TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... At the 2007 Black Hat Briefings in Las Vegas, TippingPoint DVLabs had five speakers presenting on a variety of topics.

BlackHat USA 2009 Talk Choices

This year's upcoming Black Hat presentations are the best collection of new talks I've seen there in some time.  The quality and variety of new security research being presented is of a level that excites me to actually attend the conference this year (in addition to the parties this time). If I could physically be in three places at once I would. Leave a comment if you feel there is a talk I've left out.

Luckily my entire team (Aaron, Ali, Cameron and Cody) is attending the conference this year, so we'll be able to split up the talks and fill each other in at the end of the day. Here is a list of presentations not to miss:

Day One
  • 10:00 Billy Hoffman & Matt Wood: Veiled - A Browser Based Darknet
  • 10:00 John McDonald & Chris Valasek: Practical Windows XP/2003 Heap Exploitation
  • 11:15 Andrea Barisani & Daniele Bianco: Sniff keystrokes with Lasers / Voltmeters
  • 11:15 Dino Dai Zovi: Advanced Mac OS X Rootkits
  • 13:45 I'm going to take a pass on this track, combine it with lunch and hang out by the pool.
  • 15:15 Mark Dowd, Ryan Smith & David Dewey: The Language of Trust
  • 15:15 Stefan Esser: State of the Art Post Exploitation in Hardened PHP Environments
  • 16:45 Thomas Ptacek, David Goldsmith & Jeremy Rauch: Hacking Capitalism '09
  • 16:45 Alexander Tereshkin & Rafal Wojtczuk: Introducing Ring -3 Rootkits
  • 18:00 Gala Reception. I've traditionally never attended the gala reception before but I think I will this time. I've heard great things about Johnny Long as a speaker so I can catch my first talk with him and of course... the Pwnie awards.
Day Two
  • 10:00 Zane Lackey & Luis Miras: Attacking SMS
  • 10:00 Rafal Wojtczuk & Alexander Tereshkin: Attacking Intel Bios
  • 11:15 Charlie Miller & Collin Mulliner: Fuzzing the Phone in your Phone
  • 11:15 Nick Harbour: Win at Reversing
  • 13:45 Grand, Appelbaum & Tarnovsky: "Smart" Parking Meter Implementations, Globalism, and You
  • 15:15 Kostya Kortchinsky: Cloudburst - Hacking 3D and Breaking out of VMware
  • 15:15 K. Chen: Reversing and Exploiting an Apple Firmware Update
  • 16:45 Iozzo & Miller: Post Exploitation Bliss - Loading Meterpreter on a Factory iPhone
  • 16:45 Mario Vuksan & Tomislav Pericin: Fast & Furious Reverse Engineering with TitanEngine
If you're looking for a new age way to select the talks you want to attend and generate a schedule, check out https://blackhat09.sched.org/ which my good friend (and BlackHat Reverse Engineering co-trainer) Ero Carrera pointed out to me today during class.
Tags:
Published On: 2009-07-26 20:27:48

Comments post a comment

  1. John D. commented on 2009-07-27 @ 18:56

    Thanks for the class over the weekend! Great Course!

  2. Anthony Lai, Hong Kong commented on 2009-07-29 @ 01:54

    Will you hold the course in BH next year? I missed it, man.

  3. Anonymous commented on 2009-08-01 @ 09:13

    Will you be posting comments/reviews of the talks at Blackhat that you attended? Thanks!

  4. Dave Libershal commented on 2009-08-03 @ 08:26

    I agree - the technical level of the talks was very good. This was my first BlackHat and I found it very productive.
    I especially liked the talk by Fx on Cisco Router Exploitation.
    Weaponizing the Web by Hamiel and Moyer focused on Cross Site Request Forgery (CSRF).
    They mentioned that this is not a new topic - there is a Dynamic CSRF paper - "Cross-Site Request Forgeries" by Peter Watkins from 2001. The best source I can find today is his draft posting at http://www.tux.org/~peterw/csrf.txt
    I also attended a talk on Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade by Alex Stannos and others. It provided ample risk issues to consider. I had never looked into this concept before - except that my first impression was that I didn't like storing data on someone else's site. But I learned that there is more than that at risk in Cloud Computing - such as insuffient authentication with poor password reqts. and insufficient auditing and logging. Plus legal issues re searches w/o data owner's knowledge.
    The session on hacking San Francisco parking meter SmartCards was super. As was the following session on reverse engineering chips - What the Hell is Inside There? - by Chris Tarnovsky (he had also participated in the San Francisco project). Chris is really bright and very interested in this work as was apparent from his talk.

  5. Pedram Amini commented on 2009-08-05 @ 11:53

    @Anthony Lai: Actually this was the last time Ero and I will be teaching this course. We are working on completely new materials for next year.

    @Anonymous: Once everyone on my team full recovers from the Vegas festivities we'll probably put some form of review together and post.

  6. Anonymous commented on 2009-08-14 @ 15:12

    Please post your comments on the two talks by Alexander and Rafal.

  7. Pedram Amini commented on 2009-09-03 @ 18:49

    @Anonymous: Unfortunately I personally missed Alexander and Rafal's talk. Maybe someone else can chime in.

  8. ทำบุญวันเกิด commented on 2009-09-20 @ 10:55

    The session on hacking San Francisco parking meter SmartCards as super. Chris is really bright and very interested in this work as was apparent from his talk.

  9. Anonymous commented on 2009-10-12 @ 18:40

    did u guys ever post a review of the black hat talks u went to?

  10. Pedram Amini commented on 2009-10-24 @ 12:26

    @Anonymous: Apologies but unfortunately no. Was side tracked with other work and now the concept is a bit stale.


Links To This Post

  1. BlackHat recap « ReversingLabs | Blog
    linked on 2009-08-12 @ 05:18 Show Comment

    ... and exciting code. First of all, thanks to all that have made it to our talk and have been asking us in hallways at Black Hat and Defcon to give them demos. Quite a few blog entries and tweets have covered our talk. You can read more here, here and here.   We had a very good time slot, the last Reversing talk of the conference, but on the down side had to compete against Bruce Schneier, Mikko Hyppönen’s expose of Conficker and IOActive’s hyped-up tear-down of the U.S. Energy system. Needless to say, even with a very tough competition we had a very decent turn out and a thunderous applause.   Several thousand people have already downloaded the TitanEngine, and the initial feedback is very good. We are hoping to hear more from malware analysts, vulnerability researchers ...


Trackback