Day One - 28th July 2010

09:00 Augustus Ballroom Keynote: Jane Holl Lute - Deputy Secretary, Department of Homeland Security
TRACK //Programmatic //OS Wars //Infrastructure //Reverse Engineering //Mobile //Executive //Cyber War & Peace //Malware
//Network //Bug Collecting //Special Events
ROOM Milano 1+2+3+4 Milano 5+6+7+8 Roman Augustus 1+2 Augustus 3+4 Pompeiian Florentine Augustus 5+6 Forum 24 Neopolitan 1+2+3+4 Forum 25
1000 - 1100 Long Le:
Payload Already Inside: Data Re-Use for ROP exploits
Scott Stender,Rachel Engel, Brad Hill:
Attacking Kerberos Deployments
Ben Feinstein, Jeff Jarmoc & Dan King:
The Emperor Has No Clothes: Insecurities in Security Infrastructure
Jeongwook Oh:
ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
Similar Talk @ Defcon: August 1st 16:00
Base Jumping: Attacking GSM Base Station Systems and Mobile Phone Base Bands
Optimizing the Security Researcher and CSO Relationship
Wayne Huang, Jack Yu:

Drivesploit: Circumventing both automated AND manual drive-by-download detection
Similar Talk @ Defcon: July 31st 18:00
Nicholas J. Percoco, Jibran Ilyas:
Malware Freak Show 2010: The Client-Side Boogaloo
Similar Talk @ Defcon: July 31st 16:00
Leandro Meiners, Diego Sor:
WPA Migration Mode: WEP is back to haunt you...
Ben Nagy:
Industrial Bug Mining - Extracting, Grading and Enriching the Ore of Exploits
Cloud Security Alliance Summit
1115 - 1230 Nicolas Waisman:
Aleatory Persistent Threat
Hernan Ochoa, Agustin Azubel:
Understanding the Windows SMB NTLM Weak Nonce Vulnerability
Jonathan Pollet, Joe Cummins:
Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters
Charlie Miller, Bitblaze:
Crash Analysis using BitBlaze
David Kane-
More Bugs In More Places: Secure Development On Moble Platforms
Systemic DNS Vulnerabilities and Risk Management: A Discussion with the Experts
Val Smith, Anthony Lai:
Balancing the Pwn Trade Deficit
Greg Hoglund:
Malware Attribution: Tracking Cyber Spies and Digital Criminals
Chris Paget:
Extreme-range RFID tracking
Similar Talk @ Defcon: July 31st 10:00
Christiaan Beek:
Virtual Forensics
Cloud Security Alliance Summit
1345 - 1500 Stephen de Vries:
Hacking Java Clients
Nathan Keltner:
Adventures in Limited User Post Exploitation
James Arlen:
SCADA and ICS for Security Experts: How to avoid Cyberdouchery
Similar Talk @ Defcon: July 31st 15:00
Barnaby Jack:
Jackpotting Automated Teller Machines Redux
Similar Talk @ Defcon: July 31st 11:00
Anthony Lineberry, Timothy
Wyatt & David Richardson:
These Aren't the Permissions You're Looking For
Similar Talk @ Defcon: July 31st 15:00
General Michael Hayden:
Cyber war...Are we at war? And if we are, how should we fight it?
One on One interview with General Michael Hayden
Chris Sumner:
Social Networking Special Ops: Extending Data Visualization Tools for faster Pwnage
Similar Talk @ Defcon: August 1st 16:00
Neil Daswani:
mod_antimalware: A Novel Apache Module for Containing web-based Malware Infections
Enno Rey, Daniel Mende:
Burning Asgard - What happens when Loki breaks free
Raj Umadas, Jeremy Alleny:
Network Stream Debugging with Mallory
Cloud Security Alliance Summit
1515 - 1630 Lurene Grenier, Richard Johnson:
Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research
olle b:
Standing on the Shoulders of the Blue Monster: Hardening Windows Applications
Dan Kaminsky:
Black Ops Of Fundamental Defense: Web Edition
Similar Talk @ Defcon: July 30th 19:00
Matthieu Suiche:
Blue Screen Of the Death is Dead.
Vincenzo Iozzo, Ralf-Philipp Weinmann, Tim Kornau:
Everybody be cool this is a roppery!
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community
Tom Parker:
Finger Pointing for Fun, Profit and War?
Patrick Thomas:
BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing
Similar Talk @ Defcon: July 30th 17:00
Nate Lawson:
Exploiting Timing Attacks in Widespread Systems
Arshan Dabirsiaghi:
JavaSnoop: How to Hack Anything Written in Java
Hacker Court
1645 - 1800 Mariano Nuñez Di Croce:
SAP Backdoors: A Ghost at the Heart of Your Business
Alex Hutton, Allison Miller:
Ushering in the Post-GRC World: Applied Threat Modeling

Shawn Moyer and Nathan Keltner:
Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios
Similar Talk @ Defcon: July 31st 14:00
Chris Tarnovsky:
Semiconductor Security Awareness, Today and Yesterday
Kevin Mahaffey, John Hering:
App Attack: Surviving the Mobile Application Explosion
Similar Talk @ Defcon: July 31st 11:00
Security Innovation Network Panel: Connecting Buyers, Builders, and the Research Community
Thomas Ryan:
Getting In Bed With Robin Sage
Fyodor Vaskovitch:
Mastering the Nmap Scripting Engine
Similar Talk @ Defcon: July 30th 13:00
Kenton Born:
PSUDP: A Passive Approach to Network-Wide Covert Communication
Meredith L. Patterson, Len Sassaman:
Exploiting the Forest with Trees
Hacker Court (cont.)

Day Two - 29th July 2010

08:50 Augustus Ballroom Keynote: General (ret.) Michael Hayden
TRACK //Web Apps //Exploitation //Where the Data Lives //Privacy //Cloud Virtualization //Turbo //Client Side //Meet the Feds //Big Picture //Reverse Engineering Redux //Special Events
ROOM Milano 1+2+3+4 Augustus 1+2 Roman Milano 5+6+7+8 Augustus 3+4 Florentine Augustus 5+6 Pompeiian Forum 24 Neopolitan 1+2+3+4 Forum 25
1000 - 1100 Nathan Hamiel, Marcin Wielgoszewski:
Constricting the Web: Offensive Python for Web Hackers
Similar Talk @ Defcon: August 1st 11:00
Haroon Meer:
Memory Corruption Attacks: The (almost) Complete History...
William Yerazunis:
Keeping the Good Stuff In: Confidential Information Firewalling with the CRM114 Spam Filter & Text Classifier
Moxie Marlinspike:
New Threats to Privacy
Similar Talk @ Defcon: July 31st 10:00
Christofer Hoff:
Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity
David Kennedy, Joshua Kelley:
Microsoft Powershell - It's time to own
Similar Talk @ Defcon: August 1st 12:00

Jeremiah Grossman:
Breaking Browsers: Hacking Auto-Complete
Craig Heffner:
How to Hack Millions of Routers
Similar Talk @ Defcon: July 31st 16:00
Ivan Ristic:
State of SSL on the Internet: 2010 Survey, Results and Conclusions Routers
Rich Smith:
pyREtic - Reversing obfuscated Python bytecode & live Python objects
Similar Talk @ Defcon: July 31st 14:00
Breakout Session:
Regional Collegiate Cyberdefense Competition

1115 - 1230 Stefan Esser:
Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits
Julien Tinnes, Tavis Ormandy:
There's a party at Ring0 (and you're invited)
Sumit Siddharth:
Hacking Oracle From Web Apps
Similar Talk @ Defcon: July 30th 17:00
Tom Cross:
Unauthorized Internet Wiretapping: Exploiting Lawful Intercept
Grant Bugher:
Secure Use of Cloud Storage
Mikko Hypponen:
You Will be Billed $90,000 for This Call
Alex Hutton, Allison Miller:
Ushering in the Post-GRC World: Applied Threat Modeling
Robert Hansen, Josh Sokol:
HTTPS Can Byte Me
Policy, Privacy, Deterrence and Cyber War
Gunter Ollmann:
Becoming the six-million-dollar man
Sergey Bratus, Greg Conti:
Voyage of the Reverser: A Visual Study of Binary Species
Lee Kushner, Mike Murray:
Your Careeer = Your Business
1345 - 1500 David Byrne, Charles Henderson:
GWT Security: Don't Get Distracted by Bright Shiny Objects
Dino Dai Zovi:
Return-Oriented Exploitation
Cesar Cerrudo:
Token Kidnapping's Revenge
Similar Talk @ Defcon: July 30th 13:00
Tiffany Rad:
The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this
Intellectual Property Legislation Chills Research, Disclosure and Innovation
Claudio Criscione:
Virtually Pwned: Pentesting Virtualization
Paul Vixie:
ISC SIE Passive DNS vs. Apache Cassandra
Similar Talk @ Defcon: July 30th 10:00

Jason Raber, Jason Cheatham:
Reverse Engineering with Hardware Debuggers
Blitzableiter - the Release
Human Intel
Ryan Smith:
Defenseless in Depth
Mario Vuksan, Tomas Pericin:
TitanMist: Your First Step to Reversing Nirvana
Lee Kushner:
Things You Wanted To Know But Were Afraid To Ask About Managing Your Information Security Career
1515 - 1630 Samy Kamkar:
How I Met Your Girlfriend
Similar Talk @ Defcon: August 1st 13:00
Chris Valasek:
Understanding the Low-
Fragmentation Heap: From Allocation to Exploitation
Esteban Martinez Fayo:
Hacking and protecting Oracle Database Vault
Similar Talk @ Defcon: July 30th 19:00
Karsten Nohl:
Attacking Phone Privacy
Quynh Nguyen Anh:
Virt-ICE: Next Generation Debugger for Malware Analysis
Patrick Engebretson, Josh Pauli & Kyle Cronin:
SpewPAL: How capturing and replaying attack traffic can save your IDS
Andrew Becherer:
Hadoop Security Design? Just Add Kerberos? Really?
Nick Harbour:
The Black Art of Binary Hijacking
Shreeraj Shah:
Hacking Browser's DOM - Exploiting Ajax and RIA
Ex-Fed Confessions
Steve Ocepek, Charles Henderson:
Need a hug? I'm secure.
Rami Kawach:
NEPTUNE: Dissecting Web-based Malware via Browser and OS Instrumentation
1645 - 1800 Chris Eng, Brandon Creighton:
Deconstructing ColdFusion
Tim Shelton:
Advanced AIX Heap Exploitation Methods
Bryan Sullivan:
Cryptographic Agility: Defending Against the Sneakers Scenario
Don Bailey, Nicholas DePetrillo:
Carmen Sandiego is On the Run!
Georg Wicherski:
dirtbox: a Highly Scalable x86/Windows Emulator
Richard Rushing:
USB - HID, The Hacking Interface Design
Marco Slaviero:
Lifting the Fog
Michael Davis:
Security is Not a Four Letter Word
Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt:
Bad Memories
Similar Talk @ Defcon: July 30th 18:00
Meet the Feds Reception
Rob Ragan:
Lord of the Bing: Taking back search engine hacking from Google and Bing
Damiano Bolzoni, Christiaan Schade:
Goodware drugs for malware: on-the-fly malware analysis and containment
ISSA (cont.)

Info/Contents © Def Con/Black Hat - All Info Subject To Change - Additions/Mistakes/Hassle: fully (at)