The Black Hat Briefings - Call For Papers Announcement

From: Jeff Moss (jmoss@BLACKHAT.COM)
Date: 02/27/02

Date:         Tue, 26 Feb 2002 19:05:40 -0800
From: Jeff Moss <jmoss@BLACKHAT.COM>

Call For Papers Announcement

Papers and presentations are now being accepted for The Black Hat Briefings
USA 2002 event in Las Vegas, July 29th - August 1st, 2002. Papers and
requests to speak will be received and reviewed from March 1st until May 1st.


The Black Hat Briefings was created to fill the need for computer security
professionals to better understand the security risks and potential threats
to their information infrastructures and computer systems. Black Hat
accomplishes this by assembling a group of vendor-neutral security
professionals and having them speak candidly about the problems businesses
face and their solutions to those problems. No gimmicks -- just straight
talk by people who make it their business to explore the ever-changing
security space.


To meet the goals outlined above, Black Hat expects several things from
selected speakers.

- We do not accept product pitches. If your talk is a thinly-veiled
advertisement for a new product or service your company is offering, please
do not apply.

- If you are going to announce or demonstrate a new tool as the primary
focus of your talk, that tool must be made available for the conference CD
ROM. We don't want a room full of people all excited about what you have
demonstrated only to learn the tool is $12,000 and not available to the
general public.

- If you are selected to speak, your completed materials MUST be submitted
by July 1st, 2002 or you will be dropped as a speaker and an alternative
will be put in your place. Materials for the CDROM, (which can include an
updated presentation), must be submitted by July 7th.

- We expect speakers to be available during the lunches and reception in
order to meet and mingle with the attendees.

- If your presentation discusses problems, also present suggested
solutions. If no solutions exist please explain why they are not possible
or practical and what you think the impact will be. If you present a
solution to a new problem also explain what the weaknesses to the solution
are, as well as their impact on the problem.

- Assume that the attendees already understand the basic concepts regarding
your topic. For example, if you are talking about cryptography, assume that
everyone knows the difference between public key vs. symmetric algorithms.
Black Hat strives to be known as a more technical security conference, and
as such, expect more high-level details from their speakers.

- In your presentation please include a reference to all of the tools,
laws, Web sites or publications you refer to at the end of your talk. This
appendix will greatly help attendees who wish to learn more about your
subject, but are not sure where to start.

- The content you provide for the conference CD ROM should include a copy
of all the RFCs, White Papers, or tools referenced in your presentation.

- If you want to present a "101" level course on a new technology or to
introduce the attendees to a new issue, please label your submission as
such. For example, a person talking about an overview of anonymous
networking technologies would call their talk something like "Anonymous
Networking 101: An overview of technologies used to obfuscate your network
behavior" or something along those lines.

- If you are doing a demonstration we expect you to provide all the
necessary equipment. We will only provide the Net connection, power, and an
LCD projector.


Please submit an outline on a self-selected topic covering either the
problems and/or solutions surrounding the following broad categories. The
examples given in the following topics is meant to give you ideas and
direction and is not the final list of topics. Because of the unique nature
of this conference, the combining of some of the best hackers with security
professionals, there will be an emphasis on where the rubber meets the
road. Attendees want to walk away knowing what works, what doesn't, and
what to do about it.

- Wireless: 802.11x, CDPD, BlueTooth, WAP, C/TDMA, GSM, SMS, 3G and two way
paging. Everything is going wireless - what are the tools used to attack,
analyze or secure these technologies? Is using your phone's SMS messaging
more secure that your Two Way pager? Tools, demonstrations and white papers

- Firewalls, Access Control, PKI and Single Sign-on: These talks should
explore the latest technologies in defeating, auditing or implementing
these technologies. Talks could cover a comparison of the technologies, new
tools designed to audit a specific application, case studies in
implementation, etc.

- Routing and Infrastructure: This track will focus on the technologies
that are the bare bones of an Internet presence. Bandwidth, Routing, DNS,
Auditing and securing routers, etc.

- Application Security: Auditing Web applications, reverse engineering
binaries to break or fix something, an evaluation or overview of
application level proxies, secure coding practices, and buffer overflow /
stress testing tools would be appropriate for this track.

- Intrusion Detection, Incident Response and Computer Forensics: What are
the latest technologies and techniques used in detecting and investigating
a suspected computer break in? What specific steps should an administrator
take in advance to make this process easier? What tools are the best to use
in a post mortis? For example on the Computer Forensics topic, if you
suspect an exploit is executing from memory only on your MegaServer, how
would you approach that machine to perform a memory dump? What are the
tools used when dealing with an un trusted machine?

- Privacy & Anonymity: In the ever increasing surveillance of the public
Net, what are the issues privacy-conscious people and administrators should
be aware of? Talks could cover legal topics such as "What can we legally do
to increase our personal privacy?" or "As a network administrator what are
your legal obligations?" etc. Technology talks could cover tools related to
privacy such as defeating forensics tool kits, anonymous networking and
proxies such as FreeNet or JAP or the future of anonymous re-mailers.

- Web, Mail and Other Related Servers: This track will deal with security
issues surrounding "critical" services such as mail, Web, and network
availability. What are the security issues with load balancing, distributed
DNS or system clustering? How do you configure a server to work best under
heavy load and in a hostile network? Internet commerce and web mail
services are also appropriate topics.

- Deep Knowledge: Talks from the above tracks that require twice the normal
time to explore may be selected and moved to this track.

Talks will be either an hour and fifteen minutes or an hour and a half.
Please specify which you would prefer. It is expected the speaker will make
time for audience participation and Q&A.

Submissions should be in Microsoft '97, 2k, XP formats, .PDF, .PS or plain


- What track you are submitting to.

- How much time you would like for your talk (1 1/4 or 1 1/2 hour)

- A brief BIO on why you are qualified to speak on your topic. This BIO
will be used in both the Web site as well as in any printed materials that
may be used for the conference.

- If you need more than two LCD wall projectors for a demonstration, etc.,
please advise how many you need.

- Whether you are speaking on behalf of your company or yourself. If you
are speaking for a company, please specify which organization it is you
work for.

- How many people will be presenting. NOTE: Only one hotel, airfare, and
speaking fee may be provided. Please see below for more details.


Send submissions to Presentations are selected and
evaluated in the order received. If you want to present on a topic, let me
know early even if you turn your materials in right at the deadline. This
helps us plan and select topics. Don't hold off until the last minute!


We can accommodate most any request if it enhances your presentation.
Current tools made available to speakers include: LCD projectors, overhead
projectors, slide projectors, and wireless network access.

This year there will be up to three LCD projectors in a session. If your
talk requires any sort of demonstration we encourage you to set up a
network (Machines can be provided) and have each machine projecting on one
of the LCDs. Audience members will be able to follow along what is
occurring on each node as the talks progress, or the speaker may provide
different information on different screen, etc.

There will be wireless Internet connectivity in case you need network
access to demonstrate any aspect of your presentation.

Please forward any additional resource questions to


Talks will be reviewed in bulk at the submission deadline through a
three-round system. Speakers will be contacted if there are any questions
about their presentations. If your talk is accepted, you can continue to
modify and evolve it up until July 15th, at which time it is frozen for the
printed materials.

Talks that are more technical or reveal new vulnerabilities are of more
interest than a review of material covered many times before. We are
striving to create a high-end technical conference and any talk that helps
reach this goal will be given extra attention.

Here are two elements that will give your presentation a high priority in
getting selected:

- Original content or research that has been created specifically for Black
Hat and has not been seen before gets priority.

- Demonstrations involving new material.

By speaking at The Black Hat Briefings you are granting Black Hat, Inc.
permission to reproduce, distribute, advertise, and show your presentation


The remuneration policy has changed!

If you have never presented at Black Hat before, and you are selected to
present, Black Hat Inc. will pay for one airfare and hotel room.

If you have spoken before you will receive one airfare, hotel room, and a
speaking fee of $1,000.

There are two exceptions to these rules.
- If you have been specifically invited to speak you fall into the second
- If you work for a company that is also an official Black Hat sponsor you
will not receive any remuneration.


Program fees are $1,095 before June 15th, $1,295 after. When registration
is officially open, you will be able to sign up on-line. By registering
early you help out Black Hat. We will be able to better guess total
attendance when computing food, beverage, book and material orders.


Please visit for previous conference archives,
information, and speeches. Updated announcements will be posted to news
groups, security mailing lists, email, and this Web site when available.


The Black Hat Briefings USA 2002 will take place July 31st to August 1st at
Caesar's Palace Casino and Resort ( in Las
Vegas, Nevada.

Thank you for your time!

Jeff Moss,

Relevant Pages