blackhateu 2017 Dec. 6, 2017 to Dec. 7, 2017, london,uk

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
DIPLOMACY AND COMBATING EVOLVING INTERNATIONAL CYBER THREATS Chris Painter Governments and high-level executives have transitioned from seeing both policy and technical cyber threats as ...
SECURITY THROUGH DISTRUSTING Joanna Rutkowska There are different approaches to making (computer) systems (reasonably) secure and trustworthy:At one extreme, we ...
A PROCESS IS NO ONE: HUNTING FOR TOKEN MANIPULATION Jared Atkinson , Robby Winchester Does your organization want to start Threat Hunting, but you're not sure how to begin? ...
A UNIVERSAL CONTROLLER TO TAKE OVER A Z-WAVE NETWORK Loïc Rouch With the advent of Internet-of-Things, Z-Wave is a major communication protocol for home automation systems. ...
ATTACKING NEXTGEN ROAMING NETWORKS Daniel Mende , Hendrik Schmidt Weaknesses of SS7 Roaming Networks are well known – but what about the Diameter interfaces ...
ATTACKS AGAINST GSMA'S M2M REMOTE PROVISIONING Maxime Meyer GSMA is investigating, developing and standardizing an embedded SIM card with remote provisioning (that is, ...
AUTOMATIC DISCOVERY OF EVASION VULNERABILITIES USING TARGETED PROTOCOL FUZZING Antti Levomäki , Olli-pekka "opi" Niemi Network protocol normalization and reassembly is the basis of traffic inspection performed by NGFW and ...
BECOMING YOU: A GLIMPSE INTO CREDENTIAL ABUSE Sonia Burney , Brent Maynard In recent years, security threats have exponentially increased, as have the potential solutions to detect ...
BLUEBORNE - A NEW CLASS OF AIRBORNE ATTACKS THAT CAN REMOTELY COMPROMISE ANY LINUX/IOT DEVICE Gregory Vishnepolsky , Ben Seri The thought of a cyber attack spreading through the air like a plague was only ...
BREAKING BAD: STEALING PATIENT DATA THROUGH MEDICAL DEVICES Saurabh Harit This talk discusses the risks of connected healthcare devices. It looks at the benefits of ...
BREAKING OUT HSTS (AND HPKP) ON FIREFOX IE/EDGE AND (POSSIBLY) CHROME Sergio Santos , Sheila Berta Observing Microsoft's reports, the Edge browser - and its previous version, Internet Explorer - supports ...
BY-DESIGN BACKDOORING OF ENCRYPTION SYSTEM - CAN WE TRUST FOREIGN ENCRYPTION ALGORITHMS Eric Filiol , Arnaud Bannier Recent years have shown that more than ever governments and intelligence agencies strive to control ...
CALDERA: AUTOMATING ADVERSARY EMULATION Douglas Miller , Andy Applebaum Adversarial assessment of a network is a critical part of securing and hardening it; done ...
CLKSCREW: EXPOSING THE PERILS OF SECURITY-OBLIVIOUS ENERGY MANAGEMENT Salvatore Stolfo , Adrian Tang , Simha Sethumadhavan The need for power and energy-efficient computing has resulted in aggressive cooperative hardware-software energy management ...
DEALING THE PERFECT HAND - SHUFFLING MEMORY BLOCKS ON Z/OS Ayoub Elaassal Follow me on a journey where we pwn one of the most secure platforms on ...
DIFUZZING ANDROID KERNEL DRIVERS Shuang Hao , Aravind Machiry , Jake Corina , Chris Shoshitaishvili As the rest of the Android security infrastructure improves, the Android/Linux kernel is well on ...
ENRAPTURED MINDS: STRATEGIC GAMING OF COGNITIVE MINDHACKS Fyodor Yarochkin , Vladimir borisovich Kropotov , Lion Gu There is no spoon! We live in the Matrix and no information can be trusted ...
EXFILTRATING RECONNAISSANCE DATA FROM AIR-GAPPED ICS/SCADA NETWORKS David Atch , George Lashenko Air-gapped industrial networks are assumed to be impenetrable because they are disconnected from the Internet ...
EXPOSING HIDDEN EXPLOITABLE BEHAVIORS IN PROGRAMMING LANGUAGES USING DIFFERENTIAL FUZZING Fernando Arnaboldi Securely developed applications may have unidentified vulnerabilities in the underlying programming languages. Attackers can target ...
FED UP GETTING SHATTERED AND LOG JAMMED? A NEW GENERATION OF CRYPTO IS COMING David Wong The SHA-3 standard came out in 2015 including the new hash function SHA-3 itself (based ...
GDPR AND THIRD PARTY JS - CAN IT BE DONE? Avital Grushcovski The European Union's General Data Protection Regulation (GDPR) is set to go into effect in ...
HEAP LAYOUT OPTIMISATION FOR EXPLOITATION Sean Heelan Heap-based overflows and underflows are a common vulnerability in software built in C and C++. ...
HIDING PIN'S ARTIFACTS TO DEFEAT EVASIVE MALWARE Stefano Zanero , Andrea Continella , Mario Polino , Sebastiano Mariani , Lorenzo Fontana , Stefano D'alessio , Fabio Gritti Malware authors constantly develop new techniques in order to evade analysis systems. Previous works addressed ...
HOW SAMSUNG SECURES YOUR WALLET AND HOW TO BREAK IT Hc Ma Samsung launched its mobile payment service -- SamsungPay. For about two years, few discussion have ...
HOW TO HACK A TURNED-OFF COMPUTER OR RUNNING UNSIGNED CODE IN INTEL MANAGEMENT ENGINE Mark Ermolov , Maxim Goryachy Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the ...
HOW TO ROB A BANK OVER THE PHONE - LESSONS LEARNED AND REAL AUDIO FROM AN ACTUAL SOCIAL ENGINEERING ENGAGEMENT Joshua Crumbaugh This talk will be 50% real audio from a social engineering engagement and 50% lessons ...
I TRUST MY ZOMBIES: A TRUST-ENABLED BOTNET Max Mühlhäuser , Emmanouil Vasilomanolakis , Shankar Karuppayah , Jan Helge Wolf , Leon Böck Defending against botnets has always been a cat and mouse game. Cyber-security researchers and government ...
INSIDE ANDROID'S SAFETYNET ATTESTATION Collin Mulliner , John Kozyrakis Many app developers often have questions like the following: "Is the device my app runs ...
INTEL ME: FLASH FILE SYSTEM EXPLAINED Dmitry Sklyarov Intel Management Engine (ME) technology has been around for over 10 years (since 2005), but ...
JAILBREAKING APPLE WATCH Max Bazaliy On April 24, 2015, Apple launched themselves into the wearables category with the introduction of ...
KEY REINSTALLATION ATTACKS: BREAKING THE WPA2 PROTOCOL Mathy Vanhoef We introduce key reinstallation attacks. These attacks abuse features of a protocol to reinstall an ...
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT EUROPE 2017 Shawn Moyer , Jeff ( Dark Tangent ) Moss , Sharon Conheady , Andreas Lindh At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...
LOST IN TRANSACTION: PROCESS DOPPELGÄNGING Tal Liberman , Eugene Kogan Process Hollowing is a technique first introduced years ago by attackers to thwart the mitigation ...
NATION-STATE MONEYMULE'S HUNTING SEASON – APT ATTACKS TARGETING FINANCIAL INSTITUTIONS Kyoung-ju Kwak , Chi-en (ashley) Shen , Min-chang Jang Lazarus, Bluenoroff, and Andariel are three notorious APT groups from North Korea infamous for deconstruction, ...
PASSIVE FINGERPRINTING OF HTTP/2 CLIENTS Ory Segal , Elad Shuster HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP ...
RED TEAM TECHNIQUES FOR EVADING BYPASSING AND DISABLING MS ADVANCED THREAT PROTECTION AND ADVANCED THREAT ANALYTICS Chris Thompson Windows Defender Advanced Threat Protection is now available for all Blue Teams to utilize within ...
RO(O)TTEN APPLES: VULNERABILITY HEAVEN IN THE IOS SANDBOX Adam Donenfeld In modern days, no exploitation chain can be considered complete without a reliable privilege escalation ...
SELF-VERIFYING AUTHENTICATION – A FRAMEWORK FOR SAFER INTEGRATIONS OF SINGLE-SIGN-ON SERVICES Shuo Chen , Shaz Qadeer , Ravishankar K. Iyer , Matt Mccutchen , Phuong Cao SSO (single-sign-on) services, such as those provided by Facebook, Google and Microsoft Azure, are integrated ...
THE APPLE OF YOUR EFI: AN UPDATED ANALYSIS OF THE STATE OF APPLE'S EFI SECURITY SUPPORT Rich Smith , Pepijn Bruienne Duo Labs conducted an extensive data analysis on the state of Apple's EFI security from ...
THE GREAT ESCAPES OF VMWARE: A RETROSPECTIVE CASE STUDY OF VMWARE G2H ESCAPE VULNERABILITIES Debasish Mandal , Yakun Zhang Virtual machine escape is the process of breaking out of the virtual machine and interacting ...
THE SPEAR TO BREAK THE SECURITY WALL OF S7COMMPLUS Lei Cheng In the past few years, attacks against industrial control systems (ICS) have increased year over ...
WI-FI DIRECT TO HELL: ATTACKING WI-FI DIRECT PROTOCOL IMPLEMENTATIONS Andres Blanco Today Wi-Fi is everywhere and is by far the most widely used wireless networking protocol. ...
ZERO DAYS THOUSANDS OF NIGHTS: THE LIFE AND TIMES OF ZERO-DAY VULNERABILITIES AND THEIR EXPLOITS Lillian Ablon Zero-day vulnerabilities and their exploits are useful in offensive operations as well as in defensive ...