
Hassell,
Macaulay
|
Hacking Androids for Profit |
|
| 11:15 |
Granick
|
The Law of Mobile Privacy and Security |
Sutton
|
Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers |
|
Ormandy
|
Sophail: A Critical Analysis of Sophos Antivirus |
|
Slaviero
|
Sour Pickles |
|
Miller
|
Battery Firmware Hacking |
|
Thieme
|
Staring into the Abyss: The Dark Side of Secuirity and Professional Intelligence |
|
Esser
|
Exploiting the iOS Kernel |
|
| 13:45 |
Marlinspike
|
SSL And The Future Of Authenticity |
Schuetz
|
Inside Apple's MDM Black Box |
|
Arlen
|
Security When Nano-seconds Count |
|
Ptacek
|
Crypto for Pentesters |
|
Ose
|
Exploiting USB Devices with Arduino |
|
Bailey,
Dai Zovi,
DePetrillo,
Lineberry,
Miller,
Shields,
Weinmann,
Wysopal
|
Owning Your Phone at Every Layer - A Mobile Security Panel |
|
| 15:15 |
Acquisti
|
Faces Of Facebook - Or, How The Largest Real ID Database In The World Came To Be |
Polyakov
|
A Crushing Blow At The Heart of SAP J2EE Engine |
|
Yamaguchi
|
Vulnerability Extrapolation or 'Give me more Bugs like that, please!' |
|
Engler,
Fleischer,
Hamiel,
Law
|
Smartfuzzing The Web: Carpe Vestra Foramina |
|
Radcliffe
|
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System |
|
Lineberry,
Strazzere,
Wyatt
|
Don't Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle |
|
| 16:45 |
Chamales
|
Lives On The Line: Defending Crisis Maps in Libya, Sudan, and Pakistan |
Litchfield
|
Hacking and Forensicating an Oracle Database Server |
|
Britton,
Willis
|
Sticking to the Facts: Scientific Study of Static Analysis Tools |
|
Balduzzi
|
Automated Detection of HPP Vulnerabilities in Web Applications |
|
Barisani,
Bianco,
Franken,
Laurie
|
Chip & PIN is definitely broken |
|
Daswani
|
Mobile Malware Madness, and How To Cap the Mad Hatters |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.