Palace Ballroom 1

Keynote: A Story About Digital Security in 2017
Richard Clarke

Augustus Ballroom 1

Keynote: The NSA Information Assurance Directorate and the National Security Community
Tony Sager

Break & Booksigning with Richard Clarke, author of "Breakpoint"

Voice Services Security

The Network

Kernel Down

Application Security

Forensics & Anti-Forensics

Zero Day Attack

Privacy & Anonymity

Cool Stuff

Human Network

Augustus 5+6

Augustus 3+4

Augustus 1+2

Palace 1

Palace 2

Palace 3

Tiberius Ballroom 1+2+5+6

Tiberius Ballroom 3+4+7+8

Claudius 3+4

Something Old (H.323), Something New (IAX), Something Hollow (Security), and Something Blue (VoIP Administrators)

Himanshu Dwivedi & Zane Lackey

Black Ops 2007: Design Reviewing The Web

Dan Kaminksy

OpenBSD Remote Exploit

Alfredo Ortega

Intranet Invasion With Anti-DNS Pinning

David Byrne

A Picture's Worth...

Dr. Neal Krawetz

Understanding the Heap by Breaking It

Justin N. Ferguson

Traffic Analysis—The Most Powerful and Least Understood Attack Methods

Jon Callas, Raven Alder, Riccardo Bettati & Nick Mathewson

Kick Ass Hypervisoring: Windows Server Virtualization

Brandon Baker

Z-Phone

Phil Zimmermann

PISA: Protocol Identification via Statistical Analysis

Rohit Dhamankar & Rob King

Don't Tell Joanna, The Virtualized Rootkit Is Dead

Thomas Ptacek & Nate Lawson

Hacking Intranet Websites from the Outside (Take 2)—"Fun With and Without JavaScript Malware"

Jeremiah Grossman & Robert Hansen

Database Forensics

David Litchfield

Remote and Local Exploitation of Network Drivers

Yuriy Bulygin

Anonymous Authentication— Preserving Your Privacy Online

Dr. Andrew Lindell

It's All About The Timing

Haroon Meer & Marco Slaviero

VoIP Security: Methodology and Results

Barrie Dempster

OpenID: Single Sign-On for the Internet

Eugene Tsyrklevich & Vlad Tsyrklevich

Kernel Wars

Joel Eriksson, Christer Öberg, Claes Nyberg & Karl Janmar

Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

Brad Hill

SQL Server Database Forensics

Kevvie Fowler

Timing Attacks for Recovering Private Entries From Database Engines

Ariel Waissbein & Damian Saura

Securing the Tor Network

Mike Perry

Tactical Exploitation (Part 1)

Transparent Weaknesses in VoIP

Peter Thermos

Closed

Attacking the Windows Kernel

Jonathan Lindsay

Premature Ajax-ulation

Bryan Sullivan & Billy Hoffman

Blackout: What Really Happened...

Jamie Butler & Kris Kendall

Dangling Pointer

Jonathan Afek

Tor and Blocking-resistance

Roger Dingledine

Tactical Exploitation (Part 2)

HD Moore & Valsmith

Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones

Krishna Kurapati

NACATTACK

Dror-John Roecher & Michael Thumann

IsGameOver(), anyone?

Joanna Rutkowska & Alexander Tereshkin

CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript

Ben Feinstein & Daniel Peck

Breaking Forensics Software: Weaknesses in Critical Evidence Collection

Chris Palmer, Tim Newsham, Alex Stamos & Chris Ridder

Other Wireless: New ways of being Pwned

Luis Miras

Anonymity and its Discontents

Len Sassaman

Observing the Tidal Waves of Malware

Stefano Zanero

Executive Women's Forum

Panel

Hosted Gala Reception: Eat, Drink, Network and be Merry! Location: Palace Tower Promenade

Johnny Long presents "No-Tech Hacking" in Palace 1 beginning at 18:15.
Hacker Court in Palace 2 beginning at 18:15

Reception sponsored by

19:00 - 22:00

Good Stuff

Hardware

Reverse Engineering

Fuzzing & Testing

Application Security

Zero Day Defense

Policy, Management and the Law

Human Network

Turbo Talks

Augustus 5+6

Augustus 3+4

Augustus 1+2

Palace 2

Palace 1

Palace 3

Tiberius Ballroom 1+2+5+6

Claudius 3+4

Tiberius Ballroom 3+4+7+8

Keynote: The Psychology of Security
Bruce Schneier

Vista Network Attack Surface Analysis and Teredo Security Implications

Jim Hoagland

Hacking the Extensible Firmware Interface

John Heasman

Covert Debugging: Circumventing Software Armoring Techniques

Danny Quist & Valsmith

Exposing Vulnerabilities in Media Software

David Thiel

Building and Breaking the Browser

Window Snyder & Mike Shaver

Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook

David Maynor & Robert Graham

Computer and Internet Security Law—A Year in Review 2006–2007

Robert W. Clark

Closed

Social Network Site Data Mining

Stephen Patton

10:00 - 10:20

Point, Click, RTPInject

Zane Lackey, & Alex Garbutt

10:30 - 10:50

Stealth Secrets of the Malware Ninjas

Nick Harbour

Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation

Andrea Barisani & Daniele Bianco

The Art of Unpacking

Mark Vincent Yason

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing

Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch

The Little Hybrid Web Worm that Could

Billy Hoffman & John Terrill

A Dynamic Technique for Enhancing the Security and Privacy of Web Applications

Ezequiel D. Gutesman & Ariel Waissbein

Disclosure and Intellectual Property Law: Case Studies

Jennifer Granick

Meet the VCs

Panel

Just Another Windows Kernel Perl Hacker

Joe Stewart

11:15 - 11:35

The Security Analytics Project: Alternatives in Analysis

Mark Ryan del Moral Talabis

11:45 - 12:05

Unforgivable Vulnerabilities

Steve Christey

12:15 - 12:35

Estonia: Information Warfare and Strategic Lessons

Gadi Evron

RFIDIOts!!!– Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)

Adam Laurie

PyEmu: A multi-purpose scriptable x86 emulator

Cody Pierce

Blind Security Testing—An Evolutionary Approach

Scott Stender

Active Reversing: The Next Generation of Reverse Engineering

Greg Hoglund

Sphinx: An Anomaly-based Web Intrusion Detection System

Damiano Bolzoni & Emmanuel Zambon

Greetz from Room 101

Kenneth Geers

Spyware 2010: Center for Democracy & Technology Anti-Spyware Coalition

Panel

Reflection DNS Poisoning

Jerry Schneider

13:45 - 14:05

Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage

Jeff Morin

14:15 - 14:35

Hacking Capitalism

Dave G., & Jeremy Rauch

14:45 - 15:05

Meet the Fed

Jim Christy

Strengths and Weaknesses of Access Control Systems

Eric Schmiedl & Mike Spindel

Breaking C++ Applications

Mark Dowd, John McDonald, Neel Mehta

Fuzzing Sucks! (or Fuzz it Like you Mean it!)

Pedram Amini & Aaron Portnoy

Heap Feng Shui in JavaScript

Alexander Sotirov

(un)Smashing the Stack

Shawn Moyer

Building an Effective Application Security Practice on a Shoestring Budget

David Coffey & John Viega

Defeating Information Leak Prevention

Eric Monti & Dan Moniz

Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004–2007

Greg Wroblewski

15:15 - 15:35

Longhorn Server Foundation & Server Roles

Iain McDonald

15:45 - 16:05

Practical Sandboxing - Techniques for Isolating Processes

David LeBlanc

16:15 - 16:35

Status of Cell Phone Malware in 2007

Mikko Hypponen

Side Channel Attacks (DPA) and Countermeasures for Embedded Systems

Job De Haas

Reversing C++

Paul Vincent Sabanal

Iron Chef Blackhat

Brian Chess, Jacob West, Sean Fay & Toshinari Kureha

Defeating Web Browser Heap Spray Attacks

Stephan Chenette & Moti Joseph

Static Detection of Application Backdoors

Chris Wysopal & Chris Eng

Smoke 'em Out!

Rohyt Belani & Keith Jones

Ethics Challenge!

Panel

Hacking Leopard: Tools and techniques for attacking the newest Mac OS X

Charlie Miller

16:45 - 17:05

RFID for Beginners++

Chris Paget

17:15 - 17:35

Reverse Engineering Automation with Python

Ero Carrera

17:45 - 18:05