It's that time of year again... A time when all the most interesting people, ideas, concepts, and attacks are on display in Las Vegas. That's right, we are talking about Blackhat USA and associated conferences. Every year about a week before conference time, all the security analysts, researchers, and talking heads begin to espouse their thoughts regarding which of of the conference sessions will be the highlights of the week. Each person's idea of what will be "the best talk of the week" is colored through his or her own biased lens. To this end, we asked some of our blog writers to narrow down their list to the top 3 Blackhat presentations (sorry Defcon and BSides, you guys are awesome too.. but we only have so much available time and space). Since no two lists are alike, we bring you the Veracode Zero Day Labs' must see presentation list for Blackhat 2011.
Chris Wysopal's List
- How a Hacker Has Helped Influence the Government - and Vice Versa - Peiter "Mudge" Zatko: Mudge is a great speaker and I always learn a new ways of looking at security from him. Now that he has immersed himself into the DoD way of looking at things I am positive some new insights will flow out of him. Note that this is a keynote so there is no excuse for missing this one.
- Femtocells: A Poisonous Needle in the Operator's Hay Stack - Ravishankar Borgaonkar & Nico Golde & Kevin Redon: If you are like me the first time you saw a Femtocell (a small cellular base station for home use) you thought, "If I could hack that I could MITM mobile calls". Well these guys went out and did it! They are going to discuss attacking both mobile devices and the mobile infrastructure from a hacked femtocell.
- The Law of Mobile Privacy and Security - Jennifer Granick: It's an unfortunate fact but security researchers need to keep up with the changing legal landscape that surrounds technology. Mobile research is exploding and stepping into areas covered by different laws than the traditional CFAA or DMCA. This is a good way to keep up if you are a mobile researcher.
Tyler Shields' List
Chris Eng's List
Brandon Creighton's List
Talks Presented by Veracode!
If the above doesn't excite you, the following definitely should. Veracode researchers are participating in the following panels and talks at venues throughout Las Vegas.
- Panel: Owning Your Phone At Every Layer- Moderated by Tyler Shields: This panel, which will include our own Chris Wysopal, brings some of the best mobile researchers together to determine where the real risks in mobile devices comes from. Is the applications you install on your phone, is it the weak infrastructure, or is the operating system to blame? Come participate in this battle royale to determine what really should be keeping you up at night.
- The Web Browser Testing System - Isaac Dawson at Blackhat Arsenal: The Web Browser Testing System WBTS was built to quickly automate and test various browser and user-agents for security issues. It contains all the necessary services required for testing a browser. The following services are included: DNS, HTTP(S), Logging Services and support for VirtualHosts.
- Communicating in Code - Chris Lytle at DEFCON Kids: Cryptography is the art and science of making and breaking secret codes and ciphers. Learn about the history of cryptography, practice it for yourself, and make your very own secret cipher! There will be prizes! Please note, kids will get more from this session if they have basic reading and writing skills.
Veracode Security Solutions
Security Threat Guides