|
09:00 Augustus Ballroom Keynote: Jane Holl Lute - Deputy Secretary, Department of Homeland Security
|
| TRACK |
//Programmatic |
//OS Wars |
//Infrastructure |
//Reverse Engineering |
//Mobile |
//Executive |
//Cyber War & Peace |
//Malware
+Fingerprinting |
//Network |
//Bug Collecting |
//Special Events |
| ROOM |
Milano 1+2+3+4 |
Milano 5+6+7+8 |
Roman |
Augustus 1+2 |
Augustus 3+4 |
Pompeiian |
Florentine |
Augustus 5+6 |
Forum 24 |
Neopolitan 1+2+3+4 |
Forum 25 |
|
1000 - 1100 |
Long Le:
Payload Already Inside: Data Re-Use for ROP exploits |
Scott Stender,Rachel Engel, Brad Hill:
Attacking Kerberos Deployments |
Ben Feinstein, Jeff Jarmoc & Dan King:
The Emperor Has No Clothes: Insecurities in Security Infrastructure |
Jeongwook Oh:
ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
Similar Talk @ Defcon: August 1st 16:00
|
Grugq:
Base Jumping: Attacking GSM Base Station Systems and Mobile Phone Base Bands |
Panel:
Optimizing the Security Researcher and CSO Relationship |
Wayne Huang, Jack Yu:
Drivesploit: Circumventing both automated AND manual drive-by-download detection
Similar Talk @ Defcon: July 31st 18:00
|
Nicholas J. Percoco, Jibran Ilyas:
Malware Freak Show 2010: The Client-Side Boogaloo
Similar Talk @ Defcon: July 31st 16:00
|
Leandro Meiners, Diego Sor:
WPA Migration Mode: WEP is back to haunt you... |
Ben Nagy:
Industrial Bug Mining - Extracting, Grading and Enriching the Ore of
Exploits |
Cloud Security Alliance Summit
|
|
1115 - 1230 |
Nicolas Waisman:
Aleatory Persistent Threat |
Hernan Ochoa, Agustin Azubel:
Understanding the Windows SMB NTLM Weak Nonce Vulnerability
|
Jonathan Pollet, Joe Cummins:
Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters |
Charlie Miller, Bitblaze:
Crash Analysis using BitBlaze |
David Kane-
Parry:
More Bugs In More Places: Secure Development On Moble Platforms |
Panel:
Systemic DNS Vulnerabilities and Risk Management: A Discussion with the Experts |
Val Smith, Anthony Lai:
Balancing the Pwn Trade Deficit |
Greg Hoglund:
Malware Attribution: Tracking Cyber Spies and Digital Criminals |
Chris Paget:
Extreme-range RFID tracking
Similar Talk @ Defcon: July 31st 10:00
|
Christiaan Beek:
Virtual Forensics |
Cloud Security Alliance Summit
|
|
1345 - 1500 |
Stephen de Vries:
Hacking Java Clients |
Nathan Keltner:
Adventures in Limited User Post Exploitation |
James Arlen:
SCADA and ICS for Security Experts: How to avoid Cyberdouchery
Similar Talk @ Defcon: July 31st 15:00
|
Barnaby Jack:
Jackpotting Automated Teller Machines Redux
Similar Talk @ Defcon: July 31st 11:00
|
Anthony Lineberry, Timothy
Wyatt & David Richardson:
These Aren't the Permissions You're Looking For
Similar Talk @ Defcon: July 31st 15:00
|
General Michael Hayden:
Cyber war...Are we at war? And if we are, how should we fight it?
Interview:
One on One interview with General Michael Hayden
|
Chris Sumner:
Social Networking Special Ops: Extending Data Visualization Tools for faster Pwnage
Similar Talk @ Defcon: August 1st 16:00 |
Neil Daswani:
mod_antimalware: A Novel Apache Module for Containing web-based Malware Infections
|
Enno Rey, Daniel Mende:
Burning Asgard - What happens when Loki breaks free |
Raj Umadas, Jeremy Alleny:
Network Stream Debugging with Mallory |
Cloud Security Alliance Summit |
|
1515 - 1630 |
Lurene Grenier, Richard Johnson:
Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research |
olle b:
Standing on the Shoulders of the Blue Monster: Hardening Windows Applications |
Dan Kaminsky:
Black Ops Of Fundamental Defense:
Web Edition
Similar Talk @ Defcon: July 30th 19:00
|
Matthieu Suiche:
Blue Screen Of the Death is Dead. |
Vincenzo Iozzo, Ralf-Philipp Weinmann, Tim
Kornau:
Everybody be cool this is a roppery! |
Panel:
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community |
Tom Parker:
Finger Pointing for Fun, Profit and War? |
Patrick Thomas:
BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing
Similar Talk @ Defcon: July 30th 17:00
|
Nate Lawson:
Exploiting Timing Attacks in Widespread Systems |
Arshan Dabirsiaghi:
JavaSnoop: How to Hack Anything Written in Java |
Panel:
Hacker Court |
|
1645 - 1800 |
Mariano Nuñez Di Croce:
SAP Backdoors: A Ghost at the Heart of Your Business |
Alex Hutton, Allison Miller:
Ushering in the Post-GRC World: Applied Threat Modeling
|
Shawn Moyer and Nathan Keltner:
Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios
Similar Talk @ Defcon: July 31st 14:00 |
Chris Tarnovsky:
Semiconductor Security Awareness, Today and Yesterday
|
Kevin Mahaffey, John Hering:
App Attack: Surviving the Mobile Application Explosion
Similar Talk @ Defcon: July 31st 11:00
|
Panel:
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community |
Thomas Ryan:
Getting In Bed With Robin Sage |
Fyodor Vaskovitch:
Mastering the Nmap Scripting Engine
Similar Talk @ Defcon: July 30th 13:00
|
Kenton Born:
PSUDP: A Passive Approach to Network-Wide Covert Communication |
Meredith L. Patterson, Len Sassaman:
Exploiting the Forest with Trees |
Panel:
Hacker Court (cont.) |
|
08:50 Augustus Ballroom Keynote: General (ret.) Michael Hayden
|
| TRACK |
//Web Apps |
//Exploitation |
//Where the Data Lives |
//Privacy |
//Cloud Virtualization |
//Turbo |
//Client Side |
//Meet the Feds |
//Big Picture |
//Reverse Engineering Redux |
//Special Events |
| ROOM |
Milano 1+2+3+4 |
Augustus 1+2 |
Roman |
Milano 5+6+7+8 |
Augustus 3+4 |
Florentine |
Augustus 5+6 |
Pompeiian |
Forum 24 |
Neopolitan 1+2+3+4 |
Forum 25 |
|
1000 - 1100 |
Nathan Hamiel, Marcin Wielgoszewski:
Constricting the Web: Offensive Python for Web Hackers
Similar Talk @ Defcon: August 1st 11:00
|
Haroon Meer:
Memory Corruption Attacks: The (almost) Complete History... |
William Yerazunis:
Keeping the Good Stuff In: Confidential Information Firewalling with the CRM114 Spam Filter & Text Classifier |
Moxie Marlinspike:
New Threats to Privacy
Similar Talk @ Defcon: July 31st 10:00
|
Christofer Hoff:
Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity |
David Kennedy, Joshua Kelley:
Microsoft Powershell - It's time to own
Similar Talk @ Defcon: August 1st 12:00
Jeremiah Grossman:
Breaking Browsers: Hacking Auto-Complete |
Craig Heffner:
How to Hack Millions of Routers
Similar Talk @ Defcon: July 31st 16:00
|
Panel:
CSI: TCP/IP |
Ivan Ristic:
State of SSL on the Internet: 2010 Survey, Results and Conclusions Routers |
Rich Smith:
pyREtic - Reversing obfuscated Python bytecode & live Python objects
Similar Talk @ Defcon: July 31st 14:00 |
Breakout Session:
Regional Collegiate Cyberdefense Competition
|
|
1115 - 1230 |
Stefan Esser:
Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits
|
Julien Tinnes, Tavis Ormandy:
There's a party at Ring0 (and you're invited) |
Sumit Siddharth:
Hacking Oracle From Web Apps
Similar Talk @ Defcon: July 30th 17:00 |
Tom Cross:
Unauthorized Internet Wiretapping: Exploiting Lawful Intercept |
Grant Bugher:
Secure Use of Cloud Storage |
Mikko Hypponen:
You Will be Billed $90,000 for This Call
Alex Hutton, Allison Miller:
Ushering in the Post-GRC World: Applied Threat Modeling |
Robert Hansen, Josh Sokol:
HTTPS Can Byte Me |
Panel:
Policy, Privacy, Deterrence and Cyber War |
Gunter Ollmann:
Becoming the six-million-dollar man |
Sergey Bratus, Greg Conti:
Voyage of the Reverser: A Visual Study of Binary Species |
Lee Kushner, Mike Murray:
Your Careeer = Your Business
|
|
1345 - 1500 |
David Byrne, Charles Henderson:
GWT Security: Don't Get Distracted by Bright Shiny Objects |
Dino Dai Zovi:
Return-Oriented Exploitation |
Cesar Cerrudo:
Token Kidnapping's Revenge
Similar Talk @ Defcon: July 30th 13:00
|
Tiffany Rad:
The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this
Intellectual Property Legislation Chills Research, Disclosure and Innovation |
Claudio Criscione:
Virtually Pwned: Pentesting Virtualization |
Paul Vixie:
ISC SIE Passive DNS vs. Apache Cassandra
Similar Talk @ Defcon: July 30th 10:00
Jason Raber, Jason Cheatham:
Reverse Engineering with Hardware Debuggers |
FX:
Blitzableiter - the Release |
Panel:
Human Intel |
Ryan Smith:
Defenseless in Depth |
Mario Vuksan, Tomas Pericin:
TitanMist: Your First Step to Reversing Nirvana |
Lee Kushner:
Things You Wanted To Know But Were Afraid To Ask About Managing Your Information Security Career
|
|
1515 - 1630 |
Samy Kamkar:
How I Met Your Girlfriend
Similar Talk @ Defcon: August 1st 13:00
|
Chris Valasek:
Understanding the Low-
Fragmentation Heap: From Allocation to Exploitation |
Esteban Martinez Fayo:
Hacking and protecting Oracle Database Vault
Similar Talk @ Defcon: July 30th 19:00
|
Karsten Nohl:
Attacking Phone Privacy |
Quynh Nguyen Anh:
Virt-ICE: Next Generation Debugger for Malware Analysis |
Patrick Engebretson, Josh Pauli & Kyle Cronin:
SpewPAL: How capturing and replaying attack traffic can save your IDS
Andrew Becherer:
Hadoop Security Design? Just Add Kerberos? Really?
Nick Harbour:
The Black Art of Binary Hijacking |
Shreeraj Shah:
Hacking Browser's DOM - Exploiting Ajax and RIA |
Panel:
Ex-Fed Confessions |
Steve Ocepek, Charles Henderson:
Need a hug? I'm secure. |
Rami Kawach:
NEPTUNE: Dissecting Web-based Malware via Browser and OS Instrumentation |
Panel:
ISSA
|
|
1645 - 1800 |
Chris Eng, Brandon Creighton:
Deconstructing ColdFusion |
Tim Shelton:
Advanced AIX Heap Exploitation Methods |
Bryan Sullivan:
Cryptographic Agility: Defending Against the Sneakers Scenario |
Don Bailey, Nicholas DePetrillo:
Carmen Sandiego is On the Run! |
Georg Wicherski:
dirtbox: a Highly Scalable x86/Windows Emulator |
Richard Rushing:
USB - HID, The Hacking Interface Design
Marco Slaviero:
Lifting the Fog
Michael Davis:
Security is Not a Four Letter Word |
Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt:
Bad Memories
Similar Talk @ Defcon: July 30th 18:00
|
Panel:
Meet the Feds Reception |
Rob Ragan:
Lord of the Bing: Taking back search engine hacking from Google and Bing |
Damiano Bolzoni, Christiaan Schade:
Goodware drugs for malware: on-the-fly malware analysis and containment |
ISSA (cont.)
|