BlackHatUS 2014 Aug. 2, 2014 to Aug. 7, 2014, las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
CYBERSECURITY AS REALPOLITIK Dan Geer Power exists to be used. Some wish for cyber safety, which they will not get. ... IncludeThinkstScapes
48 DIRTY LITTLE SECRETS CRYPTOGRAPHERS DON'T WANT YOU TO KNOW Thomas Ptacek , Alex Balducci Over the past year, more than 10,000 people participated in the Matasano crypto challenges, a ...
802.1X AND BEYOND! Brad Antoniewicz IEEE 802.1x has been leveraged for a long time for authentication purposes. Up until this ...
A JOURNEY TO PROTECT POINTS-OF-SALE Nir Valtman Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against ...
A PRACTICAL ATTACK AGAINST VDI SOLUTIONS Daniel Brodie , Michael Shaulov The secure BYOD hype is growing and Virtual Desktop Infrastructure (VDI) is considered the alternative ...
A SCALABLE, ENSEMBLE APPROACH FOR BUILDING AND VISUALIZING DEEP CODE-SHARING NETWORKS OVER MILLIONS OF MALICIOUS BINARIES Joshua Saxe The millions of unique malicious binaries gathered in today's white-hat malware repositories are connected through ...
A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES Charlie Miller , Christopher Valasek Automotive security concerns have gone from the fringe to the mainstream with security researchers showing ...
ABUSE OF CPE DEVICES AND RECOMMENDED FIXES Paul A. Vixie , Jonathan m. Spring , Chris Hallenbeck Consumer Premise Equipment (CPE) has become common, nearly ubiquitous, home and small office attire. Many ...
ABUSING MICROSOFT KERBEROS: SORRY YOU GUYS DON'T GET IT Benjamin Delpy , Alva Duckwall Microsoft Active Directory uses Kerberos to handle authentication requests by default. However, if the domain ...
ABUSING PERFORMANCE OPTIMIZATION WEAKNESSES TO BYPASS ASLR Byoungyoung Lee , Tielei Wang , Yeongjin Jang The primary goal of ASLR is to effectively randomize a program's memory layout so that ...
ANDROID FAKEID VULNERABILITY WALKTHROUGH Jeff "rfp" Forristal The team that discovered the Android MasterKey vulnerability in 2013 is here to present another ...
APT ATTRIBUTION AND DNS PROFILING Frankie Li Advanced Persistent Threat (APT) attacks are highly organized and are launched for prolonged periods. APT ...
ATTACKING MOBILE BROADBAND MODEMS LIKE A CRIMINAL WOULD Andreas Lindh While there has certainly been some interesting research into the security of mobile broadband modems, ...
BABAR-IANS AT THE GATE: DATA PROTECTION AT MASSIVE SCALE Davi Ottenheimer We are meant to measure and manage data with more precision than ever before using ...
BADGER - THE NETWORKED SECURITY STATE ESTIMATION TOOLKIT Edmond Rogers , William Rogers , Gabe Weaver The recently open sourced Cyber Physical Topology Language (CPTL) has allowed cyber defenders the capability ...
BADUSB - ON ACCESSORIES THAT TURN EVIL Karsten Nohl , Jakob Lell USB has become so commonplace that we rarely worry about its security implications. USB sticks ...
BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik , Ben Hayak A mysterious vulnerability from 2011 almost made the Bitcoin network collapse. Silk Road, MTGox, and ...
BREAKING THE SECURITY OF PHYSICAL DEVICES Silvio Cesare In this talk, I look at a number of household or common devices and things, ...
BRINGING SOFTWARE DEFINED RADIO TO THE PENETRATION TESTING COMMUNITY Jean-michel Picod , Jonathan-christofer Demay , Arnaud Lebrun The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of ...
BUILDING SAFE SYSTEMS AT SCALE - LESSONS FROM SIX MONTHS AT YAHOO Alex Stamos Our profession is at a crossroads. The success of malicious actors such as phishers, spammers, ...
CALL TO ARMS: A TALE OF THE WEAKNESSES OF CURRENT CLIENT-SIDE XSS FILTERING Martin Johns , Ben Stock , Sebastian Lekies Cross-Site Scripting (XSS) is one of the most severe security vulnerabilities of the web. With ...
CAPSTONE: NEXT GENERATION DISASSEMBLY FRAMEWORK Quynh Nguyen Anh Disassembly framework is the fundamental component in all binary analysis, reversing, and exploit development. However, ...
CATCHING MALWARE EN MASSE: DNS AND IP STYLE Thibault Reuille , Dhia Mahjoub , Andree Toonk The Internet is constantly growing, providing a myriad of new services both legitimate and malicious. ...
CELLULAR EXPLOITATION ON A GLOBAL SCALE: THE RISE AND FALL OF THE CONTROL PROTOCOL Marc Blanchou , Mathew solnik Since the introduction of the smart phone, the issue of control has entered a new ...
CLOUDBOTS: HARVESTING CRYPTO COINS LIKE A BOTNET FARMER Rob Ragan , Oscar Salazar What happens when computer criminals start using friendly cloud services for malicious activities? In this ...
COMPUTRACE BACKDOOR REVISITED Anibal Sacco , Vitaliy Kamluk , Sergey Belov This presentation includes a live demonstration of security flaws in modern anti-theft technologies that reside ...
CONTEMPORARY AUTOMATIC PROGRAM ANALYSIS Julian Cohen The ability to automatically discover security vulnerabilities has been coveted since Martin Bishop's team found ...
CREATING A SPIDER GOAT: USING TRANSACTIONAL MEMORY SUPPORT FOR SECURITY Igor Muttik , Alex Nayshtut Often a solution from one area helps solve problems in a completely different field. In ...
DATA-ONLY PWNING MICROSOFT WINDOWS KERNEL: EXPLOITATION OF KERNEL POOL OVERFLOWS ON MICROSOFT WINDOWS 8.1 Nikita Tarakanov Each new version of Windows OS Microsoft enhances security by adding security mitigation mechanisms - ...
DEFEATING THE TRANSPARENCY FEATURE OF DBI Kang Li , Xiaoning Li DynamoRIO and similar dynamic binary instrumentation (DBI) systems are used for program analysis, profiling, and ...
DIGGING FOR IE11 SANDBOX ESCAPES James Forshaw In June 2013, Microsoft started the first of their new bug-bounty programs, focusing on finding ...
DYNAMIC FLASH INSTRUMENTATION FOR FUN AND PROFIT Timo Hirvonen Many of the latest Flash exploits seen in the wild (CVE-2013-5329, CVE-2013-5330, CVE-2014-0497, etc) are ...
EPIDEMIOLOGY OF SOFTWARE VULNERABILITIES: A STUDY OF ATTACK SURFACE SPREAD Jake Kouns , Kymberlee Price Many developers today are turning to well established third-party libraries to speed the development process ...
EVASION OF HIGH-END IPS DEVICES IN THE AGE OF IPV6 Enno Rey , Antonios Atlasis IPv6 era is here, either if you already use it or if you continue to ...
EXPLOITING UNPATCHED IOS VULNERABILITIES FOR FUN AND PROFIT Billy Lau , Byoungyoung Lee , Tielei Wang , Yeongjin Jang Patching all vulnerabilities for a modern, complex software system (i.e., Windows, iOS) is often difficult ...
EXPOSING BOOTKITS WITH BIOS EMULATION Lars Haukli Stealth and persistency are invaluable assets to an intruder. You cannot defend against what you ...
EXTREME PRIVILEGE ESCALATION ON WINDOWS 8/UEFI SYSTEMS Xeno Kovah , Corey Kallenberg , Samuel Cornwell The UEFI specification has more tightly coupled the bonds of the operating system and the ... IncludeThinkstScapes
FINDING AND EXPLOITING ACCESS CONTROL VULNERABILITIES IN GRAPHICAL USER INTERFACES Collin Mulliner Graphical user interfaces (GUIs) contain a number of common visual elements or widgets such as ...
FINGERPRINTING WEB APPLICATION PLATFORMS BY VARIATIONS IN PNG IMPLEMENTATIONS Dominique Bongard Fingerprinting is an important preliminary step when auditing web applications. But the usual techniques based ...
FROM ATTACKS TO ACTION - BUILDING A USABLE THREAT MODEL TO DRIVE DEFENSIVE CHOICES Tony Sager By any historical standard, it would be fair to call today the "Golden Age Of ...
FULL SYSTEM EMULATION: ACHIEVING SUCCESSFUL AUTOMATED DYNAMIC ANALYSIS OF EVASIVE MALWARE Christopher Kruegel Today, forensics experts and anti-malware solutions face a multitude of challenges when attempting to extract ...
GOVERNMENTS AS MALWARE AUTHORS: THE NEXT GENERATION Mikko Hypponen After cancelling his RSA talk in protest, Mikko delivered his talk on Governments as Malware ...
GRR: FIND ALL THE BADNESS, COLLECT ALL THE THINGS Greg Castle While on vacation Joe saw something weird happen on his machine, and thinks he might ...
HACKING THE WIRELESS WORLD WITH SOFTWARE DEFINED RADIO - 2.0 Balint Seeber Ever wanted to spoof a restaurant's pager system? How about use an airport's Primary Surveillance ...
HOW SMARTCARD PAYMENT SYSTEMS FAIL Ross Anderson The USA is starting to introduce EMV, the Europay-Mastercard-Visa system for making payments using chip ...
HOW TO LEAK A 100-MILLION-NODE SOCIAL GRAPH IN JUST ONE WEEK? - A REFLECTION ON OAUTH AND API DESIGN IN ONLINE SOCIAL NETWORKS Pili Hu , Wing Cheong Lau Many Online Social Networks (OSN) are using OAuth 2.0 to grant access to API endpoints ...
HOW TO WEAR YOUR PASSWORD Markus Jakobsson We introduce a new authentication paradigm that achieves both a desirable user experience and a ...
I KNOW YOUR FILTERING POLICY BETTER THAN YOU DO: EXTERNAL ENUMERATION AND EXPLOITATION OF EMAIL AND WEB SECURITY SOLUTIONS Ben Williams Email and web filtering products and services are core components for protecting company employees from ...
ICSCORSAIR: HOW I WILL PWN YOUR ERP THROUGH 4-20 MA CURRENT LOOP Alexander Bolshev , Gleb Cherbov Modern Industrial Control Systems (ICS) are deeply integrated with other parts of corporate networks. Plant ... IncludeThinkstScapes
INTERNET SCANNING - CURRENT STATE AND LESSONS LEARNED Mark Schloesser After publishing raw data sets and engaging with the community within our Internet Scanning efforts ...
INVESTIGATING POWERSHELL ATTACKS Ryan Kazanciyan , Matt Hastings Over the past two years, we've seen targeted attackers increasingly make use of PowerShell to ...
IT JUST (NET)WORKS: THE TRUTH ABOUT IOS 7'S MULTIPEER CONNECTIVITY FRAMEWORK Alban Diquet With the release of iOS 7, Apple has quietly introduced a nifty feature called Multipeer ...
LEARN HOW TO CONTROL EVERY ROOM AT A LUXURY HOTEL REMOTELY: THE DANGERS OF INSECURE HOME AUTOMATION DEPLOYMENT Jesus Molina Have you ever had the urge to create mayhem at a hotel? Force every hotel ...
LEVIATHAN: COMMAND AND CONTROL COMMUNICATIONS ON PLANET EARTH Kenneth Geers , Kevin Thompson Every day, computer network attackers leverage a Leviathan of compromised infrastructure, based in every corner ...
LIFECYCLE OF A PHONE FRAUDSTER: EXPOSING FRAUD ACTIVITY FROM RECONNAISSANCE TO TAKEOVER USING GRAPH ANALYSIS AND ACOUSTICAL ANOMALIES Telvis Calhoun , Vijay Balasubramaniyan , Raj Bandyopadhyay Enterprises are vulnerable to "human hacking," the effective social engineering of employees, contractors, and other ...
MINIATURIZATION Jason Larsen Too often researchers ignore the hard parts of SCADA hacking. Too many presentations could be ... IncludeThinkstScapes
MISSION MPOSSIBLE Nils , Jon Butler Mobile Point-of-Sale (mPOS) systems allow small businesses and drug dealers to accept credit card payments ...
MOBILE DEVICE MISMANAGEMENT Stephen Breen MDM solutions are ubiquitous in today's enterprise environment. They provide a way for security and ...
MORE SHADOW WALKER: THE PROGRESSION OF TLB-SPLITTING ON X86 Jacob Torrey This talk will cover the concept of translation lookaside buffer (TLB) splitting for code hiding ...
MULTIPATH TCP: BREAKING TODAY'S NETWORKS WITH TOMORROW'S PROTOCOLS Patrick Thomas , Catherine Pearce MultiPath TCP (MPTCP) is an extension to TCP that enables sessions to use multiple network ... IncludeThinkstScapes
MY GOOGLE GLASS SEES YOUR PASSWORDS! Xinwen Fu , Qinggang Yue , Zhen Ling In this presentation, we introduce a novel computer vision based attack that automatically discloses inputs ...
NETWORK ATTACHED SHELL: N.A.S.TY SYSTEMS THAT STORE NETWORK ACCESSIBLE SHELLS Jacob Holcomb Through extensive analysis, Independent Security Evaluators (ISE) has identified dozens of previously undisclosed, critical security ...
"NOBODY IS LISTENING TO YOUR PHONE CALLS." REALLY? A DEBATE AND DISCUSSION ON THE NSA'S ACTIVITIES Mark Jaycox , Jamil Jaffer "We failed to connect the dots. And so, we had to come up with a ...
ONE PACKER TO RULE THEM ALL: EMPIRICAL IDENTIFICATION, COMPARISON, AND CIRCUMVENTION OF CURRENT ANTIVIRUS DETECTION TECHNIQUES Alaeddine Mesbahi , Arne Swinnen Lately, many popular anti-virus solutions claim to be the most effective against unknown and obfuscated ...
OPENSTACK CLOUD AT YAHOO SCALE: HOW TO AVOID DISASTER Anders Beitnes OpenStack is an Open Source project that allows you to manage a cloud of VMs ...
ORACLE DATA REDACTION IS BROKEN David Litchfield The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows ...
PIVOTING IN AMAZON CLOUDS Andrès Pablo Riancho From no access at all, to the company Amazon's root account, this talk will teach ...
POACHER TURNED GAMEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS Rafal Wojtczuk Hypervisors have become a key element of both cloud and client computing. It is without ...
POINT OF SALE SYSTEM ARCHITECTURE AND SECURITY Lucas Zaichkowsky To most people, Point of Sale (POS) systems with integrated payment processing are a black ...
PREVALENT CHARACTERISTICS IN MODERN MALWARE Rodrigo Rubira Branco , Gabriel negreira Barbosa Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples ... IncludeThinkstScapes
PROBABILISTIC SPYING ON ENCRYPTED TUNNELS Brandon Niemczyk , Prasad Rao At the network layer, encrypted tunnels are typically seen as black boxes. Network traffic however, ...
PROTECTING DATA IN-USE FROM FIRMWARE AND PHYSICAL ATTACKS Steve Weis Recent revelations of the NSA ANT program illustrated the many well-known and low-cost physical and ...
PULLING BACK THE CURTAIN ON AIRPORT SECURITY: CAN A WEAPON GET PAST TSA? Billy Rios Every day, millions of people go through airport security. While it is an inconvenience that ...
RAVAGE - RUNTIME ANALYSIS OF VULNERABILITIES AND GENERATION OF EXPLOITS Yoel Gluck , Xiaoran Wang In this talk, we will show cutting edge research and a tool built to accurately ...
REFLECTIONS ON TRUSTING TRUSTZONE Dan Rosenberg TrustZone has emerged as a leading option for security-critical tasks on ARM devices. It has ...
RESEARCHING ANDROID DEVICE SECURITY WITH THE HELP OF A DROID ARMY Joshua j. Drake In the last few years, Android has become the world's leading smart phone operating system. ...
REVERSE ENGINEERING FLASH MEMORY FOR FUN AND BENEFIT Jeong wook Oh There are many benefits to interacting directly with Flash memory when you're having a hard ...
REVERSE-ENGINEERING THE SUPRA IBOX: EXPLOITATION OF A HARDENED MSP430-BASED DEVICE Braden Thomas This presentation walks through the reverse engineering and exploitation of a hardened embedded device and ...
SAP, CREDIT CARDS, AND THE BIRD THAT TALKS TOO MUCH Ertunga Arsal SAP applications build the business backbone of the largest organizations in the world. In this ...
SATCOM TERMINALS: HACKING BY AIR, SEA, AND LAND Ruben Santamarta Satellite Communications (SATCOM) play a vital role in the global telecommunications system. We live in ...
SAVING CYBERSPACE Jason Healey Imagine that twenty years after Johannes Gutenberg invented mechanical movable type, the Pope and the ...
SECSI PRODUCT DEVELOPMENT: TECHNIQUES FOR ENSURING SECURE SILICON APPLIED TO OPEN-SOURCE VERILOG PROJECTS Joseph Fitzpatrick Secure development processes for software have formed, developed, and matured in the past decade to ...
SECURE BECAUSE MATH: A DEEP-DIVE ON MACHINE LEARNING-BASED MONITORING Alex Pinto We could all have predicted this with our magical Big Data analytics platforms, but it ...
SIDEWINDER TARGETED ATTACK AGAINST ANDROID IN THE GOLDEN AGE OF AD LIBS Yulong Zhang , Tao Wei While Google Play has little malware, many vulnerabilities exist in the apps as well as ...
SMART NEST THERMOSTAT: A SMART SPY IN YOUR HOME Daniel Buentello , Yier Jin , Grant Hernandez The Nest thermostat is a smart home automation device that aims to learn about your ...
STATIC DETECTION AND AUTOMATIC EXPLOITATION OF INTENT MESSAGE VULNERABILITIES IN ANDROID APPLICATIONS Daniele Gallingani We identified a set of vulnerabilities that common Android Apps programming (mis)practices might introduce. We ...
STAY OUT OF THE KITCHEN: A DLP SECURITY BAKE-OFF Zach Lanier , Kelly Lum Despite a plethora of data security and protection standards and certifications, companies and their systems ...
SVG: EXPLOITING BROWSERS WITHOUT IMAGE PARSING BUGS Rennie Degraaf SVG is an XML-based format for vector graphics. Modern web browsers support it natively and ...
THE BEAST IS IN YOUR MEMORY: RETURN-ORIENTED PROGRAMMING ATTACKS AGAINST MODERN CONTROL-FLOW INTEGRITY PROTECTION TECHNIQUES Ahmad-reza Sadeghi , Daniel Lehmann Return-oriented Programming (ROP) is a powerful exploitation technique used in nearly every exploit today. It ...
THE BEAST WINS AGAIN: WHY TLS KEEPS FAILING TO PROTECT HTTP Antoine Delignat-lavaud SSL has been around for decades and yet it keeps happening: new attacks are being ...
THE BIG CHILL: LEGAL LANDMINES THAT STIFLE SECURITY RESEARCH AND HOW TO DISARM THEM Marcia Hofmann , Kevin Bankston , Trey Ford Security research is a dangerous business. The threat of lawsuits or even prosecution hangs heavy ...
THE DEVIL DOES NOT EXIST - THE ROLE OF DECEPTION IN CYBER Matt Devost , Mark Mateski While it might be convenient to think of cyberadversaries as ones and zeros, the reality ...
THE LIBRARY OF SPARTA Greg Conti , Tom ( Decius ) Cross , David Raymond On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee ...
THE NEW PAGE OF INJECTIONS BOOK: MEMCACHED INJECTIONS Ivan Novikov Memcached is a distributed memory caching system. It is in great demand in big-data Internet ...
THE NEW SCOURGE OF RANSOMWARE: A STUDY OF CRYPTOLOCKER AND ITS FRIENDS Lance James , John Bambenek In March of this year, a Romanian man killed himself and his 4-year old son ...
THE STATE OF INCIDENT RESPONSE Bruce Schneier The last of the protection-detection-response triad to get any real attention, incident response is big ...
THINKING OUTSIDE THE SANDBOX - VIOLATING TRUST BOUNDARIES IN UNCOMMON WAYS Brian Gorenc , Jasiel Spelman Attacking the modern browser and its plugins is becoming harder. Vendors are employing numerous mitigation ...
THREAT INTELLIGENCE LIBRARY - A NEW REVOLUTIONARY TECHNOLOGY TO ENHANCE THE SOC BATTLE RHYTHM! Ryan Trost Cyber indicators are the 'new-er' detection strategy to help dismantle adversarial assaults and the volume ...
TIME TRIAL: RACING TOWARDS PRACTICAL TIMING ATTACKS Daniel A. Mayer , Joel Sandin Attacks on software become increasingly sophisticated over time and while the community has a good ...
UNDERSTANDING IMSI PRIVACY Ravishankar Borgaonkar , Swapnil Udar It is said that 80% of the world's population now has a mobile phone. They ...
UNDERSTANDING TOCTTOU IN THE WINDOWS KERNEL FONT SCALER ENGINE Yu Wang The Font Scaler engine is widely used in Microsoft Windows and Mac OS operating systems ...
UNVEILING THE OPEN SOURCE VISUALIZATION ENGINE FOR BUSY HACKERS Andrew Hay , Thibault Reuille The way a human efficiently digests information varies from person-to-person. Scientific studies have shown that ... IncludeThinkstScapes
UNWRAPPING THE TRUTH: ANALYSIS OF MOBILE APPLICATION WRAPPING SOLUTIONS Ron Gutierrez , Stephen Komal One of the latest trends of BYOD solutions is to employ "Mobile Application Management (MAM)," ...
VOIP WARS: ATTACK OF THE CISCO PHONES Fatih Ozavci Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. ...
WHAT GOES AROUND COMES BACK AROUND - EXPLOITING FUNDAMENTAL WEAKNESSES IN BOTNET C&C PANELS! Aditya K Sood Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from ...
WHEN THE LIGHTS GO OUT: HACKING CISCO ENERGYWISE Matthias Luft , Ayhan Soner Koca Energy Management Protocols (EMPs) are used in a variety of devices and environments. Their purpose ...
WHY CONTROL SYSTEM CYBER-SECURITY SUCKS... Stefan Lders Since the 2010's "Stuxnet" sabotage attempt, cyber-security of industrial control systems (ICS) or "SCADA" has ...
WHY YOU NEED TO DETECT MORE THAN PTH Matthew Hathaway , Jeff Myers Compromised credentials are a key predatory weapon in the attackers arsenal, and this isn't changing ...
WINDOWS KERNEL GRAPHICS DRIVER ATTACK SURFACE Ilja van Sprundel Ever wondered about the attack surface of graphics drivers on Windows? Are they similar to ...