HackInTheBox 2014 May 29, 2014 to May 30, 2014, Amsterdam,Netherlands

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
KEYNOTE 1: Security at the End of the Universe Katie Moussouris All the firewalls have been configured. All the IDS and AV signatures have been updated. ...
KEYNOTE 2: Building a Strategic Defense Against the Global Threat Landscape Kristin Lovejoy Cyber threats have become a boardroom agenda and significant technical concern for many companies today, ...
AIS Exposed: New Vulnerabilities and Attacks Alessandro Pasta , Marco ‘embyte’ Balduzzi AIS, Automatic Identification System, is a promoted standard and implementation for vessels traffic safety and ...
Setup for Failure: More Ways to Defeat SecureBoot Xeno Kovah , Corey Kallenberg , John Butterworth , Sam Cornwell Over the past year, a number of BIOS security issues have come to light. And ...
Vulnerabilities Exposed at the Protocol Level in TN3270-based Applications Dominic White Mainframe “green screen” applications are often accessed remotely over TCP/IP networks through the use of ... IncludeThinkstScapes
Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing Fabien Duchene Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected ...
XSSing Your Way to Shell Hans-michael Varbaek Cross-Site Scripting isn’t new, but there is generally a large belief among vendors, corporations and ...
The NSA Playset Michael Ossmann The leaked pages from the ANT catalog have given us unprecedented insight into the capabilities ...
State of the ART: Exploring the New Android KitKat Runtime Paul Vincent Sabanal Android KitKat introduced a new experimental runtime virtual machine called ART which features ahead-of-time compilation ...
Sniffing the Airwaves with RTL-SDR Yashin Mehaboobe Radio communication is one of those areas in which most solutions use security through obscurity. ...
Hacking Your Cable TV Network: Die Hard Style Rahul Sasi Ever since I started with computers and hacking, I was fascinated with the idea of ...
LOL (Layers On Layers) – Bypassing Endpoint Security for Fun and Profit Rafal Wojtczuk , Rahul Kashyap Over the past many years, there’ve been a plethora of security solutions available for Windows-based ...
Legacy Sandboxing: Escaping IE11 Enhanced Protected Mode James Forshaw In June 2013 Microsoft started the first of their new bug-bounty programs, focusing on finding ... IncludeThinkstScapes
Reloading Java Exploits: Long Live Old JRE! Donato Ferrante , Luigi Auriemma With the new releases of the Java Runtime, Oracle is trying to raise the level ...
Exploiting NoSQL Like Never Before Francis Alexander With the rise of NoSQL databases,more and more corporates as well as end users have ... IncludeThinkstScapes
Compromise-as-a-Service: Our PleAZURE Enno Rey , Matthias Luft , Felix Wilhelm This could have be a comprehensive introduction about the ubiquity of virtualization, the essential role ...
REboot: Bootkits Revisited Samuel Chevet The first public bootkit POC was the BootRoot project presented by Derek Soeder at BlackHat ...
CLOSING KEYNOTE: Cyber Security: Creation or Evolution Mischel Kwon An examination of Cybersecurity over the past 30 years. Where did this begin, where are ...
KEYNOTE 3: Behind the Crosswire Pamela Fusco The mere existence of uncertainty alters decisions and outcomes. We are faced with making choices ...
KEYNOTE 4: Hack It Forward Jennifer Steffens Thirty years ago, movies like War Games and The Manhattan Project inspired legions of digital ...
Alice’s Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment Steffen Wendzel , Sebastian Szlosarczyk Building automation systems (BAS) are IT components integrated in and capable to control and monitor ...
Exploring and Exploiting iOS Web Browsers Lukasz Pilorz , Marek Zmyslowski In 2013, market share of mobile browsers in web traffic exceeded 20% and is constantly ...
Exploit Development for New Platforms Based on 64-bits Juan Sacco Since every single CPU being sold in the last few years is 64 bits, it’s ...
Scalable Network Recon: Why Port Scans are for Pussies Fred Raynal , Adrien Guinet Scanning the Internet is not a new topic. It has been done since forever and ...
Bitcoin Forensics: Fact or Fiction? Neyolov Evgeny Bitcoin was one of the hottest topics of the past year. It is decentralized virtual ...
JS Suicide: Using Javascript Security Features to Kill Itself Ahamed Nafeez JavaScript today has a presence in almost every single website across the Internet. Aggressive research ...
On Her Majesty’s Secret Service: GRX and a Spy Agency Stephen Kho , Rob Kuiters GPRS Roaming eXchange (GRX) has been in mainstream media recently as part of the high ...
Breaking Cloud Isolation Ivan Novikov This presentation consists of practical cases with examples of how to break different isolation mechanisms ...
Tintorera: Attack Surface Intelligence of Source Code Simon Roses Software gets more complex by the minute, in many cases with millions of line of ...
Exploiting Passbook to Fly For Free Anthony Hariton A lot of concerns arise about modern civil aviation by the day. From sophisticated hardware ...
In the Middle of Printers: The (In)Security of Pull Printing Solutions Jakub Kaluzny Big corporations and financial institutions need secure pull printing services which guarantee proper encryption, data ...
G-Jacking AppEngine-based Applications Nicolas Collignon , Samir Megueddem Cloud, SaaS, PaaS, IaaS… these buzzwords often mean obscure black boxes. Among all the offers, ...
Shellcodes for ARM: Your Pills Don’t Work on Me, x86 Svetlana Gaivoronski , Ivan Petrov Despite that it is almost 2014, the problem of shellcode detection, discovered in 1999, is ...
FRODO: Format Reverser of Data Objects Anton Dorfman All software works with data: receives input, processes it, and returns output. Understanding the data ...