BlackHatEU 2015 Nov. 10, 2015 to Nov. 13, 2015, amsterdam,netherlands

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
WHAT GOT US HERE WONT GET US THERE Haroon Meer It's no secret that we have huge challenges in InfoSec: Every day we seem to ...
(IN-)SECURITY OF BACKEND-AS-A-SERVICE Steven Arzt , Siegfried Rasthofer Smartphone applications frequently need to store data remotely. From a developer's point of view, setting ...
A PEEK UNDER THE BLUE COAT Raphaël Rigo Blue Coat ProxySG systems are widely deployed in big corporations to handle web traffic proxying ...
ALL YOUR ROOT CHECKS BELONG TO US: THE SAD STATE OF ROOT DETECTION Nathan S. Evans , Azzedine Benameur , Yun Shen Today, mobile devices are ubiquitous; a facet of everyday life for most people. Due to ...
ANDROBUGS FRAMEWORK: AN ANDROID APPLICATION SECURITY VULNERABILITY SCANNER Yu-cheng Lin Android developers sometimes make coding mistakes with some of these mistakes leading to serious security ...
ATTACKING THE XNU KERNEL IN EL CAPITAIN Luca Todesco The XNU kernel powers Apple's operative systems. As their market share grows, exploitation of OS ...
AUTHENTICATOR LEAKAGE THROUGH BACKUP CHANNELS ON ANDROID Guangdong Bai Security of authentication protocols heavily replies on the confidentiality of credentials (or authenticators) like passwords ...
AUTOMATING LINUX MALWARE ANALYSIS USING LIMON SANDBOX Monnappa K A A number of devices are running Linux due to its flexibility and open source nature. ...
BREAKING ACCESS CONTROLS WITH BLEKEY Eric Evenchick , Mark Baseggio RFID access controls are broken. In this talk, we will demonstrate how to break into ...
BYPASSING LOCAL WINDOWS AUTHENTICATION TO DEFEAT FULL DISK ENCRYPTION Ian Haken In 2007, starting with Windows Vista, Microsoft began shipping a full disk encryption feature named ...
BYPASSING SELF-ENCRYPTING DRIVES (SED) IN ENTERPRISE ENVIRONMENTS Kevvie Fowler , Daniel Boteanu For years, Full-Disk Encryption (FDE) solutions have been advertised as the "silver bullet" solution to ...
COMMIX: DETECTING AND EXPLOITING COMMAND INJECTION FLAWS Anastasios Stasinopoulos , Christoforos Ntantogian , Christos Xenakis Command injections are prevalent to any application independently of its operating system that hosts the ...
CONTINUOUS INTRUSION: WHY CI TOOLS ARE AN ATTACKERS BEST FRIENDS Nikhil Mittal Continuous Integration (CI) tools provide an excellent attack surface due to the no/poor security controls, ...
CYBERCRIME IN THE DEEP WEB Marco ‘embyte’ Balduzzi , Vincenzo Ciancaglini All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly ...
CYBERSECURITY FOR OIL AND GAS INDUSTRIES: HOW HACKERS CAN MANIPULATE OIL STOCKS Alexander mikhailovich Polyakov , Mathieu Geli The industries most plagued by cyber-attacks are oil and gas. Several attacks against the infrastructure ...
DEFENDING AGAINST MALICIOUS APPLICATION COMPATIBILITY SHIMS Sean Pierce The Application Compatibility Toolkit (ACT) is an important component of the Microsoft Application Compatibility ecosystem ...
EVEN THE LASTPASS WILL BE STOLEN DEAL WITH IT! Alberto Garcia , Martin Vigo Password managers have become very popular as a solution to avoid reusing passwords. With that ...
EXPLOITING ADOBE FLASH PLAYER IN THE ERA OF CONTROL FLOW GUARD Francisco Falcon Adobe Flash Player, one of the most ubiquitous pieces of software, is integrated into the ...
FAUX DISK ENCRYPTION: REALITIES OF SECURE STORAGE ON MOBILE DEVICES Daniel A. Mayer , Drew Suarez The number of mobile users has recently surpassed the number of desktop users, emphasizing the ...
FUZZING ANDROID: A RECIPE FOR UNCOVERING VULNERABILITIES INSIDE SYSTEM COMPONENTS IN ANDROID Alexandru Blanda The presentation focuses on a fuzzing approach that can be used to uncover different types ...
GOING AUTH THE RAILS ON A CRAZY TRAIN Jeff Jarmoc , Tomek Rabczak Rails has a strong foundation in convention over configuration. In this regard, Rails handles a ...
HEY MAN HAVE YOU FORGOTTEN TO INITIALIZE YOUR MEMORY? Yuki Chen , Linan Hao When the rules for this year's Pwn2Own contest came out, there was only less than ...
HIDING IN PLAIN SIGHT - ADVANCES IN MALWARE COVERT COMMUNICATION CHANNELS Pierre-marc Bureau , Christian Dietrich Steganography, the art of concealing information in different types of medias, is a very old ...
HOW TO BREAK XML ENCRYPTION - AUTOMATICALLY Juraj Somorovsky In recent years, XML Encryption has become a target of several new attacks. These attacks ...
IMPLEMENTING PRACTICAL ELECTRICAL GLITCHING ATTACKS Brett Giller Techniques for glitching attacks are well known, but there is little information on how to ...
IS YOUR TIMESPACE SAFE? - TIME AND POSITION SPOOFING OPENSOURCELY Aimin Pan , Wang Kang , Shuhua Chen We have found a way to produce GPS spoofing with an extremely low cost SDR ...
LESSONS FROM DEFENDING THE INDEFENSIBLE Marek Majkowski For the last year, we've been working hard to optimize CloudFlare's infrastructure to survive different ...
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT EUROPE 2015 Haroon Meer , Jeff ( Dark Tangent ) Moss , Marion Marschalek , Jennifer Savage At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...
LTE & IMSI CATCHER MYTHS Ravishankar Borgaonkar , N. Asokan , Jean-pierre Seifert , Valtteri Niemi , Altaf Shaik It is true that LTE (4G) is more secure than its old generations GSM (2G) ...
NEW (AND NEWLY-CHANGED) FULLY QUALIFIED DOMAIN NAMES: A VIEW OF WORLDWIDE CHANGES TO THE INTERNETS DNS Paul A. Vixie The Domain Name System (DNS) is highly dynamic, and changes to it are continually taking ...
NEW TOOL FOR DISCOVERING FLASH PLAYER 0-DAY ATTACKS IN THE WILD FROM VARIOUS CHANNELS Peter Pi 2015 is the Year of Flash. Zero day attacks found in 2015 are almost always ...
PANEL: WHAT YOU NEED TO KNOW ABOUT THE CHANGING REGULATORY LANDSCAPE IN INFORMATION SECURITY Vincenzo Iozzo , Halvar Flake , Paul Timmers , Richard Tynan , Marietje Schaake The past two years have seen an increasing amount of scrutiny of the Information Security ...
SELF-DRIVING AND CONNECTED CARS: FOOLING SENSORS AND TRACKING DRIVERS Jonathan Petit Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic ...
SILENTLY BREAKING ASLR IN THE CLOUD Mathias Payer , Thomas Gross , Antonio Barresi , Kaveh Razavi To reduce the memory footprint and to increase the cost-effectiveness of virtual machines (VMs) running ...
STEGOSPLOIT - EXPLOIT DELIVERY WITH STEGANOGRAPHY AND POLYGLOTS Saumil Udayan Shah "A good exploit is one that is delivered with style." Stegosploit creates a new way ...
TRIAGING CRASHES WITH BACKWARD TAINT ANALYSIS FOR ARM ARCHITECTURE Dongwoo Kim , Sangwho Kim We have developed a set of tools for analyzing crashes that occur on Linux OS ...
UNBOXING THE WHITE-BOX: PRACTICAL ATTACKS AGAINST OBFUSCATED CIPHERS Job de Haas , Cristofaro Mune , Eloi Sanfelix White-Box Cryptography (WBC) aims to provide software implementations of cryptographic algorithms that are resistant against ...
VOIP WARS: DESTROYING JAR JAR LYNC Fatih Ozavci Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as ...
VULNERABILITY EXPLOITATION IN DOCKER CONTAINER ENVIRONMENTS Anthony Bettini According to Forrester, 53% of IT respondents say their biggest concern about containers is security. ...
WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING Tal Be'ery , Michael Cherny Being the default authentication protocol for Windows-based networks, the Kerberos protocol is a prime target ...