blackhatUSA2018 2018 Aug. 4, 2018 to Aug. 9, 2018, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes Parisa Tabriz N/A
Detecting Credential Compromise in AWS William Bengtson Credential compromise in the cloud is not a threat that one company faces, rather it ...
Dissecting Non-Malicious Artifacts: One IP at a Time Ido Naor , Dani Goland For years and years, anti-malware solutions, across many levels of the network, have been assisted ...
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking Louis Dion-marcil When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors ...
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection Kingkane Malmquist The purpose of an information security awareness program serves to protect business data through user ...
Finding Xori: Malware Analysis Triage with Automated Disassembly Amanda Rousseau , Richard Seymour In a world of high volume malware and limited researchers, we need a dramatic improvement ...
Holding on for Tonight: Addiction in InfoSec Jamie Tomasello Substance abuse is present in and affects all communities, even information security. This session will ...
How I Learned to Stop Worrying and Love the SBOM Allan Friedman Despite its simplicity, the "software bill of materials" (SBOM) has been met with apathy and ...
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware Richard Harang , Felipe Ducau Security is a constant cat-and-mouse game between those trying to keep abreast of and detect ...
Software Attacks on Hardware Wallets Alyssa Milburn , Sergei Volokitin Almost all security research has a question often left unanswered: what would be the financial ...
A Dive in to Hyper-V Architecture & Vulnerabilities Nicolas Joly , Joe Bialek Virtualization technology is an increasingly common foundation on which platform security is built and clouds ...
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths Jay Little In the blockchain, contracts may be lost but are never forgotten. Over 1,500,000 Ethereum smart ...
Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools Joshua Saxe Anyone who keeps up with technology news has read about deep neural networks beating human ...
From Bot to Robot: How Abilities and Law Change with Physicality Brittany Postnikoff , Wendy Knox Everette , Sara-jayne Terp Online bots and real-world robots are both capable of manipulating people and communities. Online bots ...
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous Liang Chen Modern operating systems nowadays implement read-only memory mappings at their CPU architecture level, preventing common ...
Miasm: Reverse Engineering Framework Fabrice Desclaux , Camille Mougey Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). ...
New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers Samuel Groß As finding reliably exploitable vulnerabilities in web browser engines becomes gradually harder, attackers turn to ...
Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops Celeste Paul , Josiah Dykstra Hacking is a high-risk, high-reward, with a high-cost to human capital. In this session, we ...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever Marina Krotofil , Andrea Carcano , Younes Dragoni In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial ...
CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment Sergey Gordeychik , Aleksandr Timorin The software defined wide-area network is technology based on SDN approach applied to branch office ...
Compression Oracle Attacks on VPN Networks Ahamed Nafeez Security researchers have done a good amount of practical attacks in the past using chosen ...
Deep Dive into an ICS Firewall, Looking for the Fire Hole Julien Lenoir , Benoit Camredon Industrial control systems (ICS) security has become a serious concern over the past years. Indeed, ...
Legal Landmines: How Law and Policy are Rapidly Shaping Information Security Jennifer Granick , Joseph Menn , Leonard Bailey , Amit Elazari , Allison Bender , Paul Rosen The Internet was a much different place 25 years ago. Technology, and the free flow ...
No Royal Road … Notes on Dangerous Game Mara Tam Attribution fatigue is real. We are 20 years past Moonlight Maze, 15 years past Titan ...
Remotely Attacking System Firmware Mickey Shkatov , Oleksandr Bazhaniuk , Jesse Michael In recent years, we have been witnessing a steady increase in security vulnerabilities in firmware. ...
Reversing a Japanese Wireless SD Card - From Zero to Code Execution Guillaume Valadon Toshiba FlashAir are wireless SD cards used by photographers and IoT enthusiasts. They integrate both ...
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers Aurélien Francillon , Sebastian Poeplau , Marius Muench , Giovanni Camurati , Tom Hayes The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," ...
There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently Marc Witteman , Niek Timmers , Alyssa Milburn , Nils Wiersma , Ramiro Pareja Veredas , Santiago Cordoba Pellicer Automotive security is a hot topic, and hacking cars is cool. These vehicles are suffering ...
An Attacker Looks at Docker: Approaching Multi-Container Applications Wesley Mcgrew Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale ...
Don't @ Me: Hunting Twitter Bots at Scale Jordan Wright , Olabode Anise Automated Twitter accounts have been making headlines for their ability to spread spam and malware ...
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering Matt Wixeye Traditional phishing and social engineering attack techniques are typically well-documented and understood. While such attacks ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it Sean Metcalf N/A
Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community Jay Radcliffe , Christian quaddi Dameff It's not easy to miss the gunshot wound in the trauma bay, or the cough ...
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology Lee Christensen , Matt Graeber While security products are a great supplement to the defensive posture of an enterprise, to ...
The Unbearable Lightness of BMC's Nico Waisman , Matias Sebastian Soler Welcome to a data center! A place where the air conditioner never stops and the ...
Threat Modeling in 2018: Attacks, Impacts and Other Updates Adam Shostack Attacks always get better, and that means your threat modeling needs to evolve. This talk ...
WireGuard: Next Generation Secure Network Tunnel Jason A. Donenfeld The state of VPN protocols is not pretty, with popular options, such as IPsec and ...
A Brief History of Mitigation: The Path to EL1 in iOS 11 Ian Beer In December last year, I released the async_wake exploit for iOS 11.1.2. In this talk, ...
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre Art Manion , Matt Linton , Christopher Robinson , Eric Doerr It's January 2nd, 2018. Your phone buzzes. You've been working for more than 6 months ...
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! Orange Tsai We propose a new exploit technique that brings a whole-new attack surface to defeat path ...
Breaking the IIoT: Hacking industrial Control Gateways Thomas Roth Industrial control gateways connect most of the critical infrastructure surrounding us to the centralized management ...
LTE Network Automation Under Threat Ravishankar Borgaonkar , Altaf Shaik The control and management of mobile networks is shifting from manual to automatic in order ...
Open Sesame: Picking Locks with Cortana Tal Be'ery , Amichai Shulman , Ron Marcovich , Yuval Ron Many new devices are trying to fit into our life seamlessly. As a result, there’s ...
Squeezing a Key through a Carry Bit Filippo Valsorda The Go implementation of the P-256 elliptic curve had a small bug due to a ...
Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems Nemanja Mulasmajic , Nicolas Peterson There exists a "feature" in the x86 architecture that, due to improper programming by many ...
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? David Weston Over the last year, the "zero trust" network (ZTN) security architecture concept has generated interest ...
AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries Kang Li AFL has claimed many successes on fuzzing a wide range of applications. In the past ...
A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme Neha Narula , Ethan Heilman Our talk presents attacks on the cryptography used in the cryptocurrency IOTA, which is currently ...
Back to the Future: A Radical Insecure Design of KVM on ARM Rahul Kashyap , Baibhav Singh In ARM there are certain instructions that generates exception. Such instructions are typically executed to ...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure Kevin Perlow The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to ...
How can Communities Move Forward After Incidents of Sexual Harassment or Assault? Makenzie Peterson When incidents of sexual harassment or sexual assault occur within communities, as we've recently seen ...
I, for One, Welcome Our New Power Analysis Overlords Colin O'flynn Despite high-profile failures, there can be no doubt that embedded security is improving. Yet, several ...
InfoSec Philosophies for the Corrupt Economy Lawrence Munro The majority of systematic approaches to information security are created by contributors from stable nation ...
Is the Mafia Taking Over Cybercrime? Jonathan Lusthaus Claims abound that the Mafia is not only getting involved in cybercrime, but taking a ...
The Air-Gap Jumpers Mordechai Guri The term 'air-gap' in cyber security refers to a situation in which a sensitive computer, ...
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware Oliver Schranz The Android Runtime (ART), even though introduced in Android 5 already, has not received much ...
Demystifying PTSD in the Cybersecurity Environment Joe Slowik In February 2018, an article appeared concerning 'cybersecurity PTSD' and its impact on the security ...
Fire & Ice: Making and Breaking macOS Firewalls Patrick Wardle In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential ...
Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines Carsten Schuermann The WinVote voting machine was used extensively in Virginia elections during 2004 and 2015. It ...
Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims Cathal Smyth , Clare Gollnick Right now, combatting credit card fraud is mostly a reactionary process. Issuers wait until transactions ...
Real Eyes, Realize, Real Lies: Beating Deception Technologies Matan Hart Recent advancements have reinvented deception technologies and their use as a security layer of defense, ...
Stop that Release, There's a Vulnerability! Christine Gadsby Software companies can have hundreds of software products in-market at any one time, all requiring ...
The Problems and Promise of WebAssembly Natalie Silvanovich WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native ...
Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key L jean Camp , Gianpaolo Russo , Sanchari Das Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report ...
Black Box is Dead. Long Live Black Box! Aleksei Stennikov , Vladimir Kononovich The number of logic attacks on ATMs continues to rise. Some of them involve a ...
Identity Theft: Attacks on SSO Systems Kelby Ludwig SAML is often the trust anchor for Single Sign-On (SSO) in most modern day organizations. ...
Kernel Mode Threats and Practical Defenses Joe Desimone , Gabriel Landau Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot ...
New Norms and Policies in Cyber-Diplomacy Jeff ( Dark Tangent ) Moss , Jane holl Lute , James Andrew Lewis , Christopher Painter After the last round of the UN sponsored consultations on international cybersecurity collapsed in 2016, ...
Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots Hiroshi Suzuki , Minoru Kobayashi Volume Shadow Copy Service (VSS) is a backup feature for recent Windows OSes. You can ...
Snooping on Cellular Gateways and Their Critical Role in ICS Justin Shattuck To keep up with the growing demand of always-on and available-anywhere connectivity, the use of ...
The Science of Hiring and Retaining Female Cybersecurity Engineers Ashley Holtz The wisdom on why it is difficult to recruit and retain women in the industry ...
The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet Alex Ionescu , Gabrielle Viala All Windows researchers know about RPC and ALPC, and the attack surface provided through the ...
Your Voice is My Passport John Seymour , Azeem Aqil Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a ...
A Deep Dive into macOS MDM (and How it can be Compromised) Jesse Endahl , Max Bélanger On macOS, DEP (Device Enrollment Program) and MDM (Mobile Device Management) are the recommended methods ...
AI & ML in Cyber Security - Why Algorithms are Dangerous Raffael Marty Every single security company is talking in some way or another about how they are ...
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies Alejandro Hernandez With the advent of electronic trading platforms and networks, the exchange of financial securities now ...
Decompiler Internals: Microcode Ilfak Guilfanov This talk sheds some light into the intermediate language that is used inside the Hex-Rays ...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities Brad Geesaman Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity ...
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Christian Dresen , Jens Müller OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From ...
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs Christopher Domas Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems ...
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives Christian quaddi Dameff , Jeffrey Tully , Maxwell Bland Healthcare infosec is in critical condition- too few bodies, underfunded to a fault, and limping ...
Stealth Mango and the Prevalence of Mobile Surveillanceware Andrew Blaich , Michael Flossman In this talk, we will unveil the new in-house capabilities of a nation state actor ...
Applied Self-Driving Car Security Chris Valasek , Charlie Miller In the not too distant future, we'll live in a world where computers are driving ...
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service Wang Kang , Yi-qun Hui Live video streaming services are getting more and more popular in China. In order to ...
Outsmarting the Smart City Daniel Crowley , Jennifer Savage , Mauro Paredes The term "smart city" evokes imagery of flying cars, shop windows that double as informational ...
Playback: A TLS 1.3 Story Alejo Murillo Moya , Alfonso Garcia Alguacil TLS 1.3 is the new secure communication protocol that should be already with us. One ...
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks Holly Stewart , Jugal Parikh , Randy Treit Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable ...
So I became a Domain Controller Benjamin Delpy , Vincent Le Toux "They told me I could be anything I wanted, so I became a Domain Controller."While ...
TLBleed: When Protecting Your CPU Caches is Not Enough Ben Gras We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers ...
WebAssembly: A New World of Native Exploits on the Browser Justin Engler , Tyler Lukasiewicz WebAssembly (WASM) is a new technology being developed by the major browser vendors through the ...
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities Matt Miller , Anders Fogh , Christopher Ertl 2018 started off with a bang as the world was introduced to a new class ...
Another Flip in the Row Daniel Gruss , Moritz Lipp , Michael Schwarz The Rowhammer bug is an issue in most DRAM modules which allows software to cause ...
Automated Discovery of Deserialization Gadget Chains Ian Haken Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, ...
Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time Ian G. Harris , Marcel Carlsson Social engineering is a big problem but very little progress has been made in stopping ...
Exploitation of a Modern Smartphone Baseband Marco Grassi , Muqing Liu , Tianyi Xie In this talk, we will explore the baseband of a modern smartphone, discussing the design ...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities Xinyu Xing , Jimmy Su , Wei Wu Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address ...
How can Someone with Autism Specifically Enhance the Cyber Security Workforce? Rhett Greenhagen , Casey Hurt , Dr. Stacy Thayer This session outlines how someone with Autism Spectrum Disorder (ASD) offers a unique skillset that ...
Last Call for SATCOM Security Ruben Santamarta In 2014, we took to the stage and presented "A Wake-up Call for SATCOM Security," ...
Legal Liability for IOT Cybersecurity Vulnerabilities Ijay Palansky There has been much discussion of "software liability," and whether new laws are needed to ...
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator Alexei Bulazel Windows Defender's mpengine.dll implements the core of Defender antivirus' functionality in an enormous ~11 MB, ...
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems Leigh-anne Galloway , Tim Yunusov These days it's hard to find a business that doesn't accept faster payments. Mobile Point ...
Hardening Hyper-V through Offensive Security Research Jordan Rabet Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. ...
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies Jonas Zaddach , Andrei Costin Computer malware in all its forms is nearly as old as the first PCs running ...
Lowering the Bar: Deep Learning for Side Channel Analysis Jasper van Woudenberg , Baris Ege , Guilherme Perin Deep learning can help automate the signal analysis process in power side channel analysis. So ...
Mainframe [z/OS] Reverse Engineering and Exploit Development Chad Rikansrud Speak with any Fortune 500 running mainframe and they'll tell you two things: (1) without ...
Practical Web Cache Poisoning: Redefining 'Unexploitable James Kettle Modern web applications are composed from a crude patchwork of caches and content delivery networks. ...
SDL That Won't Break the Bank Steve Lipner Over the last fifteen years, many large software development organizations have adopted Security Development Lifecycle ...
SirenJack: Cracking a 'Secure' Emergency Warning Siren System Balint Seeber SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ...
Understanding and Exploiting Implanted Medical Devices Billy Rios , Jonathan Butts There has been significant attention recently surrounding the risks associated with cyber vulnerabilities in critical ...
DeepLocker - Concealing Targeted Attacks with AI Locksmithing Jiyong Jang , Marc Ph. Stoecklin , Dhilung Kirat In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks ...
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina Bhargava Shastry , Dominik Maier , Vincent Ulitzsch Setting up a fuzzing pipeline takes time and manual effort for identifying fuzzable programs and ...
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It Sam Thomas Recent years have seen the emergence of PHP unserialization vulnerabilities as a viable route to ...
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report Neil Wyler , Bart Stump Back with another year of soul crushing statistics, the Black Hat NOC team will be ...
Meltdown: Basics, Details, Consequences Daniel Gruss , Moritz Lipp , Michael Schwarz The security of computer systems fundamentally relies on the principle of confidentiality. Confidentiality is typically ...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars Ling Liu , Sen Nie , Yuefeng Du , Wenkai Zhang We, Keen Security Lab of Tencent, have successfully implemented two remote attacks on the Tesla ...
Return of Bleichenbacher's Oracle Threat (ROBOT) Hanno Böck , Craig Young With a 19 year old vulnerability, we were able to sign a message with the ...
The Finest Penetration Testing Framework for Software-Defined Networks Seungwon Shin , Seungsoo Lee , Jinwoo Kim , Seungwon Woo Software-Defined Networking (SDN) is getting attention for the next-generation networking today. The key concept of ...
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library Maddie Stone Malware authors implement many different techniques to frustrate analysis and make reverse engineering malware more ...