It's that time of year again... A time when all the most interesting people, ideas, concepts, and attacks are on display in Las Vegas. That's right, we are talking about Blackhat USA and associated conferences. Every year about a week before conference time, all the security analysts, researchers, and talking heads begin to espouse their thoughts regarding which of of the conference sessions will be the highlights of the week. Each person's idea of what will be "the best talk of the week" is colored through his or her own biased lens. To this end, we asked some of our blog writers to narrow down their list to the top 3 Blackhat presentations (sorry Defcon and BSides, you guys are awesome too.. but we only have so much available time and space). Since no two lists are alike, we bring you the Veracode Zero Day Labs' must see presentation list for Blackhat 2011.
Chris Wysopal's List
How a Hacker Has Helped Influence the Government - and Vice Versa - Peiter "Mudge" Zatko: Mudge is a great speaker and I always learn a new ways of looking at security from him. Now that he has immersed himself into the DoD way of looking at things I am positive some new insights will flow out of him. Note that this is a keynote so there is no excuse for missing this one.
Femtocells: A Poisonous Needle in the Operator's Hay Stack - Ravishankar Borgaonkar & Nico Golde & Kevin Redon: If you are like me the first time you saw a Femtocell (a small cellular base station for home use) you thought, "If I could hack that I could MITM mobile calls". Well these guys went out and did it! They are going to discuss attacking both mobile devices and the mobile infrastructure from a hacked femtocell.
The Law of Mobile Privacy and Security - Jennifer Granick: It's an unfortunate fact but security researchers need to keep up with the changing legal landscape that surrounds technology. Mobile research is exploding and stepping into areas covered by different laws than the traditional CFAA or DMCA. This is a good way to keep up if you are a mobile researcher.
Hacking Androids for Profit - Riley Hassell & Shane Macaulay: A discussion on Android security both on the device and in the marketplace and some Android 0day to boot?! What an opening gambit this talk is going to be.
If the above doesn't excite you, the following definitely should. Veracode researchers are participating in the following panels and talks at venues throughout Las Vegas.
Panel: Owning Your Phone At Every Layer- Moderated by Tyler Shields: This panel, which will include our own Chris Wysopal, brings some of the best mobile researchers together to determine where the real risks in mobile devices comes from. Is the applications you install on your phone, is it the weak infrastructure, or is the operating system to blame? Come participate in this battle royale to determine what really should be keeping you up at night.
The Web Browser Testing System - Isaac Dawson at Blackhat Arsenal: The Web Browser Testing System WBTS was built to quickly automate and test various browser and user-agents for security issues. It contains all the necessary services required for testing a browser. The following services are included: DNS, HTTP(S), Logging Services and support for VirtualHosts.
Communicating in Code - Chris Lytle at DEFCON Kids: Cryptography is the art and science of making and breaking secret codes and ciphers. Learn about the history of cryptography, practice it for yourself, and make your very own secret cipher! There will be prizes! Please note, kids will get more from this session if they have basic reading and writing skills.
Tyler Shields is a Senior Researcher for the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. He also keeps track of new developments from other computer science and information security researchers to ensure that Veracode technologies are always kept in line with the most recent security advancements.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.