Blackhat talk picks

Inspired by Chris Eng, here is a list of Blackhat talks I will probably attend.  It’s frustrating to have so many talks in conflicting time slots while some times have almost none relevant to me.


Highway to Hell: Hacking Toll Systems (11:15 am).  As much as I’d like to see the other talks, someone has to present this one.  If you’re just getting into hardware hacking or wondering how to secure toll systems, please drop in.  Too bad I also have to miss Ilfak’s talk on adding a decompiler to IDA (watch out Veracode!)  Oh, and there was some DNS thing too.

Software Radio and the Future of Wireless Security (1:45 pm). After lunch, I’m interested in hearing more about software radio. I do most of my work by soldering directly to the logic side, bypassing any demodulation circuitry. Temporal Reverse Engineering looks interesting also.

Return-Oriented Programming: Exploits Without Code Injection (3:15 pm).  This should be good since I haven’t seen an exhaustive treatment of this approach.  I think the stack has been overlooked since NX became common.  But it can still control program flow even without executing directly from it.

Pwnie Awards (6 pm).  The Oscars without the speeches and with more embarassment.  Awesome.


Developments in Cisco IOS Forensics (10 am). I can get up early to enjoy FX getting back into Cisco again.

Timing Attacks on the MSP430 Bootstrap Loader (1:45 pm).  The BSL sometimes gives access to the flash even if the JTAG fuse has been blown.  I’ve become familiar with the MSP430 due to this FasTrak research so this is quite relevant to me.

How To Impress Girls With Browser Memory Protection Bypasses or Mifare – Little Security, Despite Obscurity (3:15 pm). Augh, can’t decide: amusing heap fung shui or more updates on the CRYPTO1 train wreck. I’ll probably flip a coin.

Inducing Momentary Faults Within Secure Smartcards/Microcontrollers (4:45 pm).  Chris Tarnovsky is the leading silicon hacker.  You’d have to be crazy to miss this.

[Edit: added Travis Goodspeed’s talk. I inadvertently left it out the first time]