Black Hat USA 2014 - Wednesday, August 6
09:00
Geer
CYBERSECURITY AS REALPOLITIK
10:15
Blanchou, Solnik
CELLULAR EXPLOITATION ON A GLOBAL SCALE: THE RISE AND FALL OF THE CONTROL PROTOCOL
Forshaw
DIGGING FOR IE11 SANDBOX ESCAPES
Atlasis, Rey
EVASION OF HIGH-END IPS DEVICES IN THE AGE OF IPV6
Riancho
PIVOTING IN AMAZON CLOUDS
Barbosa, Branco
PREVALENT CHARACTERISTICS IN MODERN MALWARE
Oh
REVERSE ENGINEERING FLASH MEMORY FOR FUN AND BENEFIT
FitzPatrick
SECSI PRODUCT DEVELOPMENT: TECHNIQUES FOR ENSURING SECURE SILICON APPLIED TO OPEN-SOURCE VERILOG PROJECTS
Delignat-Lavaud
THE BEAST WINS AGAIN: WHY TLS KEEPS FAILING TO PROTECT HTTP
Conti, Cross, Raymond
THE LIBRARY OF SPARTA
Lackey
API SECURITY ROUNDTABLE: LESSONS LEARNED IN API SECURITY
10:50
Lindh
ATTACKING MOBILE BROADBAND MODEMS LIKE A CRIMINAL WOULD
11:45
Miller, Valasek
A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES
Jakobsson
HOW TO WEAR YOUR PASSWORD
Demay, Lebrun, Picod
BRINGING SOFTWARE DEFINED RADIO TO THE PENETRATION TESTING COMMUNITY
Ragan, Salazar
CLOUDBOTS: HARVESTING CRYPTO COINS LIKE A BOTNET FARMER
Kruegel
FULL SYSTEM EMULATION: ACHIEVING SUCCESSFUL AUTOMATED DYNAMIC ANALYSIS OF EVASIVE MALWARE
Sprundel
WINDOWS KERNEL GRAPHICS DRIVER ATTACK SURFACE
Fu, Ling, Yue
MY GOOGLE GLASS SEES YOUR PASSWORDS!
Holcomb
NETWORK ATTACHED SHELL: N.A.S.TY SYSTEMS THAT STORE NETWORK ACCESSIBLE SHELLS
Jones
GOVERNMENT POLICY ROUNDTABLE: UNDERSTANDING THE NIST RISK MANAGEMENT FRAMEWORK
12:20
Li, Li
DEFEATING THE TRANSPARENCY FEATURE OF DBI
Forristal
ANDROID FAKEID VULNERABILITY WALKTHROUGH
14:15
Litchfield
ORACLE DATA REDACTION IS BROKEN
Zaichkowsky
POINT OF SALE SYSTEM ARCHITECTURE AND SECURITY
Tarakanov
DATA-ONLY PWNING MICROSOFT WINDOWS KERNEL: EXPLOITATION OF KERNEL POOL OVERFLOWS ON MICROSOFT WINDOWS 8.1
Breen
MOBILE DEVICE MISMANAGEMENT
Lehmann, Sadeghi
THE BEAST IS IN YOUR MEMORY: RETURN-ORIENTED PROGRAMMING ATTACKS AGAINST MODERN CONTROL-FLOW INTEGRITY PROTECTION TECHNIQUES
Hay, Reuille
UNVEILING THE OPEN SOURCE VISUALIZATION ENGINE FOR BUSY HACKERS
Beitnes
OPENSTACK CLOUD AT YAHOO SCALE: HOW TO AVOID DISASTER
Hypponen
GOVERNMENTS AS MALWARE AUTHORS: THE NEXT GENERATION
Ozavci
VOIP WARS: ATTACK OF THE CISCO PHONES
Bailey, Lanier
EMBEDDED DEVICES ROUNDTABLE: EMBEDDING THE MODERN WORLD, WHERE DO WE GO FROM HERE?
14:50
Li
APT ATTRIBUTION AND DNS PROFILING
Weis
PROTECTING DATA IN-USE FROM FIRMWARE AND PHYSICAL ATTACKS
15:30
Rios
PULLING BACK THE CURTAIN ON AIRPORT SECURITY: CAN A WEAPON GET PAST TSA?
Pinto
SECURE BECAUSE MATH: A DEEP-DIVE ON MACHINE LEARNING-BASED MONITORING
Lders
WHY CONTROL SYSTEM CYBER-SECURITY SUCKS...
Fu, Ling, Pearce, Thomas, Yue
MULTIPATH TCP: BREAKING TODAY'S NETWORKS WITH TOMORROW'S PROTOCOLS
Bankston, Ford, Hofmann
THE BIG CHILL: LEGAL LANDMINES THAT STIFLE SECURITY RESEARCH AND HOW TO DISARM THEM
Hirvonen
DYNAMIC FLASH INSTRUMENTATION FOR FUN AND PROFITĖ€
Mulliner
FINDING AND EXPLOITING ACCESS CONTROL VULNERABILITIES IN GRAPHICAL USER INTERFACES
Rosenberg
REFLECTIONS ON TRUSTING TRUSTZONE
Sood
WHAT GOES AROUND COMES BACK AROUND - EXPLOITING FUNDAMENTAL WEAKNESSES IN BOTNET C&C PANELS!
Lewis
CERTIFICATIONS ROUNDTABLE: THE QUEST FOR VALUE
16:05
Saxe
A SCALABLE, ENSEMBLE APPROACH FOR BUILDING AND VISUALIZING DEEP CODE-SHARING NETWORKS OVER MILLIONS OF MALICIOUS BINARIES
17:00
Cesare
BREAKING THE SECURITY OF PHYSICAL DEVICES
Cohen
CONTEMPORARY AUTOMATIC PROGRAM ANALYSIS
Drake
RESEARCHING ANDROID DEVICE SECURITY WITH THE HELP OF A DROID ARMY
Jang, Lee, Wang
ABUSING PERFORMANCE OPTIMIZATION WEAKNESSES TO BYPASS ASLR
Antoniewicz
802.1X AND BEYOND!
Belov, Kamluk, Sacco
COMPUTRACE BACKDOOR REVISITED
Molina
LEARN HOW TO CONTROL EVERY ROOM AT A LUXURY HOTEL REMOTELY: THE DANGERS OF INSECURE HOME AUTOMATION DEPLOYMENT
Ottenheimer
BABAR-IANS AT THE GATE: DATA PROTECTION AT MASSIVE SCALE
Ford
RESPONSIBLE DISCLOSURE ROUNDTABLE: YOU MAD BRO?
17:35
Hu, Lau
HOW TO LEAK A 100-MILLION-NODE SOCIAL GRAPH IN JUST ONE WEEK? - A REFLECTION ON OAUTH AND API DESIGN IN ONLINE SOCIAL NETWORKS
Black Hat USA 2014 - Thursday, August 7
09:00
Lell, Nohl
BADUSB - ON ACCESSORIES THAT TURN EVIL
Kouns, Price
EPIDEMIOLOGY OF SOFTWARE VULNERABILITIES: A STUDY OF ATTACK SURFACE SPREAD
Diquet
IT JUST (NET)WORKS: THE TRUTH ABOUT IOS 7'S MULTIPEER CONNECTIVITY FRAMEWORK
Thomas
REVERSE-ENGINEERING THE SUPRA IBOX: EXPLOITATION OF A HARDENED MSP430-BASED DEVICE
Yu
WRITE ONCE, PWN ANYWHERE
Lanier, Lum
STAY OUT OF THE KITCHEN: A DLP SECURITY BAKE-OFF
Williams
I KNOW YOUR FILTERING POLICY BETTER THAN YOU DO: EXTERNAL ENUMERATION AND EXPLOITATION OF EMAIL AND WEB SECURITY SOLUTIONS
Bambenek, James
THE NEW SCOURGE OF RANSOMWARE: A STUDY OF CRYPTOLOCKER AND ITS FRIENDS
Anderson
HOW SMARTCARD PAYMENT SYSTEMS FAIL
Iozzo, Zatko
MOBILE SECURITY ROUNDTABLE: WHAT DOES MOBILE SECURITY LOOK LIKE TODAY? WHAT WILL IT LOOK LIKE TOMORROW?
09:35
Mesbahi, Swinnen
ONE PACKER TO RULE THEM ALL: EMPIRICAL IDENTIFICATION, COMPARISON, AND CIRCUMVENTION OF CURRENT ANTIVIRUS DETECTION TECHNIQUES
Spring, Vixie
ABUSE OF CPE DEVICES AND RECOMMENDED FIXES
10:15
Stamos
BUILDING SAFE SYSTEMS AT SCALE - LESSONS FROM SIX MONTHS AT YAHOO
Wei, Zhang
SIDEWINDER TARGETED ATTACK AGAINST ANDROID IN THE GOLDEN AGE OF AD LIBS
Chechik, Hayak
BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE
Bolshev, Cherbov
ICSCORSAIR: HOW I WILL PWN YOUR ERP THROUGH 4-20 MA CURRENT LOOP
Healey
SAVING CYBERSPACE
Brodie, Shaulov
A PRACTICAL ATTACK AGAINST VDI SOLUTIONS
Koca, Luft
WHEN THE LIGHTS GO OUT: HACKING CISCO ENERGYWISE
Cornwell, Kallenberg, Kovah
EXTREME PRIVILEGE ESCALATION ON WINDOWS 8/UEFI SYSTEMS
Geers, Thompson
LEVIATHAN: COMMAND AND CONTROL COMMUNICATIONS ON PLANET EARTH
Radcliffe
MEDICAL DEVICES ROUNDTABLE: IS THERE A DOCTOR IN THE HOUSE? SECURITY AND PRIVACY IN THE MEDICAL WORLD
10:50
Trost
THREAT INTELLIGENCE LIBRARY - A NEW REVOLUTIONARY TECHNOLOGY TO ENHANCE THE SOC BATTLE RHYTHM!
11:45
Butler, Nils
MISSION MPOSSIBLE
Castle
GRR: FIND ALL THE BADNESS, COLLECT ALL THE THINGS
Delpy, Duckwall
ABUSING MICROSOFT KERBEROS: SORRY YOU GUYS DON'T GET IT
Torrey
MORE SHADOW WALKER: THE PROGRESSION OF TLB-SPLITTING ON X86
Jang, Lau, Lee, Wang
EXPLOITING UNPATCHED IOS VULNERABILITIES FOR FUN AND PROFIT
Gluck, Wang
RAVAGE - RUNTIME ANALYSIS OF VULNERABILITIES AND GENERATION OF EXPLOITS
Schloesser
INTERNET SCANNING - CURRENT STATE AND LESSONS LEARNED
Buentello, Hernandez, Jin
SMART NEST THERMOSTAT: A SMART SPY IN YOUR HOME
Gorenc, Spelman
THINKING OUTSIDE THE SANDBOX - VIOLATING TRUST BOUNDARIES IN UNCOMMON WAYS
Mogull
PRAGMATIC SECURITY AUTOMATION ROUNDTABLE
12:20
Sager
FROM ATTACKS TO ACTION - BUILDING A USABLE THREAT MODEL TO DRIVE DEFENSIVE CHOICES
14:15
Ptacek
48 DIRTY LITTLE SECRETS CRYPTOGRAPHERS DON'T WANT YOU TO KNOW
deGraaf
SVG: EXPLOITING BROWSERS WITHOUT IMAGE PARSING BUGS
Larsen
MINIATURIZATION
Devost, Mateski
THE DEVIL DOES NOT EXIST - THE ROLE OF DECEPTION IN CYBER
Mayer, Sandin
TIME TRIAL: RACING TOWARDS PRACTICAL TIMING ATTACKS
Schneier
THE STATE OF INCIDENT RESPONSE
Allen, Jaycox
"NOBODY IS LISTENING TO YOUR PHONE CALLS." REALLY? A DEBATE AND DISCUSSION ON THE NSA'S ACTIVITIES
Johansen
BE MEAN TO YOUR CODE ROUNDTABLE: SECURITY IN THE AGE OF CONTINUOUS INTEGRATION & DEPLOYMENT
14:50
Gallingani
STATIC DETECTION AND AUTOMATIC EXPLOITATION OF INTENT MESSAGE VULNERABILITIES IN ANDROID APPLICATIONS
15:30
Santamarta
SATCOM TERMINALS: HACKING BY AIR, SEA, AND LAND
Bongard
FINGERPRINTING WEB APPLICATION PLATFORMS BY VARIATIONS IN PNG IMPLEMENTATIONS
Hathaway, Myers
WHY YOU NEED TO DETECT MORE THAN PTH
Mahjoub, Reuille, Toonk
CATCHING MALWARE EN MASSE: DNS AND IP STYLE
Balasubramaniyan, Bandyopadhyay, Calhoun
LIFECYCLE OF A PHONE FRAUDSTER: EXPOSING FRAUD ACTIVITY FROM RECONNAISSANCE TO TAKEOVER USING GRAPH ANALYSIS AND ACOUSTICAL ANOMALIES
Borgaonkar, Udar
UNDERSTANDING IMSI PRIVACY
Valtman
A JOURNEY TO PROTECT POINTS-OF-SALE
Johns, Lekies, Stock
CALL TO ARMS: A TALE OF THE WEAKNESSES OF CURRENT CLIENT-SIDE XSS FILTERING
Arsal
SAP, CREDIT CARDS, AND THE BIRD THAT TALKS TOO MUCH
Stratton
SECURITY AND SOFTWARE DEFINED NETWORKING ROUNDTABLE: NEW EXPOSURES OR NEW OPPORTUNITIES?
16:05
Hastings, Kazanciyan
INVESTIGATING POWERSHELL ATTACKS
17:00
Seeber
HACKING THE WIRELESS WORLD WITH SOFTWARE DEFINED RADIO - 2.0
Guiterrez, Komal
UNWRAPPING THE TRUTH: ANALYSIS OF MOBILE APPLICATION WRAPPING SOLUTIONS
Anh
CAPSTONE: NEXT GENERATION DISASSEMBLY FRAMEWORK
Haukli
EXPOSING BOOTKITS WITH BIOS EMULATION
Muttik, Nayshtut
CREATING A SPIDER GOAT: USING TRANSACTIONAL MEMORY SUPPORT FOR SECURITY
Wang
UNDERSTANDING TOCTTOU IN THE WINDOWS KERNEL FONT SCALER ENGINE
Niemczyk, Rao
PROBABILISTIC SPYING ON ENCRYPTED TUNNELS
Wojtczuk
POACHER TURNED GAMEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS
Novikov
THE NEW PAGE OF INJECTIONS BOOK: MEMCACHED INJECTIONS
17:35
Rogers, Rogers, Weaver
BADGER - THE NETWORKED SECURITY STATE ESTIMATION TOOLKIT


Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.