Black Hat USA 2013 - Wednesday, July 31
09:00
Alexander
KEYNOTE - DAY ONE
10:15
Young
MAINFRAMES: THE PAST WILL COME BACK TO HAUNT YOU
Weinmann
BLACKBERRYOS 10 FROM A SECURITY PERSPECTIVE
Bolshev, Chastuhin
WITH BIGDATA COMES BIG RESPONSIBILITY: PRACTICAL EXPLOITING OF MDX INJECTIONS
Wang, Xu
NEW TRENDS IN FASTFLUX NETWORKS
Prince
LESSONS FROM SURVIVING A 300GBPS DENIAL OF SERVICE ATTACK
Reidy
COMBATING THE INSIDER THREAT AT THE FBI: REAL WORLD LESSONS LEARNED
Dudley
BEYOND THE APPLICATION: CELLULAR PRIVACY REGULATION SPACE
Gorenc, Spelman
JAVA EVERY-DAYS: EXPLOITING SOFTWARE RUNNING ON 3 BILLION DEVICES
McNamee
HOW TO BUILD A SPYPHONE
Bathurst, Carey
METHODOLOGIES FOR HACKING EMBEDDED SECURITY APPLIANCES
10:45
Saxe
CROWDSOURCE: AN OPEN SOURCE, CROWD TRAINED MACHINE LEARNING MODEL FOR MALWARE CAPABILITY DETECTION
Hofmann, Opsahl
LEGAL CONSIDERATIONS FOR CELLULAR RESEARCH
11:45
Abad, Acevedo, Soeder
BLACK-BOX ASSESSMENT OF PSEUDORANDOM ALGORITHMS
Blanchou
SHATTERING ILLUSIONS IN LOCK-FREE WORLDS: COMPILER/HARDWARE BEHAVIORS IN OSES AND VMS
O'Flynn
POWER ANALYSIS ATTACKS FOR CHEAPSKATES
Nixon
DENYING SERVICE TO DDOS PROTECTION SERVICES
Hofmann
WHAT SECURITY RESEARCHERS NEED TO KNOW ABOUT ANTI-HACKING LAW
Davi, Snow
JUST-IN-TIME CODE REUSE: THE MORE THINGS CHANGE, THE MORE THEY STAY THE SAME
Bazhaniuk, Bulygin, Furtak
A TALE OF ONE SOFTWARE BYPASS OF WINDOWS 8 SECURE BOOT
Daigniere
TLS 'SECRETS'
Grossman, Johansen
MILLION BROWSER BOTNET
12:15
Aumasson
PASSWORD HASHING: THE FUTURE IS NOW
Masse
DENIAL OF SERVICE AS A SERVICE - ASYMMETRICAL WARFARE AT ITS FINEST
14:15
Geffner
END-TO-END ANALYSIS OF A DOMAIN GENERATING ALGORITHM MALWARE FAMILY
Jungles, Simos
PASS THE HASH AND OTHER CREDENTIAL THEFT AND REUSE: MITIGATING THE RISK OF LATERAL MOVEMENT AND PRIVILEGE ESCALATION
Radcliffe
FACT AND FICTION: DEFENDING YOUR MEDICAL DEVICES
Hui, Lee, Miu
UNIVERSAL DDOS MITIGATION BYPASS
Clark
LEGAL ASPECTS OF FULL SPECTRUM COMPUTER NETWORK (ACTIVE) DEFENSE
Butterworth, Kallenberg, Kovah
BIOS SECURITY
DePerry, Rahimi, Ritter
I CAN HEAR YOU NOW: TRAFFIC INTERCEPTION AND REMOTE MOBILE PHONE CLONING WITH A COMPROMISED CDMA FEMTOCELL
Blaze, Davidson, Kahle, Valentino-DeVries
LAWFUL ACCESS PANEL
Levomäki, Niemi
EVADING DEEP INSPECTION FOR FUN AND SHELL
Esparza
PDF ATTACK: A JOURNEY FROM THE EXPLOIT KIT TO THE SHELLCODE
15:30
Patnaik, Sahoo
JAVASCRIPT STATIC SECURITY ANALYSIS MADE EASY WITH JSPRIME
Just, Li, Li, Nguyen
HOW TO GROW A TREE (TAINT-ENABLED REVERSE ENGINEERING ENVIRONMENT) FROM CBASS (CROSS-PLATFORM BINARY AUTOMATED SYMBOLIC-EXECUTION SYSTEM)
MacPherson, Temmingh
MALTEGO TUNGSTEN AS A COLLABORATIVE ATTACK PLATFORM
Chittenden, Gomes
UNTWINING TWINE
Brodie, Shaulov
A PRACTICAL ATTACK AGAINST MDM SOLUTIONS
Geffner
TOR... ALL-THE-THINGS!
Christey, Martin
BUYING INTO THE BIAS: WHY VULNERABILITY STATISTICS SUCK
Akhawe
CLICKJACKING REVISITED: A PERCEPTUAL VIEW OF UI SECURITY
Porter, Smith
LET'S GET PHYSICAL: BREAKING HOME SECURITY SYSTEMS AND BYPASSING BUILDINGS CONTROLS
16:00
Gupta
LTE BOOMS WITH VULNERABILITIES
Pironti, Smyth
TRUNCATING TLS CONNECTIONS TO VIOLATE BELIEFS IN WEB APPLICATIONS
Cole
OPSEC FAILURES OF SPIES
17:00
Barnett, Wroblewski
THE WEB IS VULNERABLE: XSS DEFENSE ON THE BATTLEFRONT
Sumner, Wald
PREDICTING SUSCEPTIBILITY TO SOCIAL BOTS ON TWITTER
Calhoun, Hanif, Trost
BINARYPIG - SCALABLE MALWARE ANALYTICS IN HADOOP
Lee, Yee
SMASHING THE FONT SCALER ENGINE IN WINDOWS KERNEL
Stone
PIXEL PERFECT TIMING ATTACKS WITH HTML5
Nohl
ROOTING SIM CARDS
Allodi, Massacci
HOW CVSS IS DOSSING YOUR PATCHING POLICY (AND WASTING YOUR MONEY)
Thomas
HIDING @ DEPTH - EXPLORING, SUBVERTING AND BREAKING NAND FLASH MEMORY
Jang, Lau, Song
MACTANS: INJECTING MALWARE INTO IOS DEVICES VIA MALICIOUS CHARGERS
Opsahl
TOWN HALL MEETING: CFAA REFORM STRATEGY
17:30
Haruyama, Suzuki
MALICIOUS FILE FOR EXPLOITING FORENSIC SOFTWARE
Black Hat USA 2013 - Thursday, August 1
09:00
Muirhead
KEYNOTE - TAKE RISK, DON’T FAIL
10:15
Kennedy, Muttik
CMX: IEEE CLEAN FILE METADATA EXCHANGE
Campbell, Duckwall
PASS-THE-HASH 2: THE ADMIN'S REVENGE
Peck
ABUSING WEB APIS THROUGH SCRIPTED ANDROID APPLICATIONS
Wilhoit
THE SCADA THAT DIDN'T CRY WOLF- WHO'S REALLY ATTACKING YOUR ICS DEVICES- PART DEUX!
Roth
MOBILE ROOTKITS: EXPLOITING AND ROOTKITTING ARM TRUSTZONE
Barisani, Bianco
FULLY ARBITRARY 802.3 PACKET INJECTION: MAXIMIZING THE ETHERNET ATTACK SURFACE
Ryan
BLUETOOTH SMART: THE GOOD, THE BAD, THE UGLY, AND THE FIX!
Fouladi, Ghanoun
HONEY, I’M HOME!! - HACKING Z-WAVE HOME AUTOMATION SYSTEMS
Ptacek, Ritter, Samuel, Stamos
THE FACTORING DEAD: PREPARING FOR THE CRYPTOPOCALYPSE
10:45
Jakobsson, Stewart
MOBILE MALWARE: WHY THE TRADITIONAL AV PARADIGM IS DOOMED AND HOW TO USE PHYSICS TO DETECT UNDESIRABLE ROUTINES
Arpaia, Barry
BIG DATA FOR WEB APPLICATION SECURITY
11:45
Coldwind, Jurczyk
BOCHSPWN: IDENTIFYING 0-DAYS VIA SYSTEM-WIDE MEMORY ACCESS PATTERN ANALYSIS
Brunschwiler
ENERGY FRAUD AND ORCHESTRATED BLACKOUTS: ISSUES WITH WIRELESS METERING PROTOCOLS (WM-BUS)
Shekyan, Shema, Toukharian
DISSECTING CSRF ATTACKS & COUNTERMEASURES
Chiu, Kan, Wu, Yarochkin
HUNTING THE SHADOWS: IN DEPTH ANALYSIS OF ESCALATED APT ATTACKS
Grattafiori, Yavor
THE OUTER LIMITS: HACKING THE SAMSUNG SMART TV
Davis
REVEALING EMBEDDED FINGERPRINTS: DERIVING INTELLIGENCE FROM USB STACK INTERACTIONS
Kohlenberg, Shkatov
UART THOU MAD?
Forristal
ANDROID: ONE ROOT TO OWN THEM ALL
Costello, Cui, Stolfo
STEPPING P3WNS: ADVENTURES IN FULL-SPECTRUM EMBEDDED EXPLOITATION (AND DEFENSE!)
14:15
Albuquerque, Espinhara
USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER
Bu, Singh
HOT KNIVES THROUGH BUTTER: BYPASSING AUTOMATED ANALYSIS SYSTEMS
Healey
ABOVE MY PAY GRADE: CYBER RESPONSE AT THE NATIONAL LEVEL
Salgado
') UNION SELECT `THIS_TALK` AS ('NEW OPTIMIZATION AND OBFUSCATION TECHNIQUES’)%00
Forner, Meixell
OUT OF CONTROL: DEMONSTRATING SCADA DEVICE EXPLOITATION
Sevinsky
FUNDERBOLT: ADVENTURES IN THUNDERBOLT DMA ATTACKS
Pericin, Vuksan
PRESS ROOT TO CONTINUE: DETECTING OSX AND WINDOWS BOOTKITS WITH RDFU
Kershaw, Ossmann, Spill
WHAT'S ON THE WIRE? PHYSICAL LAYER TAPPING WITH PROJECT DAISHO
Jack
IMPLANTABLE MEDICAL DEVICES: HACKING HUMANS
Grand
JTAGULATOR: ASSISTED DISCOVERY OF ON-CHIP DEBUG INTERFACES
15:30
O'Connor
CREEPYDOL: CHEAP, DISTRIBUTED STALKING
Williams
POST EXPLOITATION OPERATIONS WITH CLOUD SYNCHRONIZATION SERVICES
Raber
VIRTUAL DEOBFUSCATOR - A DARPA CYBER FAST TRACK FUNDED EFFORT
Fiterman
IS THAT A GOVERNMENT IN YOUR NETWORK OR ARE YOU JUST HAPPY TO SEE ME?
Apa, Penagos
COMPROMISING INDUSTRIAL FACILITIES FROM 40 MILES AWAY
Brown
RFID HACKING: LIVE FREE OR RFID HARD
Gluck, Harris, Prado
SSL, GONE IN 30 SECONDS - A BREACH BEYOND CRIME
Heffner
EXPLOITING NETWORK SURVEILLANCE CAMERAS LIKE A HOLLYWOOD HACKER
Lee
HACKING, SURVEILLING, AND DECEIVING VICTIMS ON SMART TV
17:00
Quynh
OPTIROP: HUNTING FOR ROP GADGETS IN STYLE
Pinto
DEFENDING NETWORKS WITH INCOMPLETE INFORMATION: A MACHINE LEARNING APPROACH
Keltner, Thomas
TERIDIAN SOC EXPLOITATION: EXPLORATION OF HARVARD ARCHITECTURE SMART GRID SYSTEMS
Cesare
BUGALYZE.COM - DETECTING BUGS USING DECOMPILATION AND DATA FLOW ANALYSIS
Radocea, Wicherski
HACKING LIKE IN THE MOVIES: VISUALIZING PAGE TABLES FOR LOCAL EXPLOITATION
Bryan, Crowley, Savage
HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
Osborn, Ossmann
MULTIPLEXED WIRED ATTACK SURFACES
Nakibly
OWNING THE ROUTING TABLE - PART II
James, Krebs
SPY-JACKING THE BOOTERS


Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.