Black Hat & DEFCON 2012

This is to track organization and attendees for Black Hat and DEFCON 2012 security conferences this coming Summer. Black Hat is at Caesars Palace and DEFCON is at the Rio.

Dates

Black Hat is from July 21 through 26, 2012. DEFCON 20 is from July 26 through 29.

Sessions to be covered

Black Hat sessions

Wednesday, July 25

10:15

• Advanced ARM Exploitation (Palace I) - kang
• SexyDefense - Maximizing the home-field advantage (Palace II) - joes
• WORKSHOP: Advanced Chrome Extension- Leveraging API Powers for The Better Evil Who is attending, if anyone? Name here

For Gaia/WebAPI folks some attacks on Chrome extensions that may have relevance to types of attacks we face on apps.

11:45

• Google Native Client - Analysis Of A Secure Browser Plugin Sandbox -Al

For the B2G folks there are a couple that might help us with our phone designs. If nothing else they may inform our testing.

• Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap - gkw
• "Scaling Up Baseband Attacks: More (Unexpected) Attack Surface" -Who is attending, if anyone? Name here
• BlackOps - joes
• The Defense RESTs: Automation and APIs for Improving Security (Palace II) - kang

14:15

• "Don't Stand So Close To Me: An Analysis of the NFC Attack Surface" -Who is attending, if anyone? Name here
• Defeating ASLR through info leaks, and how to cause them.
• "The Info Leak Era on Software Exploitation" (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) -Who is attending, if anyone? Name here
• ModSecurity as Universal Cross-Platform Web Protection Tool (Augustus I + II) - joes, kang
• HTExploit Bypassing Htaccess Restrictions (Augustus I + II) - joes, kang
• Torturing OpenSSL - Al

15:30

• "Web Tracking for You" - Al

For the privacy geeks -- decloaking "private browsing" among other ways to track people.

• A wildcard... Math.random() isn't crytographically secure, could we be vulnerable to anything like these PHP issues? If you go bring your open mind and wear your brainstorming hat.
• briefings.html#Argyros "PRNG: Pwning Random Number Generators (in PHP applications)"
• Intrusion Detection Along the Kill Chain: Why Your Detection System Sucks and What to do About It (Palace II) - joes, kang

17:00

• Owning bad guys and mafia with javascript botnets - who doesn't love a botnet that uses javascript?
• "Exploit Mitigation Improvements in Win 8"

New defensive features of Win8 we should consider using. Some may be compiler/linker features that will help on other versions of windows, too.

• Backdoors in a B2G device? Here Be Backdoors: A Journey Into the Secrets of Industrial Firmware
• The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet (Augustus III + IV) - joes, kang

Thursday, July 26

10:15

• Trust, Security, and Society (Augustus III + IV) - joes

11:45

14:15

• Turbotalks - Enterprise Intrigue (Palace I)
  • Passive Bluetooth Monitoring in Scapy - joes
  • SYNful Deceit, Stateful Subterfuge - joes
  • Stamp Out Hash Corruption, Crack All The Things - joes

15:30

• Targeted Intrusion Remediation: Lessons From The Front Lines (Augustus III + IV) - joes

17:00

• Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance (Augustus III + IV) - joes

• Hacking with WebSockets -Who is attending, if anyone? Name here
• HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits -Who is attending, if anyone? Name here
• Recent Java Exploitation Trends and Malware - Java malware, sandboxes, etc.
• "Blended Threats and JavaScript: A Plan for Permanent Network Compromise" -Who is attending, if anyone? Name here
• "Digging Deep Into The Flash Sandboxes" -Who is attending, if anyone? Name here

DEFCON Sessions

July 27

• How to Hack VMware vCenter Server in 60 Seconds
• https://www.defcon.org/html/defcon-20/dc-20-speakers.html#Baldwin

July 28

• Beyond the War on General Purpose Computing: What's Inside the Box? - Cory Doctorow Keynote
• Owning Bad Guys And Mafia With Javascript Botnets - Repeat of BH talk if you're interested and missed it.
• Botnets Die Hard - Owned and Operated
• Into the Droid: Gaining Access to Android User Data
• Hellaphone: Replacing the Java in Android

July 29

• Improving Web Vulnerability Scanning
• Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework
• Subterfuge: The Automated Man-in-the-Middle Attack Framework

dinners/meetups

Tuesday Night Dinner Sign Up

Confirmed Rao's 8:30 PM 14 reservations - let me know if you want to be added and I'll try to fit you in -chofmann

1 Joe Stevensen
2 Eric Parker
3 Guillaume Destuynder
4 Gary Kwong
5 Adam Muntner
6 Ben Kero
7 Brian Hourigan
8 Anthony Hughes
9 Kevin Brosnan
10 John Morrison
11 Al Billings
12 Raymond Forbes
13 Chris Hofmann
14

Wed Night Dinner Sign Up

Confirmed Mesa Grill 8:30 PM - 15 reservations. - contact chofmann to be added beyond that.

1 Joe Stevensen (/me wonders if can we do dinner at 7:30 PM instead?)
2 Michael Herny :tinfoil
3 Gary Kwong
4 Ben Kero
5 Brian Hourigan
6 Anthony Hughes
7 Jorge Villalobos
8 Kevin Brosnan
9 Marshall Moutenot
10 John Morrison
11 Al Billings
12 Raymond Forbes
13 Chris Hofmann
14 Jesse Ruderman
15 Guillaume Destuynder

Thurs Night Dinner Sign Up

8:30 PM ??

• Gary Kwong
• Ben Kero
• Brian Hourigan
• Anthony Hughes
• Jorge Villalobos
• Marshall Moutenot

Friday Night Dinner Sign Up

8:30 PM ??

• Gary Kwong
• Ben Kero
• Brian Hourigan
• Anthony Hughes
• Marshall Moutenot
• Raymond Forbes

Sat Night Dinner Sign Up

8:30 PM ??

• Joe Stevensen
• Gary Kwong
• Ben Kero
• Brian Hourigan
• Anthony Hughes
• Jorge Villalobos
• Raymond Forbes
• Guillaume Destuynder

Attendees

Enter your name below if you plan on attending one or both conferences.

Conference registration numbers for attendees

hotel reservation confirmations

Flight planning