Black Hat USA 2009 //Schedule
Caesars Palace Las Vegas, NV • July 25-30
( Build & Print Your Own Schedule: Click Here )
day one /USA09( JULY 29 )
| 0800 - 0850 |
+ breakfast
|
|||||||||
| 0850 - 0900 | + jeff moss: welcome & introduction to black hat usa 2009 | |||||||||
| 0900 - 0950 | + keynote speaker: douglas c. merrill / augustus ballroom | |||||||||
| TRACK » | //Privacy | //Infrastructure | //Legal: Management | //Rootkits | //Testing/ Exploiting | //Exploitation | //Metasploit | //Panels | //Breakout | LOCATION » | Third Floor Milano Ballroom 5+6+7+8 |
Third Floor Roman Ballroom |
Third Floor Milano Ballroom 1+2+3+4 |
Fourth Floor Augustus Ballroom 1+2 |
Fourth Floor Augustus Ballroom 3+4 |
Fourth Floor Augustus Ballroom 5+6 |
Florentine Ballroom | Pompeian Ballroom | Genoa Ballroom |
| 0950 - 1000 | + break | |||||||||
| 1000 - 1100 |
Billy Hoffman & Matt Wood: Veiled - A Browser Based Darknet |
FX: Router Exploitation |
Rod Beckstrom: Beckstrom's Law |
Peter Kleissner: Stoned Bootkit |
Michael Tracy, Chris Rohlf & Eric Monti: Ruby for Pentesters |
John McDonald & Chris Valasek: Practical Windows XP/2003 Heap Exploitation |
Dino Dai Zovi: Macsploitation with Metasploit Mike Kershaw: Kismet and MSF Chris Gates: Breaking the "Unbreakable" Oracle with Metasploit |
The Laws of Vulnerabilities Research Version 2.0: Comparing Critical Infrastructure Industries |
Hack Your Car with the OpenOtto Project | |
| 1100 - 1115 |
+ coffee service
|
|||||||||
| 1115 - 1230 |
Andrea Barisani & Daniele Bianco: Sniff keystrokes with Lasers /Voltmeters |
Aaron LeMasters & Michael Murphy: Rapid Enterprise Triaging |
Dmitri Alperovitch: Fighting Russian Cybercrime Mobsters |
Dino Dai Zovi: Advanced Mac OS X Rootkits |
Michael Eddington: Demystifying Fuzzers |
Nathan Hamiel & Shawn Moyer: Weaponizing the Web |
Peter Silberman & Steve Davis: Metasploit Autopsy - Reconstructing the Crime Scene |
CSO Panel: Black Hat Strategy Meeting |
||
| 1230 - 1345 | + lunch | |||||||||
| 1345 - 1500 |
Nitesh Dhanjani: Psychotronica |
Graeme Neilson: Netscreen of the Dead |
Tiffany Rad & James Arlen: Your Mind - Legal Status, Rights and Securing Yourself |
Erez Metula: Managed Code Rootkits |
Eduardo Vela Nava & David Lindsay: Our Favorite XSS Filters and How to Attack Them |
Moxie Marlinspike: More Tricks for Defeating SSL |
Egypt: Using Guided Missiles in Drive-Bys - Automatic Browser Fingerprinting |
Analyzing Security Research in the Media |
Watcher: Open Source Web-App Security Testing Project | |
| 1500 - 1515 | + break | |||||||||
| 1515 - 1630 |
Steve Topletz, Jonathan Logan & Kyle Williams: Global Spying |
Dan Kaminsky, Len Sassaman: Something to do with Network Security? |
Cormac Herley: Economics and the Underground Economy |
Jeff Williams: Enterprise Java Rootkits |
Stefan Esser: State of the Art Post Exploitation in Hardened PHP Environments |
Mark Dowd, Ryan Smith & David Dewey: The Language of Trust |
I)ruid: MSF & Telephony Val Smith, Colin Ames & David Kerb: MetaPhish pt. 1 |
DC Panel: Update from Washington |
||
| 1630 - 1645 | + coffee service | |||||||||
| 1645 - 1800 |
Alessandro Acquisti: I just found 10 Million SSNs |
Andrew Fried, Paul Vixie & Christopher Lee: Internet Special Ops |
Jennifer Granick: Computer Crime Year in Review | Alexander Tereshkin, Rafal Wojtczuk: Introducing Ring -3 Rootkits |
Riley Hassell: Exploiting Rich Content |
Joshua "Jabra" Abraham, Robert "RSnake" Hansen: Unmasking You |
Val Smith, Colin Ames & David Kerb: MetaPhish pt. 2 |
VC Panel: Security Business Strategies During a Recession |
OWASP and Critical Infra- structure |
|
| 1800 - 1930 |
+ gala reception
The Gala Reception will take place on the Fourth Floor, Palace Ballroom. 
+ Johnny Long: Me to We »
+ Pwnie Awards: Presentation » The Pwnie AwardsThe Pwnie Awards will return for the third consecutive year to the BlackHat USA conference in Las Vegas. The award ceremony will take place during the BlackHat reception on July 29, 2009 and the organizers promise an extravagant show.The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the wider security community in the past year. Nominations are currently accepted in nine award categories:
The deadline for nominations is Wed, July 15. [ Submit nominations here by Wed, July 15: http://pwnie-awards.org [ Pwnie Awards updates on Twitter: http://twitter.com/PwnieAwards |
|||||||||
day two /USA09( JULY 30 )
| 0800 - 0850 |
+ breakfast
|
|||||||||
| 0850 - 0950 | + keynote speaker: robert lentz / augustus ballroom | |||||||||
| TRACK » | //Hardware | //Reverse Engineering | //Cloud/Virtualization | //Mobile | //Random | //Turbo | //Panels | //Breakout | ||
| LOCATION » | Third Floor Milano Ballroom 5+6+7+8 |
Fourth Floor Augustus Ballroom 1+2 |
Fourth Floor Augustus Ballroom 3+4 |
Third Floor Milano Ballroom 1+2+3+4 |
Fourth Floor Augustus Ballroom 5+6 |
Third Floor Roman Ballroom |
Pompeian Ballroom |
Genoa Ballroom | ||
| 0950 - 1000 | + break | |||||||||
| 1000 - 1100 |
Rafal Wojtczuk, Alexander Tereshkin: Attacking Intel® Bios |
Jeongwook Oh: Fight Against 1-Day Exploits |
Alex Stamos, Andrew Becherer & Nathan Wilcox: Cloud Computing Models and Vulnerabilities - Raining on the Trendy New Parade |
Zane Lackey, Luis Miras: Attacking SMS |
Datagram: Lockpicking Forensics |
Alfredo Ortega: Deactivate the Rootkit Kevin Stadmeyer: Worst of the Best of the Best |
Hacker Court | OWASP ModSecurity | ||
| 1100 - 1115 | + coffee service | |||||||||
| 1115 - 1230 |
Travis Goodspeed: A 16-bit Rootkit and Second Generation Zigbee Chips |
Nick Harbour: Win at Reversing |
Matt Conover: SADE: Injecting agents in to VM guest OS |
Charlie Miller, Collin Mulliner: Fuzzing the Phone in your Phone |
Jeremiah Grossman, Trey Ford: Mo' Money Mo' Problems |
Daniel Raygoza: Automated Malware Similarity Analysis Chris Weber: Unraveling Unicode |
Hacker Court con't | |||
| 1230 - 1345 |
+ lunch
|
|||||||||
| 1345 - 1500 |
Joe Grand, Jacob Appelbaum & Chris Tarnovsky: "Smart" Parking Meter Implementations, Globalism, and You |
Danny Quist, Lorie Liebrock: Reverse Engineering by Crayon |
Haroon Meer, Nick Arvanitis & Marco Slaviero: Clobbering the Cloud! |
Kevin Mahaffey, Anthony Lineberry & John Hering: Is Your Phone Pwned? |
Hristo Bojinov, Elie Bursztein & Dan Boneh: Embedded Management Interfaces |
Bryan Sullivan: Defensive Rewriting Rachel Engel: Gizmo Tony Flick: Hacking the Smart Grid |
Closed Roundtable Discussion | |||
| 1500 - 1515 | + break | |||||||||
| 1515 - 1630 |
Chris Tarnovsky: What the hell is inside there? |
K. Chen: Reversing and Exploiting an Apple® Firmware Update |
Kostya Kortchinsky: Cloudburst - Hacking 3D and Breaking out of VMware |
Jesse Burns: Exploratory Android Surgery |
Alexander Sotirov & Mike Zusman: Breaking the Security Myths of Extended Validation SSL Certificates |
Marc Bevand: MD5 Collisions Steve Ocepek: Long-Term Sessions - This Is Why We Can't Have Nice Things Peter Guerra: How Economics and Information Security Affects Cyber Crime |
Meet the Feds: Feds vs. Ex-Feds |
ACS: Cross-browser Content Security Policy | ||
| 1630 - 1645 |
+ ice cream sundae social
|
|||||||||
| 1645 - 1800 |
Mike Davis: Recoverable Advanced Metering Infrastructure |
Mario Vuksan & Tomislav Pericin: Fast & Furious Reverse Engineering with TitanEngine |
Bruce Schneier: Reconceptualizing Security |
Vincenzo Iozzo & Charlie Miller: Post Exploitation Bliss - Loading Meterpreter on a Factory iPhone |
Bill Blunden: Anti-Forensics: The Rootkit Connection |
Michael Brooks: BitTorrent hacks Mikko Hypponen: The Conficker Mystery Muhaimin Dzulfakar: Advanced MySQL Exploitation |
A Black Hat Vulnerability Risk Assessment |
18:15 // iPhone 3.x Exploitation: Pitfalls, Challenges, and Solutions |
||
|
please note that the schedule is subject to change for either day
|
||||||||||