• A

  • ADVANCED ARM EXPLOITATION

    Stephen Lawler, Stephen Ridley
    Wed, 10:15 - 11:15
    Palace I - Mobile

  • ADVENTURES IN BOUNCERLAND

    Nicholas J. Percoco, Sean Schulte
    Wed, 17:00 - 18:00
    Palace I - Mobile

  • AMF TESTING MADE EASY!

    Luca Carettoni
    Thu, 11:45 - 12:45
    Augustus I+II - Web Apps

  • AN INTERVIEW WITH NEAL STEPHENSON

    Neal Stephenson
    Thu, 09:00 - 10:00
    Augustus I+II

  • ARE YOU MY TYPE? - BREAKING .NET SANDBOXES THROUGH SERIALIZATION

    James Forshaw
    Wed, 15:30 - 16:30
    Palace III - Breaking Things

  • A SCIENTIFIC (BUT NON ACADEMIC) STUDY OF HOW MALWARE EMPLOYS ANTI-DEBUGGING, ANTI-DISASSEMBLY AND ANTI-VIRTUALIZATION TECHNOLOGIES

    Rodrigo Rubira Branco
    Thu, 10:15 - 11:15
    Augustus V+VI - Mobile

  • A STITCH IN TIME SAVES NINE: A CASE OF MULTIPLE OPERATING SYSTEM VULNERABILITY

    Rafal Wojtczuk
    Wed, 10:15 - 11:15
    Palace II - Breaking Things
  • B

  • BLACK OPS

    Dan Kaminsky
    Wed, 11:45 - 12:45
    Augustus III+IV - Defining the Scope

  • BLENDED THREATS AND JAVASCRIPT: A PLAN FOR PERMANENT NETWORK COMPROMISE

    Josh Brashars, Phil Purviance
    Thu, 15:30 - 16:30
    Augustus I+II - Web Apps
  • C

  • CATCHING INSIDER DATA THEFT WITH STOCHASTIC FORENSICS

    Jonathan Grier
    Thu, 10:15 - 11:15
    Palace I - Enterprise Intrigue

  • CHANGING THE SECURITY PARADIGM....TAKING BACK YOUR NETWORK AND BRINGING PAIN TO THE ADVERSARY

    Shawn Henry
    Wed, 09:00 - 10:00
    Augustus I+II

  • CLONEWISE - AUTOMATED PACKAGE CLONE DETECTION

    Silvio Cesare
    Thu, 15:30 - 16:30
    Palace I - Enterprise Intrigue

  • CONFESSIONS OF A WAF DEVELOPER: PROTOCOL-LEVEL EVASION OF WEB APPLICATION FIREWALLS

    Ivan Ristic
    Wed, 11:45 - 12:45
    Romans I-IV - Gnarly Problems

  • CONTROL-ALT-HACK(TM): WHITE HAT HACKING FOR FUN AND PROFIT (A COMPUTER SECURITY CARD GAME)

    Tamara Denning, Tadayoshi Kohno, Adam Shostack
    Wed, 14:15 - 15:15
    Palace II - Defense

  • CUTECATS.EXE AND THE ARAB SPRING

    Morgan Marqis-Boire
    Wed, 14:15 - 14:35
    Augustus III+IV - Defining the Scope
  • D

  • DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS

    Loukas K
    Thu, 11:45 - 12:45
    Augustus V+VI - Mobile

  • DEX EDUCATION: PRACTICING SAFE DEX

    Tim Strazzere
    Thu, 14:15 - 15:15
    Augustus V+VI - Malware

  • DIGGING DEEP INTO THE FLASH SANDBOXES

    Paul Sabanal, Mark Yason
    Thu, 14:15 - 15:15
    Romans I-IV - Mass Effect

  • DON'T STAND SO CLOSE TO ME: AN ANALYSIS OF THE NFC ATTACK SURFACE

    Charlie Miller
    Wed, 14:15 - 14:35
    Palace I - Mobile
  • E

  • EASY LOCAL WINDOWS KERNEL EXPLOITATION

    Cesar Cerrudo
    Thu, 17:00 - 18:00
    Palace II - 92.2% Market Share

  • EMBEDDED DEVICE FIRMWARE VULNERABILITY HUNTING USING FRAK

    Ang Cui
    Thu, 14:35 - 14:55
    Palace III - Over the Air and In The Device

  • ERRATA HITS PUBERTY: 13 YEARS OF CHAGRIN

    Jericho
    Wed, 15:30 - 16:30
    Augustus III+IV - Defining the Scope

  • EXCHANGING DEMANDS

    Peter Hannay
    Thu, 14:15 - 15:15
    Palace II - 92.2% Market Share

  • EXPLOITING THE JEMALLOC MEMORY ALLOCATOR: OWNING FIREFOX'S HEAP

    Patroklos Argyroudis, Chariton Karamitas
    Wed, 11:45 - 12:45
    Palace III - Breaking Things

  • EXPLOIT MITIGATION IMPROVEMENTS IN WIN 8

    Ken Johnson, Matt Miller
    Wed, 17:00 - 18:00
    Palace II - Defense
  • F

  • FILE DISINFECTION FRAMEWORK: STRIKING BACK AT POLYMORPHIC VIRUSES

    Tomislav Pericin, Mario Vuksan
    Wed, 10:15 - 11:15
    Romans I-IV - Gnarly Problems

  • FIND ME IN YOUR DATABASE: AN EXAMINATION OF INDEX SECURITY

    David Litchfield
    Thu, 11:45 - 12:45
    Palace I - Enterprise Intrigue

  • FLOWERS FOR AUTOMATED MALWARE ANALYSIS

    Paul Royal, Chengyu Song
    Thu, 17:00 - 18:00
    Augustus V+VI - Malware

  • FROM THE IRISCODE TO THE IRIS: A NEW VULNERABILITY OF IRIS RECOGNITION SYSTEMS

    Javier Galbally
    Wed, 17:00 - 18:00
    Pompeian - Applied Workshop II
  • G

  • GHOST IS IN THE AIR(TRAFFIC)

    Javier Galbally
    Wed, 17:00 - 18:00
    Augustus V+VI - Lower Layers

  • GOOGLE NATIVE CLIENT - ANALYSIS OF A SECURE BROWSER PLUGIN SANDBOX

    Chris Rohlf
    Wed, 11:45 - 12:45
    Augustus I+II - Upper Layers
  • H

  • HACKING THE CORPORATE MIND: USING SOCIAL ENGINEERING TACTICS TO IMPROVE ORGANIZATIONAL SECURITY ACCEPTANCE

    James Philput
    Thu, 17:00 - 18:00
    Augustus III+IV - Defining the Scope

  • HACKING WITH WEBSOCKETS

    Sergey Shekyan, Vaagn Toukharian
    Thu, 14:15 - 15:15
    Augustus I+II - Web Apps

  • HARDWARE BACKDOORING IS PRACTICAL

    Jonathan Brossard
    Thu, 15:30 - 16:30
    Augustus V+VI - Malware

  • HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL FIRMWARE

    Ruben Santamarta
    Wed, 17:00 - 18:00
    Romans I-IV - Gnarly Problems

  • HOOKIN' AIN'T EASY: BEEF INJECTION WITH MITM

    Ryan Linn, Steve Ocepek
    Thu, 17:00 - 18:00
    Romans I-IV - Mass Effect

  • HOW MANY BRICKS DOES IT TAKE TO CRACK A MICROCELL?

    Mathew Rowley
    Thu, 17:00 - 18:00
    Palace III - Over the Air and In The Device

  • HOW THE ANALYSIS OF ELECTRICAL CURRENT CONSUMPTION OF EMBEDDED SYSTEMS COULD LEAD TO CODE REVERSING?

    Julien Moinard, Yann Allain
    Wed, 11:45 - 12:45
    Augustus V+VI - Lower Layers

  • HTEXPLOIT BYPASSING HTACCESS RESTRICTIONS

    Matias Katz, Maximiliano Soler
    Wed, 14:35 - 14:55
    Augustus III+IV - Upper Layers

  • HTML5 TOP 10 THREATS – STEALTH ATTACKS AND SILENT EXPLOITS

    Shreeraj Shah
    Thu, 10:15 - 11:15
    Augustus I+II - Web Apps
  • I

  • INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT

    John Flynn
    Wed, 15:30 - 16:30
    Palace II - Defense

  • IOS APPLICATION SECURITY ASSESSMENT AND AUTOMATION: INTRODUCING SIRA

    Joshua Dubik, Justin Engler, Seth Law, David Vo
    Thu, 15:30 - 16:30
    Palace III - Over the Air and In The Device

  • IOS KERNEL HEAP ARMAGEDDON REVISITED

    Stefan Esser
    Thu, 11:45 - 12:45
    Palace III - Over the Air and In The Device

  • IOS SECURITY

    Dallas De Atley
    Thu, 10:15 - 11:15
    Palace III - Over the Air and In The Device
  • L

  • LEGAL ASPECTS OF CYBERSPACE OPERATIONS

    Robert Clark
    Thu, 14:15 - 15:15
    Augustus III+IV - Defining the Scope

  • LIBINJECTION: A C LIBRARY FOR SQLI DETECTION AND GENERATION THROUGH LEXICAL ANALYSIS OF REAL WORLD ATTACKS

    Nick Galbreath
    Wed, 14:55 - 15:15
    Augustus I+II - Upper Layers

  • LOOKING INTO THE EYE OF THE METER

    Don Weber
    Wed, 14:15 - 15:15
    Augustus V+VI - Lower Layers
  • M

  • MAPPING AND EVOLUTION OF ANDROID PERMISSIONS

    Zach Lanier, Andrew Reiter
    Thu, 14:55 - 15:15
    Palace III - Over the Air and In The Device

  • MODSECURITY AS UNIVERSAL CROSS-PLATFORM WEB PROTECTION TOOL

    Ryan Barnett, Greg Wroblewski
    Wed, 14:15 - 14:35
    Augustus I+II - Upper Layers

  • MY ARDUINO CAN BEAT UP YOUR HOTEL ROOM LOCK

    Cody Brocious
    Wed, 00:00 - 00:00
    Augustus III+IV - Defining the Scope
  • O

  • OWNING BAD GUYS {AND MAFIA} WITH JAVASCRIPT BOTNETS

    Chema Alonso
    Wed, 17:00 - 18:00
    Augustus I+II - Upper Layers
  • P

  • PASSIVE BLUETOOTH MONITORING IN SCAPY

    Ryan Holeman
    Thu, 14:15 - 14:35
    Palace I - Enterprise Intrigue

  • PINPADPWN

    Nils, Rafael Dominguez Vega
    Wed, 17:00 - 18:00
    Palace III - Big Picture

  • PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS)

    George Argyros, Silvio Cesare
    Wed, 15:30 - 16:30
    Augustus I+II - Upper Layers

  • PROBING MOBILE OPERATOR NETWORKS

    Collin Mulliner
    Wed, 15:30 - 16:30
    Palace I - Mobile
  • R

  • RECENT JAVA EXPLOITATION TRENDS AND MALWARE

    Jeongwook Oh
    Thu, 11:45 - 12:45
    Romans I-IV - Mass Effect
  • S

  • SCALING UP BASEBAND ATTACKS: MORE (UNEXPECTED) ATTACK SURFACE

    Ralf-Philipp Weinmann
    Wed, 11:45 - 12:45
    Palace I - Mobile

  • SEXYDEFENSE - MAXIMIZING THE HOME-FIELD ADVANTAGE

    Iftach Ian Amit
    Wed, 10:15 - 11:15
    Palace III - Defense

  • SMASHING THE FUTURE FOR FUN AND PROFIT

    Jennifer Granick, Jeff Moss, Marcus Ranum, Bruce Schneier, Adam Shostack
    Wed, 10:15 - 11:15
    Augustus III+IV - Lower Layers

  • SNSCAT: WHAT YOU DON'T KNOW ABOUT SOMETIMES HURTS THE MOST

    Dan Gunter, Soloman S
    Thu, 14:15 - 15:15
    Florentine - Applied Workshop I

  • SQL INJECTION TO MIPS OVERFLOWS: ROOTING SOHO ROUTERS

    Zachary Cutlip
    Thu, 15:30 - 16:30
    Romans I-IV - Mass Effect

  • SSRF VS. BUSINESS CRITICAL APPLICATIONS

    Dmitry Chastuhin, Alexander Polyakov
    Thu, 17:00 - 18:00
    Palace I - Enterprise Intrigue

  • STAMP OUT HASH CORRUPTION, CRACK ALL THE THINGS

    Jonathan Claudius, Ryan Reynolds
    Thu, 14:55 - 15:15
    Palace I - Enterprise Intrigue

  • STATE OF WEB EXPLOIT TOOLKITS

    Jason Jones
    Thu, 17:00 - 18:00
    Augustus I+II - Web Apps

  • STILL PASSING THE HASH 15 YEARS LATER? USING THE KEYS TO THE KINGDOM TO ACCESS ALL YOUR DATA

    Christopher Campbell, Alva Duckwall
    Thu, 10:15 - 11:15
    Romans I-IV - Mass Effect

  • STIX: THE STRUCTURED THREAT INFORMATION EXPRESSION

    Sean Barnum
    Wed, 14:55 - 15:15
    Augustus III+IV - Defining the Scope

  • SYNFUL DECEIT, STATEFUL SUBTERFUGE

    Chris Patten, Tom Steele
    Thu, 14:35 - 14:55
    Palace I - Enterprise Intrigue
  • T

  • TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES

    Jim Aldridge
    Thu, 15:30 - 16:30
    Augustus III+IV - Defining the Scope

  • THE CHRISTOPHER COLUMBUS RULE AND DHS

    Mark Weatherford
    Thu, 11:45 - 12:45
    Augustus III+IV - Defining the Scope

  • THE DEFENSE RESTS: AUTOMATION AND APIS FOR IMPROVING SECURITY

    David Mortman
    Wed, 11:45 - 12:45
    Palace II - Defense

  • THE INFO LEAK ERA ON SOFTWARE EXPLOITATION

    Fermin J. Serna
    Wed, 14:15 - 15:15
    Palace III - Breaking Things

  • THE LAST GASP OF THE INDUSTRIAL AIR-GAP...

    Éireann Leverett
    Wed, 14:35 - 14:55
    Augustus III+IV - Defining the Scope

  • THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET

    Tom Ritter, Alex Stamos
    Wed, 17:00 - 18:00
    Augustus III+IV - Defining the Scope

  • THE SUBWAY LINE 8 - EXPLOITATION OF WINDOWS 8 METRO STYLE APPS

    Ming-chieh Pan, Sung-Ting Tsai
    Thu, 10:15 - 11:15
    Palace II - 92.2% Market Share

  • TORTURING OPENSSL

    Valeria Bertacco
    Wed, 14:15 - 15:15
    Romans I-IV - Gnarly Problems

  • TRUST, SECURITY, AND SOCIETY

    Bruce Schneier
    Thu, 10:15 - 11:15
    Augustus III+IV - Defining the Scope
  • W

  • WEB TRACKING FOR YOU

    Gregory Fleischer
    Wed, 15:30 - 16:30
    Romans I-IV - Gnarly Problems

  • WE HAVE YOU BY THE GADGETS

    Toby Kohlenberg, Mickey Shkatov
    Thu, 11:45 - 12:45
    Palace II - 92.2% Market Share

  • Welcome & Introduction to Black Hat USA 2012

    Jeff Moss
    Wed, 08:50 - 09:00
    Augustus 1+2

  • WHEN SECURITY GETS IN THE WAY: PENTESTING MOBILE APPS THAT USE CERTIFICATE PINNING

    Alban Diquet, Justine Osborne
    Thu, 14:15 - 14:35
    Palace III - Over the Air and In The Device

  • WINDOWS 8 HEAP INTERNALS

    Tarjei Mandt, Christopher Valasek
    Wed, 15:30 - 16:30
    Augustus V+VI - Lower Layers

  • WINDOWS PHONE 7 INTERNALS AND EXPLOITABILITY

    Tsukasa Oi
    Thu, 15:30 - 16:30
    Palace II - 92.2% Market Share