BlackhatAsia 2017 March 30, 2017 to March 10, 2017, marina bay,singapore

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
THE SEVEN AXIOMS OF SECURITY Saumil Udayan Shah "Today's attacks succeed because the defense is reactive." As the defenses have caught up and ...
WHY WE ARE NOT BUILDING A DEFENDABLE INTERNET Halvar Flake In IT security, offensive problems are technical - but most defensive problems are political and ...
MAN-IN-THE-SCADA: ANATOMY OF DATA INTEGRITY ATTACKS IN INDUSTRIAL CONTROL SYSTEMS Chris Sistrunk , Marina Krotofil There is a continuous evolving gap between SCADA/ICS attackers and the defenders. Once unauthorized access ...
24 TECHNIQUES TO GATHER THREAT INTEL AND TRACK ACTORS Wayne Huang , Sun Huang In recent years, we delivered many talks detailing threat actors, their operations, and their tools. ...
3G/4G INTRANET SCANNING AND ITS APPLICATION ON THE WORMHOLE VULNERABILITY Guangdong Bai , Zhang Qing Traditionally, organizing trusted computers within a firewall-equipped intranet which is accessible only to the insiders ...
ALL YOUR EMAILS BELONG TO US: EXPLOITING VULNERABLE EMAIL CLIENTS VIA DOMAIN NAME COLLISION Maxim Goncharov , Ilya Nesterov One of the central points of failure is an email address. We use email addresses ...
ANTI-PLUGIN: DON'T LET YOUR APP PLAY AS AN ANDROID PLUGIN Zhi Xu , Tongbo Luo , Cong Zheng , Xin Ouyang The Android plugin technology is an innovative application-level virtualization framework that allows a mobile application ...
BETTING AGAINST THE HOUSE: SECURITY AND STABILITY WHEN THE ODDS ARE AGAINST YOU Neil Wyler , Bart Stump Designing, deploying, and securing an enterprise network is a stressful job when you have time, ...
BEYOND THE BLACKLISTS: DETECTING MALICIOUS URL THROUGH MACHINE LEARNING Hao Dong , Chenghuai Lu , David Yu , Jin Shang Many types of modern malware utilize HTTP-based communications. Network-level behavioral signature/modeling in malware detection has ...
BREAKING KOREA TRANSIT CARD WITH SIDE-CHANNEL ATTACK - UNAUTHORIZED RECHARGING Tae Won Kim Recent side-channel attacks have shown that the security of smart devices is a matter of ...
CACHE SIDE CHANNEL ATTACK: EXPLOITABILITY AND COUNTERMEASURES Gorka Irazoqui , Xiaofei Guo Cache attacks have proven to be a big concern for security code designers because they ...
CROSS THE WALL - BYPASS ALL MODERN MITIGATIONS OF MICROSOFT EDGE Jack Tang , Henry Li Address Space Layout Randomization(ASLR) and Data Execution Prevention (DEP) and Control Flow Guard (CFG) are ...
DAILY-LIFE PEEPER: BUG HUNTING AND EXPLOIT TECHNIQUES IN IOT Yuhao Song , Huiming Liu As we know, with the rapid increasing and widespread use of IoT devices, the security ...
DELEGATE TO THE TOP: ABUSING KERBEROS FOR ARBITRARY IMPERSONATIONS AND RCE Matan Hart Delegation is the assignment of responsibility or authority to another identity to carry out specific ...
DIG INTO THE ATTACK SURFACE OF PDF AND GAIN 100+ CVES IN 1 YEAR Ke Liu Portable Document Format (a.k.a. PDF) is one of the most widely used file formats in ...
DOMO ARIGATO MR. ROBOTO: SECURITY ROBOTS A LA UNIT-TESTING Seth Law Security testing is difficult, no matter who is doing it or how it is performed. ...
DROP THE ROP: FINE-GRAINED CONTROL-FLOW INTEGRITY FOR THE LINUX KERNEL João Moreira The introduction of W^X memory policies and the subsequent mitigation of return-to-user attacks, tackled the ...
EXPLOITING USB/IP IN LINUX Ignat Korchagin USB/IP is a framework for sharing USB devices over the network: it encapsulates USB I/O ...
FRIED APPLES: JAILBREAK DIY Max Bazaliy , Alex Hude , Vlad Putin In this talk we focus on challenges that Fried Apple team solved in a process ...
GO GET MY/VULNERABILITIES: AN IN-DEPTH ANALYSIS OF GO LANGUAGE RUNTIME AND THE NEW CLASS OF VULNERABILITIES IT INTRODUCES Roberto Clapis Golang is rapidly becoming the language of choice for programming both simple applications for embedded ...
HACK MICROSOFT USING MICROSOFT SIGNED BINARIES Pierre-alexandre Braeken Imagine being attacked by legitimate software tools that cannot be detected by usual defender tools. ...
HACKING HTTP/2 - NEW ATTACKS ON THE INTERNET'S NEXT GENERATION FOUNDATION Nadav Avital HTTP/2 is the emerging network protocol for the Internet, facilitating leaner and faster web browsing ...
HELLO FROM THE OTHER SIDE: SSH OVER ROBUST CACHE COVERT CHANNELS IN THE CLOUD Michael Schwarz , Manuel Weber In this talk, we present the first practical cache covert channel in the cloud. The ...
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT ASIA 2017 Saumil Udayan Shah , Jeff ( Dark Tangent ) Moss , Halvar Flake , Christian Karam At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...
MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE Yan Michalevsky In this talk, we present new applications for cryptographic secret handshakes between mobile devices on ...
MOBILE-TELEPHONY THREATS IN ASIA Payas Gupta , Marco ‘embyte’ Balduzzi , Lion Gu Over the last 10 years, the number of mobile subscribers has largely increased overtaking the ...
MYTH AND TRUTH ABOUT HYPERVISOR-BASED KERNEL PROTECTOR: THE REASON WHY YOU NEED SHADOW-BOX Seunghun Han , Junghwan Kang Protection mechanisms running in the kernel-level (Ring 0) cannot completely prevent security threats such as ...
NEVER LET YOUR GUARD DOWN: FINDING UNGUARDED GATES TO BYPASS CONTROL FLOW GUARD WITH BIG DATA Ke Sun , Ya Ou Control Flow Guard (CFG) is a security mechanism to prevent indirect branches (indirect call/jmp) to ...
OPEN SOURCING AUTOMOTIVE DIAGNOSTICS Eric Evenchick Automotive systems use a small number of protocols for diagnostic functionality. As researchers, it's very ...
PHISHING FOR FUNDS: UNDERSTANDING BUSINESS EMAIL COMPROMISE Keith Turpin Business Email Compromise (aka CEO fraud) is a rapidly expanding cybercrime in which reported cases ...
REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX Marco Grassi Wi-Fi is nowadays an established technology - supported on almost all devices - including the ...
THE IRRELEVANCE OF K-BYTES DETECTION - BUILDING A ROBUST PIPELINE FOR MALICIOUS DOCUMENTS Dan Amiga , Dor Knafo Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files ...
THE POWER OF DATA-ORIENTED ATTACKS: BYPASSING MEMORY MITIGATION USING DATA-ONLY EXPLOITATION TECHNIQUES Chong Xu , Bing Sun , Stanley Zhu As Control Flow Integrity (CFI) enforcement solutions are widely adapted by major applications, traditional memory ...
THE UEFI FIRMWARE ROOTKITS: MYTHS AND REALITY Eugene Rodionov , Alex Matrosov In recent days, the topic of UEFI firmware security is very hot. There is a ...