BlackHatUSA 2013 July 27, 2013 to Aug. 1, 2013, Las Vegas,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Bochspwn: Identifying 0-days via System-wide Memory Access Pattern Analysis Gynvael Coldwind , Mateusz Jurczyk Throughout the last two decades, the field of automated vulnerability discovery has evolved into the ...
Bluetooth Smart: The Good, The Bad, The Ugly, and The Fix! Mike Ryan Bluetooth Smart, AKA Bluetooth Low Energy (BTLE), is a new modulation mode and link-layer packet ...
BlackBerryOS 10 from a security perspective Ralf-Philipp Weinmann BlackBerry prides itself with being a strong contender in the field of secure mobile platforms. ...
Black-Box Assessment of Pseudorandom Algorithms Derek Soeder , Christopher Abad , Gabriel Acevedo Last year at Black Hat, Argyros and Kiayias devastated all things pseudorandom in open-source PHP ...
BIOS Security Xeno Kovah , Corey Kallenberg , John Butterworth In 2011 the National Institute of Standard and Technology (NIST) released a draft of special ...
BinaryPig - Scalable Malware Analytics in Hadoop Jason Trost , Zachary Hanif , Telvis Calhoun Over the past 2.5 years Endgame received 20M samples of malware equating to roughly 9.5 ...
Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus) Cyrill Brunschwiler Government requirements, new business cases, and consumer behavioral changes drive energy market players to improve ...
Exploiting Network Surveillance Cameras Like a Hollywood Hacker Craig Heffner This talk will examine 0-day vulnerabilities that can be trivially exploited by remote attackers to ...
End-to-End Analysis of a Domain Generating Algorithm Malware Family Jason Geffner Select malware families have used Domain Generating Algorithms (DGAs) over the past few years in ...
Dissecting CSRF Attacks & Countermeasures Mike Shema , Sergey Shekyan , Vaagn Toukharian Cross Site Request Forgery (CSRF) remains a significant threat to web apps and user data. ...
CreepyDOL: Cheap, Distributed Stalking Brendan O'Connor Are you a person with a few hundred dollars and an insatiable curiosity about your ...
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto Let's face it: we may win some battles, but we are losing the war pretty ...
Compromising Industrial Facilities From 40 Miles Away Carlos mario Penagos , Lucas Apa The evolution of wireless technologies has allowed industrial automation and control systems (IACS) to become ...
Combating the Insider Threat at the FBI: Real World Lessons Learned Patrick Reidy What do T.S. Eliot, Puxatony Phil, eugenics, DLP, crowdsourcing, black swans, and narcissism have in ...
Buying into the Bias: Why Vulnerability Statistics Suck Brian Martin , Steve Christey Academic researchers, journalists, security vendors, software vendors, and other enterprising... uh... enterprises often analyze vulnerability ...
Bugalyze.com - Detecting Bugs Using Decompilation and Data Flow Analysis Silvio Cesare Bugwise is a free online web service at www.bugalyze.com to perform static analysis of binary ...
Funderbolt: Adventures in Thunderbolt DMA Attacks Russ Sevinsky Intel's Thunderbolt allows for high-speed data transfers for a variety of peripherals including high-resolution high-bandwidth ...
Fully Arbitrary 802.3 Packet Injection: Maximizing the Ethernet Attack Surface Andrea Barisani , Daniele Bianco It is generally assumed that crafting arbitrary, and sniffing, Fast Ethernet packets can be performed ...
The Factoring Dead: Preparing for the Cryptopocalypse Thomas Ptacek , Alex Stamos , Tom Ritter , Javed Samuel The last several years has seen an explosion of practical exploitation of widespread cryptographic weaknesses, ...
Evading deep inspection for fun and shell Olli-pekka Niemi , Antti Levomäki Whether you have a Next Generation Firewall, an IPS, IDS, or a BDS, the security ...
Home Invasion v2.0 - Attacking Network-Controlled Hardware Daniel Crowley , David ( VideoMan ) Bryan , Jennifer Savage A growing trend in electronics is to have them integrate with your home network in ...
Hiding @ Depth - Exploring, Subverting and Breaking NAND Flash memory Josh 'm0nk' Thomas In the world of digital storage, gone are the days of spinning platters and magnetic ...
Hacking, Surveilling, and Deceiving victims on Smart TV Seungjin 'biest' Lee Smart TVs sold over 80,000,000 units around the world in 2012. This next generation "smart" ...
Hacking like in the Movies: Visualizing Page Tables for Local Exploitation Georg Wicherski , Alexandru Radocea A shiny and sparkling way to break user-space ASLR, kernel ASLR and even find driver ...
Android: one root to own them all Jeff ( Rain Forrest Puppy ) Forristal This presentation is a case study showcasing the technical details of Android security bug 8219321, ...
Take Risk, Don’t Fail Brian Muirhead N/A
Keynotes Alexander N/A
Hunting the Shadows: In Depth Analysis of Escalated APT Attacks Fyodor Yarochkin , Tsung Pei Kan , Ming-chang Chiu , Ming-wei Benson Wu APT attacks are a new emerging threat and have made headlines in recent years. However, ...
How to Grow a TREE (Taint-enabled Reverse Engineering Environment) From CBASS (Cross-platform Binary Automated Symbolic-execution System) Nathan Li , Loc Nguyen , Xing Li , James Just Binary analysis techniques from academic research have been introduced into the reverse engineering community as ...
Hot Knives Through Butter: Bypassing Automated Analysis Systems Abhishek Singh , Zheng Bu Diamonds are girl’s best friend, prime numbers are mathematician’s best friend and automated analysis systems ...
HOW CVSS is DOSsing YOUR PATCHING POLICY (and wasting your money) Fabio Massacci , Luca Allodi CVSS score is widely used as the standard-de-facto risk metric for vulnerabilities, to the point ...
How to Build a SpyPhone Kevin Mcnamee Learn how to build an Android SpyPhone service that can be injected into any application. ...
Honey, I’m home!! - Hacking Z-Wave Home Automation Systems Behrang Fouladi , Sahand Ghanoun Home automation systems provide a centralized control and monitoring function for heating, ventilation and air ...
TOR... ALL-THE-THINGS! Jason Geffner The global Tor network and its routing protocols provide an excellent framework for online anonymity. ...
Truncating TLS Connections to Violate Beliefs in Web Applications Ben Smyth , Alfredo Pironti , Untwining Twine We identify logical web application flaws which can be exploited by TLS truncation attacks to ...
Over 14 years ago, Kevin Ashton was the first to coin the term "internet of things," and pointed out that data on the Internet is mostly created by humans. Things have changed considerably since 1999 Jon Chittenden , Anson Gomes Twine is a consumer device that provides remote environmental monitoring through a variety of sensors, ...
Shattering Illusions in Lock-Free Worlds: Compiler/Hardware Behaviors in OSes and VMs Marc Blanchou Memory access operations in OSes, VMs or traditional applications from different threads and processes can ...
Password Hashing: the Future is Now Jean-Philippe Aumasson Passwords are hashed everywhere: operating systems, smartphones, web services, disk encryption tools, SSH private keys, ...
OPSEC failures of spies Matthew Cole The CIA is no more technologically sophisticated than your average American, and as a result, ...
Mobile Malware: Why the traditional AV paradigm is doomed and how to use physics to detect undesirable routines Markus Jakobsson , Guy Stewart The traditional Anti-Virus paradigm focuses on signature-based and behavioral detection. These require substantial processing, which ...
New Trends in FastFlux Networks Wei Xu , Xinran Wang Fast-flux networks has been adopted by attackers for many years. Existing works only focus on ...
LTE BOOMS WITH VULNERABILITIES Ankit Gupta LTE, is the NGN that is all IP-based with improved capacity, speed and profit but ...
Malicious File for Exploiting Forensic Software Takahiro Haruyama , Hiroshi Suzuki Commercial forensic software such as EnCase, FTK and X-Ways Forensics adopts the same library component ...
Denial of Service as a Service - asymmetrical warfare at its finest Robert Masse Imagine being DDOS'd repeatedly with up to 10Gbps of traffic on a daily basis. Your ...
Denying service to DDOS protection services Allison Nixon In this age of cheap and easy DDOS attacks, DDOS protection services promise to go ...
CrowdSource: An Open Source, Crowd Trained Machine Learning Model for Malware Capability Detection Joshua Saxe Due to the exploding number of unique malware binaries on the Internet and the slow ...
Clickjacking Revisited: A Perceptual View of UI Security Devdatta Akhawe We revisit UI security attacks (such as clickjacking) from a perceptual perspective and identify novel ...
CMX: IEEE Clean File Metadata Exchange Igor Muttik , Mark Kennedy False positives are a huge problem in the security space. Organizations can spend more time ...
Big Data for Web Application Security Mike Arpaia , Kyle Barry The security posture of an application is directly proportional to the amount of information that ...
Beyond the Application: Cellular Privacy Regulation Space Christie Dudley Aggressive data collection practices by cell providers have sparked new FCC interest in closing regulatory ...
Abusing Web APIs Through Scripted Android Applications Daniel Peck This will be a presentation focused on abusing web application APIs through the use of ...
Network Forensics: Sudden Death Workshop Scott Fretheim , Jonathan Neff Test your Network Forensics-fu in this deadly workshop. Participants will receive a brand new release ...
PDF Attack: A Journey from the Exploit Kit to the shellcode Jose Miguel Esparza PDF Attack: A journey from the Exploit Kit to the shellcode is a workshop to ...
Practical Pentesting of ERPs and Business Applications Alexander mikhailovich Polyakov , Alexey Tyurin Today, the whole business of a company depends on enterprise business applications. They are big ...
Mo Malware Mo Problems - Cuckoo Sandbox to the rescue Claudio Guarnieri , Jurriaan Bremer , Mark Schloesser Cuckoo Sandbox is a widely used open-source project for automated dynamic malware analysis. It takes ...
Methodologies for Hacking Embedded Security Appliances Rob Bathurst , Mark Carey Security appliances, for everything from firewalls to encrypted SAN devices are a dime a dozen ...
JTAGulator: Assisted discovery of on-chip debug interfaces Joe ( Kingpin ) Grand On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a ...
Embedded Devices Security and Firmware Reverse Engineering Andrei Costin , Jonas Zaddach Embedded devices have become the "usual presence" in the network of (m)any household(s), SOHO, enterprise ...
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques’)%00 Roberto Salgado This talk will present some of the newest and most advanced optimization and obfuscation techniques ...
Do-It-Yourself Cellular IDS Sherri Davidoff , Scott Fretheim , David Harrison For less than $500, you can build your own cellular intrusion detection system to detect ...
With BIGDATA comes BIG responsibility: Practical exploiting of MDX injections Dmitry Chastuhin , Alexander Bolshev Let’s take a look into the place where critical data is stored for further analytics ...
What's on the Wire? Physical Layer Tapping with Project Daisho Michael Ossmann , Dominic Spill , Michael Kershaw We believe that flaws in network protocols will not be discovered unless physical layer communication ...
What Security Researchers Need to Know About Anti-Hacking Law Marcia Hofmann The federal anti-hacking law, the Computer Fraud and Abuse Act, is infamous for its broad ...
Virtual Deobfuscator - a DARPA Cyber Fast Track funded effort Jason Raber While there has been a lot research done on automatically reverse engineering of virtualization obfuscators, ...
USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER Joaquim Espinhara , Ulisses Albuquerque Every day we produce tons of digital breadcrumbs through our activities in online services – ...
UART THOU MAD? Toby Kohlenberg , Mickey Shkatov Despite the fact that UART has been around FOREVER and is actually frequently used by ...
Universal DDoS Mitigation Bypass Albert Hui , Tony mt Miu , Wai Leng Lee Today's commercial DDoS mitigation technologies employ many different techniques for identifying DDoS traffics and blocking ...
Town Hall Meeting: CFAA Reform Strategy Kurt Opsahl Aaron Swartz, a brilliant computer programmer and activist, committed suicide in January. At the time ...
TLS 'secrets Nextgen$ SSL and TLS have become the de-facto standards for transport-layer encryption. In recent years, many ...
Teridian SoC Exploitation: Exploration of harvard architecture smart grid systems Nathan Keltner , Josh 'm0nk' Thomas The Teridian 8051 based chips are found in a variety of places in daily life, ...
Stepping P3wns: Adventures in full-spectrum embedded exploitation (and defense!) Ang Cui , Michael Costello , Salvatore Stolfo Our presentation focuses on two live demonstrations of exploitation and defense of a wide array ...
SSL, gone in 30 seconds - a BREACH beyond CRIME Angelo Prado , Neal Harris , Yoel Gluck In this hands-on talk, we will introduce new targeted techniques and research that allows an ...
SPY-JACKING THE BOOTERS Lance James , Brian Krebs It's become commonplace for security reporters and providers of security technologies to find themselves targets ...
Smashing The Font Scaler Engine in Windows Kernel Ling chuan Lee , Chan lee Yee The Font Scaler Engine is widely used to scale the outline font definition such as ...
The SCADA That Didn't Cry Wolf- Who's Really Attacking Your ICS Devices- Part Deux! Karsten Nohl These attackers had a plan, they acted upon their plan, and they were successful. In ...
RFID Hacking: Live Free or RFID Hard Fran Brown Have you ever attended an RFID hacking presentation and walked away with more questions than ...
Rooting SIM cards Karsten Nohl SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in ...
Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions Andy Davis Embedded systems are everywhere, from TVs to aircraft, printers to weapons control systems. As a ...
Press ROOT to continue: Detecting OSX and Windows bootkits with RDFU Mario Vuksan , Tomislav Pericin UEFI has recently become a very public target for rootkits and malware. Last year at ...
Power Analysis Attacks for Cheapskates Colin O'flynn Power analysis attacks present a devious method of cracking cryptographic systems. But looking at papers ...
Predicting Susceptibility to Social Bots on Twitter Chris Sumner , Randall Wald Are some Twitter users more naturally predisposed to interacting with social bots and can social ...
Post Exploitation Operations with Cloud Synchronization Services Jacob Williams Cloud backup solutions, such as Dropbox, provide a convenient way for users to synchronize files ...
Pixel Perfect Timing Attacks with HTML5 Paul Stone Maybe you’ve heard it before - HTML 5 and related technologies bring a whole slew ...
Pass-The-Hash 2: The Admin's Revenge Alva Duckwall , Chris Campbell Some vulnerabilities just can't be patched. Pass-The-Hash attacks against Windows enterprises are still successful and ...
Pass the Hash and Other Credential Theft and Reuse: Mitigating the risk of Lateral Movement and Privilege Escalation Mark Simos , Patrick Jungles Pass the Hash (PtH) has become one of the most widespread attacks affecting our customers ...
Owning the Routing Table - Part II Gabi Nakibly The holy grail of routing attacks is owning the routing table of a router. In ...
The Outer Limits: Hacking the Samsung Smart TV Aaron Grattafiori , Josh Yavor There is nothing wrong with your television set. Do not attempt to adjust the picture. ...
OptiROP: hunting for ROP gadgets in style Nguyen Anh Quynh Return-Oriented-Programming (ROP) is the fundamental technique to bypass the widely-used DEP-based exploitation mitigation. Unfortunately, available ...
Out of Control: Demonstrating SCADA device exploitation Brian Meixell , Eric Forner America’s next great oil and gas boom is here: the United States is on track ...
Multiplexed Wired Attack Surfaces Michael Ossmann , Kyle Osborn Manufacturers of mobile devices often multiplex several wired interfaces onto a single connector. Some of ...
Mobile rootkits: Exploiting and rootkitting ARM TrustZone Thomas Roth Exploiting and rootkitting ARM-based devices gets more and more interesting. This talk will focus on ...
Maltego Tungsten as a collaborative attack platform Roelof ( RT ) Temmingh , Andrew Macpherson , Million Browser Botnet Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for ...
Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary Jeremiah Grossman , Matt Johansen With a few lines of HTML5 and javascript code we’ll demonstrate just how you can ...
Mainframes: The Past Will Come Back to Haunt You Philip Young From governments to military, airlines to banks, the mainframe is alive and well and touches ...
Mactans: Injecting Malware into iOS Devices via Malicious Chargers Billy Lau , Chengyu Song , Yeongjin Jang Apple iOS devices are considered by many to be more secure than other mobile offerings. ...
Let's get physical: Breaking home security systems and bypassing buildings controls Drew "redshift" Porter , Stephen Smith 36 million home & office security systems reside in the U.S., and they are all ...
Legal Considerations for Cellular Research Marcia Hofmann , Kurt Opsahl The security of mobile communications is becoming increasingly critical, prompting security researchers to focus their ...
Lessons from Surviving a 300Gbps Denial of Service Attack Matthew Prince On Saturday, March 23, 2013, a distributed denial of service (DDoS) attack against Spamhaus that ...
Just-In-Time Code Reuse: The more things change, the more they stay the same Lucas Davi , Kevin Snow Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently ...
Full spectrum computer network (active) defense mean more than simply “hacking back.” We’ve seen a lot of this issue lately. Orin Kerr and Stewart Baker had a lengthy debate about it online. New compa Robert Clark This presentation examines the entire legal regime surrounding full spectrum computer network (active) defense. It ...
Javascript Static Security Analysis made easy with JSPrime Nishant Das Patnaik , Sarathi Sabyasachi Sahoo Today, more and more developers are switching to JavaScript as their first choice of language. ...
Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary Jeremiah Grossman , Matt Johansen With a few lines of HTML5 and javascript code we’ll demonstrate just how you can ...
Over 14 years ago, Kevin Ashton was the first to coin the term "internet of things," and pointed out that data on the Internet is mostly created by humans. Things have changed considerably since 1999 Jon Chittenden , Anson Gomes Twine is a consumer device that provides remote environmental monitoring through a variety of sensors, ...
Full spectrum computer network (active) defense mean more than simply “hacking back.” Robert Clark We’ve seen a lot of this issue lately. Orin Kerr and Stewart Baker had a ...
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell Tom Ritter , Doug Deperry , Andrew Rahimi I have a box on my desk that your CDMA cell phone will automatically connect ...
Implantable Medical Devices: Hacking Humans Barnaby Jack In 2006 approximately 350,000 pacemakers and 173,000 ICD's (Implantable Cardioverter Defibrillators) were implanted in the ...
Is that a government in your network or are you just happy to see me? Eric Fiterman Defense and military network operations center around the age-old game: establishing long-term footholds deep inside ...
Java Every-Days: Exploiting Software Running on 3 Billion Devices Brian Gorenc , Jasiel Spelman Over the last three years, Oracle Java has become the exploit author's best friend, and ...
A Practical Attack against MDM Solutions Daniel Brodie , Michael Shaulov Spyphones are surveillance tools surreptitiously planted on a users handheld device. While malicious mobile applications ...
A Tale of One Software Bypass of Windows 8 Secure Boot Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk Windows 8 Secure Boot based on UEFI 2.3.1 Secure Boot is an important step towards ...
Above My Pay Grade: Cyber Response at the National Level Jason Healey Incident response is usually a deeply technical forensic investigation and mitigation for an individual organization. ...