blackhat US 2012 – Ultimate security testing conference Buzz

To me security testing is the ultimate testing challenge.  blackhat conferences are the premier conferences on information security.  I have included a concise summary of the Blackhat 2012 US conference, to give you a feel for current security topics.  It’s worth spending a few hours reading the conference schedule – it’s a very interesting read. e.g.,

Here is my summary:

Malware author evasion Rodrigo Branco
CPU instruction vulnerability Rafal Wojtczuk
ARM exploitation (embedded) Stephen Ridley
Beat Google Bouncer Nicholas Percoco
Action Message Format testing Luca Carettoni
Identifying .NET vulnerabilities James Forshaw
Javascript browser blended threats Phil Purviance
Various techniques Dan Kaminsky
Stochastic forensics Jonathan Grier
Detecting unrelated external code Silvio Cesare
Web application firewall Ivan Ristic
Security card game Tadayoshi Kohno
MAC EFI rootkit Loukas K
Android’s DEX file format Timothy Strazzere
Browser Flash sandboxes Paul Sabanal
Mobile Near Field Communication protocol Charlie Miller
Windows kernel vulnerabilities Cesar Cerrudo
Security industry watchgroup Jericho
Microsoft Exchange->devices Peter Hannay
Windows 8 Matt Miller
Windows 8 Metro apps Sung-ting Tsai
Jemalloc Firefox exploitation Patroklos Argyroudis
Polymorphic viruses Mario Vuksan
Oracle index (database) David Litchfield
Malware analysis environment detection Chengyu Song
Iris recognition Javier Galbally
Air traffic control systems Andrei Costin
Google Chrome native client Chris Rohlf
Better Communication=Security acceptance James Philput
HTML5/Websockets Sergey Shekyan
Hardware backdoor Jonathan Brossard
Industrial firmware Ruben Santamarta
Browser EEF Steve Ocepek
Reverse Engineering 3G microcell Mathew Rowley
Embedded systems code using electrical consumption Yann Allain
HTML5 top 10 threats Shreeraj Shah
Intrusion detection complete failure John Flynn
iOS/Appstore vulnerability Justin Engler
iOS kernel memory allocators Stefan Esser
iOS security Dallas De Atley
Legal Robert Clark
Smart Grid Don Weber
Hotel Onity locks Cody Brocious
Javascript botnets analyze villians Chema Alonso
Pin Pads Nils
Attacking PHP apps, e.g., Mediawiki George Argyros
Cellular networks Collin Mulliner
Java vulnerabilities Jeong Wook Oh
Remote smartphone attack/Baseband processor Ralf-Philipp Weinmann
Proactive defense Iftach Ian Amit
Security vision Jeff Moss
Social media/business networks Dan Gunter
SQL Injection exploit routers Zachary Cutlip
SSRF attack SAP/ERP Alexander Polyakov
Hash corruption Ryan Reynolds
 Web exploit toolkits Jason Jones
Kerberos, NTLM, domain hashes Alva Duckwall
Intrusion remediation Jim Aldridge
Dept Homeland Sec. – research, training, hiring opps Mark Weatherford
Internal dev processes rather than external vendor tools David Mortman
 ASLR Fermin J. Serna
IPV6, DNSSEC, new top level domains Alex Stamos
Attacking hardware Valeria Bertacco
Social trust systems Bruce Schneier
Windows gadgets Mickey Shkatov
Web user tracking Gregory Fleischer
Windows Phone 7 Tsukasa Oi
Windows 8 heap Chris Valasek

One thought on “blackhat US 2012 – Ultimate security testing conference Buzz

  1. Pingback: blackhat US 2012 arsenal – security testing tools | Software Test Manager

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s