BlackHatEU 2016 Nov. 1, 2016 to Nov. 4, 2016, London,uk

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
(PEN)TESTING VEHICLES WITH CANTOOLZ Alexey Sintsov CANToolz is an open-source framework for working with CAN bus. In this presentation we will ...
50 THOUSAND NEEDLES IN 5 MILLION HAYSTACKS: UNDERSTANDING OLD MALWARE TRICKS TO FIND NEW MALWARE FAMILIES Verónica Valeros , Karel Bartos , Lukas Machlica The malware landscape is characterised by its rapid and constant evolution. Defenders often find themselves ...
AI BASED ANTIVIRUS: CAN ALPHAAV WIN THE BATTLE IN WHICH MAN HAS FAILED? Thomas Lei Wang , Liuping Hou , Zhijun Jia , Yanyan Ji This talk will introduce our work on AI based Antivirus using deep learning. We can ...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AUTOMATA LEARNING George Argyros , Ioannis Stais Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the ...
ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY Clémentine Maurice , Moritz Lipp In the last years, mobile devices and smartphones have become the most important personal computing ...
ATTACKING WINDOWS BY WINDOWS Li Zhou , Yin Liang Since win8, Microsoft introduced a variety of exploit mitigations into Windows kernel, such as Kernel ...
AUTOMATING INCIDENT RESPONSE: SIT BACK AND RELAX BOTS ARE TAKING OVER… Elvis Hovor , Mohamed El-sharkawi Our research focuses on illustrating the value of automating functions and processes within Incident Response. ...
BACKSLASH POWERED SCANNING: HUNTING UNKNOWN VULNERABILITY CLASSES James Kettle Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific ...
BREAKING BHAD: ABUSING BELKIN HOME AUTOMATION DEVICES Scott Tenaglia , Joe Tanen In 2013 and 2014 several high profile vulnerabilities were found in Belkin's WeMo line of ...
BREAKING BIG DATA: EVADING ANALYSIS OF THE METADATA OF YOUR LIFE David Venable You are under surveillance. We all are. If you're targeted by a government, nothing you ...
BYPASSING CLANG'S SAFESTACK FOR FUN AND PROFIT Herbert Bos , Georgios Portokalidis , Elias Athanasopoulos , Cristiano Giuffrida , Enes Göktaş , Robert Gawlik , Benjamin Kollenda , Aggelos Oikonomopoulos SafeStack, a new compiler feature currently only available in clang[1] and underway for GCC[2], protects ...
BYPASSING SECURE BOOT USING FAULT INJECTION Niek Timmers , Albert Spruyt More and more embedded systems implement Secure Boot to assure the integrity and confidentiality of ...
CHASING FOXES BY THE NUMBERS: PATTERNS OF LIFE AND ACTIVITY IN HACKER FORUMS Christopher Ahlberg Cyber criminals, hacktivists, and the occasional state actor tend to congregate in underground forums and ...
CODE DEOBFUSCATION: INTERTWINING DYNAMIC STATIC AND SYMBOLIC APPROACHES Sébastien Bardin , Robin David Over the years, obfuscation has taken a significant place in the software protection field. The ...
CTX: ELIMINATING BREACH WITH CONTEXT HIDING Aggelos Kiayias , Dimitris Karakostas , Dionysis Zindros , Eva Sarafianou The BREACH attack presented at Black Hat USA 2013 still has not been mitigated, despite ...
CYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be'ery , Itai Grady In this talk, we will show how defenders can take a few pages out of ...
DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK Silke Holtmanns , Bhanu Kotte , Siddharth Rao Ever since the public revelation of global surveillance and the exploits targeting the mobile communication ...
DRAMA: HOW YOUR DRAM BECOMES A SECURITY PROBLEM Michael Schwarz , Anders Fogh In this talk, we will present our research into how the design of DRAM common ...
EFFECTIVE FILE FORMAT FUZZING – THOUGHTS TECHNIQUES AND RESULTS Mateusz “j00ru” Jurczyk Fuzzing, as a native software testing technique, is an extremely popular approach to vulnerability hunting ...
EGO MARKET: WHEN PEOPLE'S GREED FOR FAME BENEFITS LARGE-SCALE BOTNETS Olivier Bilodeau , Masarah Paquet-clouston Want to give your blog a push or your "gun show" more views? Then why ...
FLIP FENG SHUI: ROWHAMMERING THE VM'S ISOLATION Herbert Bos , Bart Preneel , Cristiano Giuffrida , Kaveh Razavi , Erik Bosman , Ben Gras We show how an attacker virtual machine (VM) can induce Rowhammer bit flips over memory ...
GHOST IN THE PLC: DESIGNING AN UNDETECTABLE PROGRAMMABLE LOGIC CONTROLLER ROOTKIT Ali Abbasi , Majid Hashemi Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. ...
GPU SECURITY EXPOSED Justin Taft GPUs are found in millions of devices, allowing for stunning imagery to be generated on ...
HOW TO FOOL AN ADC PART II OR HIDING DESTRUCTION OF TURBINE WITH A LITTLE HELP OF SIGNAL PROCESSING Alexander Bolshev , Gabriel Gonzalez We live in the analog world but program and develop digital systems. The key element ...
I KNOW WHAT YOU SAW LAST MINUTE - THE CHROME BROWSER CASE Ran Dubin Every day, hundreds of millions of Internet users view videos online - in particular on ...
INSIDE WEB ATTACKS: THE REAL PAYLOADS John Graham-cumming When serious vulnerabilities like ShellShock or ImageTragick are revealed, the announcement is often accompanied by ...
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT EUROPE 2016 Jeff ( Dark Tangent ) Moss , Sharon Conheady , Chris Wysopal , Daniel Cuthbert At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...
MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS Seth Hardy , Andrew Blaich , Max Bazaliy This briefing will take an in-depth look at the technical capabilities of mobile attacks that ...
NARCOS COUNTERFEITERS AND SCAMMERS: AN APPROACH TO VISUALIZE ILLEGAL MARKETS Andrew Lewman , Stevan Keraudy Counterfeiting is a global issue - one that has become even more complex as this ...
POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME Stefano Zanero , Federico Maggi While we have grown accustomed to stealthy malware, specifically written to gain and maintain control ...
RANDOMIZATION CAN'T STOP BPF JIT SPRAY N. Asokan , Elena Reshetova , Filippo Bonazzi Linux Berkeley Packet Filters (BPF) is a mechanism that was originally introduced in Linux kernel ...
REAL-WORLD POST-QUANTUM CRYPTOGRAPHY: INTRODUCING THE OPENQUANTUMSAFE SOFTWARE PROJECT Jennifer Fernick Almost all of the widely-used cryptography on the internet will be broken or substantially compromised ...
ROOTING EVERY ANDROID: FROM EXTENSION TO EXPLOITATION Di Shen , Jiahong (james) Fang These years, Keen Lab of Tencent (formerly known as the Keen Team), worked on various ...
SIGNING INTO ONE BILLION MOBILE APP ACCOUNTS EFFORTLESSLY WITH OAUTH2.0 Wing Cheong Lau , Ronghai Yang OAuth2.0 protocol has been widely adopted by mainstream Identity Providers (IdPs) to support Single-Sign-On services. ...
STUMPING THE MOBILE CHIPSET Adam Donenfeld Following recent security issues discovered in Android, Google made a number of changes to tighten ...
TALKING BEHIND YOUR BACK: ATTACKS AND COUNTERMEASURES OF ULTRASONIC CROSS-DEVICE TRACKING Christopher Kruegel , Giovanni Vigna , Shuang Hao , Federico Maggi , Yanick Fratantonio , Vasilios Mavroudis Cross-device tracking (XDT) technologies are currently the "Holy Grail" for marketers because they allow to ...
TOWARDS A POLICY-AGNOSTIC CONTROL-FLOW INTEGRITY IMPLEMENTATION Ahmad-reza Sadeghi , Yier Jin , Dean Sullivan , Orlando Arias Control-flow integrity (CFI) is a general defense against code-reuse attacks. In theory, a CFI implementation ...
USE-AFTER-USE-AFTER-FREE: EXPLOIT UAF BY GENERATING YOUR OWN Guanxing Wen This talk will introduce Use-After-Use-After-Free (UAUAF), a novel and relatively universal exploitation technique for UAF ...
WHEN VIRTUALIZATION ENCOUNTER AFL: A PORTABLE VIRTUAL DEVICE FUZZING FRAMEWORK WITH AFL Moony Li , Jack Tang Along with virtualization technology adopted by both enterprise and customer popularly, virtual machines escape attacking ...
WIFI-BASED IMSI CATCHER Ravishankar Borgaonkar , Piers O'hanlon We introduce a new type of IMSI catcher which operates over WiFi. Whilst existing Stingray ...