00:00
MY ARDUINO CAN BEAT UP YOUR HOTEL ROOM LOCK

Cody Brocious

Wed, 00:00 - 00:00

Augustus III+IV - Defining the Scope
08:50
Welcome & Introduction to Black Hat USA 2012

Jeff Moss

Wed, 08:50 - 09:00

Augustus 1+2
09:00
CHANGING THE SECURITY PARADIGM....TAKING BACK YOUR NETWORK AND BRINGING PAIN TO THE ADVERSARY

Shawn Henry

Wed, 09:00 - 10:00

Augustus I+II
10:15
SMASHING THE FUTURE FOR FUN AND PROFIT

Jennifer Granick, Jeff Moss, Marcus Ranum, Bruce Schneier, Adam Shostack

Wed, 10:15 - 11:15

Augustus III+IV - Lower Layers
ADVANCED ARM EXPLOITATION

Stephen Lawler, Stephen Ridley

Wed, 10:15 - 11:15

Palace I - Mobile
A STITCH IN TIME SAVES NINE: A CASE OF MULTIPLE OPERATING SYSTEM VULNERABILITY

Rafal Wojtczuk

Wed, 10:15 - 11:15

Palace II - Breaking Things
SEXYDEFENSE - MAXIMIZING THE HOME-FIELD ADVANTAGE

Iftach Ian Amit

Wed, 10:15 - 11:15

Palace III - Defense
FILE DISINFECTION FRAMEWORK: STRIKING BACK AT POLYMORPHIC VIRUSES

Tomislav Pericin, Mario Vuksan

Wed, 10:15 - 11:15

Romans I-IV - Gnarly Problems
<GHZ OR BUST: BLACKHAT

Atlas

Wed, 10:15 - 12:45

Florentine - Applied Workshop I
ADVANCED CHROME EXTENSION EXPLOITATION - LEVERAGING API POWERS FOR THE BETTER EVIL

Krzysztof Kotowicz, Kyle Osborne

Wed, 10:15 - 12:45

Pompeian - Applied Workshop II
11:45
BLACK OPS

Dan Kaminsky

Wed, 11:45 - 12:45

Augustus III+IV - Defining the Scope
GOOGLE NATIVE CLIENT - ANALYSIS OF A SECURE BROWSER PLUGIN SANDBOX

Chris Rohlf

Wed, 11:45 - 12:45

Augustus I+II - Upper Layers
HOW THE ANALYSIS OF ELECTRICAL CURRENT CONSUMPTION OF EMBEDDED SYSTEMS COULD LEAD TO CODE REVERSING?

Julien Moinard, Yann Allain

Wed, 11:45 - 12:45

Augustus V+VI - Lower Layers
SCALING UP BASEBAND ATTACKS: MORE (UNEXPECTED) ATTACK SURFACE

Ralf-Philipp Weinmann

Wed, 11:45 - 12:45

Palace I - Mobile
THE DEFENSE RESTS: AUTOMATION AND APIS FOR IMPROVING SECURITY

David Mortman

Wed, 11:45 - 12:45

Palace II - Defense
EXPLOITING THE JEMALLOC MEMORY ALLOCATOR: OWNING FIREFOX'S HEAP

Patroklos Argyroudis, Chariton Karamitas

Wed, 11:45 - 12:45

Palace III - Breaking Things
CONFESSIONS OF A WAF DEVELOPER: PROTOCOL-LEVEL EVASION OF WEB APPLICATION FIREWALLS

Ivan Ristic

Wed, 11:45 - 12:45

Romans I-IV - Gnarly Problems
14:15
CUTECATS.EXE AND THE ARAB SPRING

Morgan Marqis-Boire

Wed, 14:15 - 14:35

Augustus III+IV - Defining the Scope
MODSECURITY AS UNIVERSAL CROSS-PLATFORM WEB PROTECTION TOOL

Ryan Barnett, Greg Wroblewski

Wed, 14:15 - 14:35

Augustus I+II - Upper Layers
LOOKING INTO THE EYE OF THE METER

Don Weber

Wed, 14:15 - 15:15

Augustus V+VI - Lower Layers
DON'T STAND SO CLOSE TO ME: AN ANALYSIS OF THE NFC ATTACK SURFACE

Charlie Miller

Wed, 14:15 - 14:35

Palace I - Mobile
CONTROL-ALT-HACK(TM): WHITE HAT HACKING FOR FUN AND PROFIT (A COMPUTER SECURITY CARD GAME)

Tamara Denning, Tadayoshi Kohno, Adam Shostack

Wed, 14:15 - 15:15

Palace II - Defense
THE INFO LEAK ERA ON SOFTWARE EXPLOITATION

Fermin J. Serna

Wed, 14:15 - 15:15

Palace III - Breaking Things
TORTURING OPENSSL

Valeria Bertacco

Wed, 14:15 - 15:15

Romans I-IV - Gnarly Problems
CODE REVIEWING WEB APPLICATION FRAMEWORK BASED APPLICATIONS (STRUTS 2, SPRING MVC, RUBY ON RAILS (GROOVY ON GRAILS), .NET MVC)

Abraham Kang

Wed, 14:15 - 18:00

Florentine - Applied Workshop I
LINUX INTERACTIVE EXPLOIT DEVELOPMENT WITH GDB AND PEDA

Long Le

Wed, 14:15 - 17:00

Pompeian - Applied Workshop II
14:35
THE LAST GASP OF THE INDUSTRIAL AIR-GAP...

Éireann Leverett

Wed, 14:35 - 14:55

Augustus III+IV - Defining the Scope
HTEXPLOIT BYPASSING HTACCESS RESTRICTIONS

Matias Katz, Maximiliano Soler

Wed, 14:35 - 14:55

Augustus III+IV - Upper Layers
14:55
STIX: THE STRUCTURED THREAT INFORMATION EXPRESSION

Sean Barnum

Wed, 14:55 - 15:15

Augustus III+IV - Defining the Scope
LIBINJECTION: A C LIBRARY FOR SQLI DETECTION AND GENERATION THROUGH LEXICAL ANALYSIS OF REAL WORLD ATTACKS

Nick Galbreath

Wed, 14:55 - 15:15

Augustus I+II - Upper Layers
15:30
ERRATA HITS PUBERTY: 13 YEARS OF CHAGRIN

Jericho

Wed, 15:30 - 16:30

Augustus III+IV - Defining the Scope
PRNG: PWNING RANDOM NUMBER GENERATORS (IN PHP APPLICATIONS)

George Argyros, Silvio Cesare

Wed, 15:30 - 16:30

Augustus I+II - Upper Layers
WINDOWS 8 HEAP INTERNALS

Tarjei Mandt, Christopher Valasek

Wed, 15:30 - 16:30

Augustus V+VI - Lower Layers
PROBING MOBILE OPERATOR NETWORKS

Collin Mulliner

Wed, 15:30 - 16:30

Palace I - Mobile
INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT

John Flynn

Wed, 15:30 - 16:30

Palace II - Defense
ARE YOU MY TYPE? - BREAKING .NET SANDBOXES THROUGH SERIALIZATION

James Forshaw

Wed, 15:30 - 16:30

Palace III - Breaking Things
WEB TRACKING FOR YOU

Gregory Fleischer

Wed, 15:30 - 16:30

Romans I-IV - Gnarly Problems
17:00
THE MYTH OF TWELVE MORE BYTES: SECURITY ON THE POST-SCARCITY INTERNET

Tom Ritter, Alex Stamos

Wed, 17:00 - 18:00

Augustus III+IV - Defining the Scope
OWNING BAD GUYS {AND MAFIA} WITH JAVASCRIPT BOTNETS

Chema Alonso

Wed, 17:00 - 18:00

Augustus I+II - Upper Layers
GHOST IS IN THE AIR(TRAFFIC)

Javier Galbally

Wed, 17:00 - 18:00

Augustus V+VI - Lower Layers
ADVENTURES IN BOUNCERLAND

Nicholas J. Percoco, Sean Schulte

Wed, 17:00 - 18:00

Palace I - Mobile
EXPLOIT MITIGATION IMPROVEMENTS IN WIN 8

Ken Johnson, Matt Miller

Wed, 17:00 - 18:00

Palace II - Defense
PINPADPWN

Nils, Rafael Dominguez Vega

Wed, 17:00 - 18:00

Palace III - Big Picture
HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL FIRMWARE

Ruben Santamarta

Wed, 17:00 - 18:00

Romans I-IV - Gnarly Problems
FROM THE IRISCODE TO THE IRIS: A NEW VULNERABILITY OF IRIS RECOGNITION SYSTEMS

Javier Galbally

Wed, 17:00 - 18:00

Pompeian - Applied Workshop II