BlackHatEU 2014 Oct. 14, 2014 to Oct. 17, 2014, amsterdam,netherlands

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
SIDE CHANNEL ATTACKS - PAST, PRESENT, AND FUTURE Adi Shamir Many computer systems use protective mechanisms, which are mathematically secure but physically vulnerable. In this ...
A JOURNEY TO PROTECT POINTS-OF-SALE *CANCELED* (SPEAKER UNABLE TO ATTEND) Nir Valtman Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against ...
A PRACTICAL ATTACK AGAINST VDI SOLUTIONS Dan Koretsky The secure BYOD hype is growing and Virtual Desktop Infrastructure (VDI) is considered the alternative ...
ABUSING SOFTWARE DEFINED NETWORKS Gregory Pickett Software Defined Networking (SDN) transfers all forwarding decisions to a single controller and provides the ... IncludeThinkstScapes
ANALYZING UEFI BIOSES FROM ATTACKER & DEFENDER VIEWPOINTS Xeno Kovah , Corey Kallenberg , John Butterworth , Samuel Cornwell In 2013, MITRE released Copernicus 1, a best-effort system to capture a raw dump of ...
ANDROID KERNEL AND OS SECURITY ASSESSMENT WITH IRON CROW Akhil Arora , Sumanth Naropanth Android is a pliable environment bent into different shapes by different OEMs. While Android offers ...
APTS WAY: EVADING YOUR EBNIDS Ali Abbasi , Jos Wetzels APTs and government-supported attackers use a broad arsenal of techniques to avoid having their exploits ...
ATTACKING THE LINUX PRNG ON ANDROID: WEAKNESSES IN SEEDING OF ENTROPIC POOLS AND LOW BOOT-TIME ENTROPY Sagi Kedmi Android is the most prevalent Linux-based mobile Operating System in the market today. Many features ...
BLENDED WEB AND DATABASE ATTACKS ON REAL-TIME, IN-MEMORY PLATFORMS Juan Perez-etchegoyen , Willis Vandevanter It is well known there is a race going on in the "Big Data" arena ...
BRINGING A MACHETE TO THE AMAZON Erik Peterson Amazon Web Services (AWS) is billed as an amazingly secure and resilient cloud services provider, ...
BYPASSING HTTP STRICT TRANSPORT SECURITY Jose Selvi For the last few years, some different attacks against SSL/TLS have been released. Some of ...
C++11 METAPROGRAMMING APPLIED TO SOFTWARE OBFUSCATION Sebastien Andrivet The C++ language and its siblings like C and Objective-C are ones of the most ...
CELLULAR EXPLOITATION ON A GLOBAL SCALE: THE RISE AND FALL OF THE CONTROL PROTOCOL Mathew solnik Since the introduction of the smart phone, the issue of control has entered a new ...
CHARGE YOUR DEVICE WITH THE LATEST MALWARE André FucsVictor Pereira I'll expose USB vulnerability in some vendor's customization of the Android system, I'll also target ...
COUNTERFEITING THE PIPES WITH FAKENET 2.0 Andrew Honig , Michael Sikorski Successful dynamic analysis of malware is dependent on your ability to "Fake the Network." Tricking ...
DON'T TRUST YOUR USB! HOW TO FIND BUGS IN USB DEVICE DRIVERS Ralf Spenneberg , Sergej Schumilo , Hendrik Schwartke The Universal Serial Bus (USB) has become the standard interface for interconnecting computers with peripheral ...
DTM COMPONENTS: SHADOW KEYS TO THE ICS KINGDOM Alexander Bolshev , Gleb Cherbov Today, industrial control system architectures are complex, multilayered networks, based on many popular (now and ...
ENDRUN - SECURE DIGITAL COMMUNICATIONS FOR OUR MODERN DYSTOPIA Grant Dobbe , Brendan O'Connor The Internet is no longer trustworthy, having been compromised by bad actors across the globe. ...
EVASION OF HIGH-END IDPS DEVICES AT THE IPV6 ERA Enno Rey , Antonios Atlasis , Rafael Schaefer The forthcoming depletion of IPv4 addresses is now closer than ever. For instance, ARIN states ...
EXPLORING YOSEMITE: ABUSING MAC OS X 10.10 Sung-ting Tsai , Ming-chieh Pan Mac OS X 10.10 Yosemite is going to be released soon. It brings lots of ...
FIRMWARE.RE: FIRMWARE UNPACKING, ANALYSIS AND VULNERABILITY-DISCOVERY AS A SERVICE Andrei Costin , Davide Balzarotti , Jonas Zaddach , Aurélien Francillon As embedded systems are more than ever present in our society, their security is becoming ... IncludeThinkstScapes
FREEZE DRYING FOR CAPTURING ENVIRONMENT-SENSITIVE MALWARE ALIVE Yosuke Chubachi We propose a set of techniques for "freeze drying" malware and restoring the captured malware ...
GYROPHONE: EAVESDROPPING USING A GYROSCOPE Gabi Nakibly , Yan Michalevsky We show that the gyroscopes found on most smart phones are sensitive to measure acoustic ...
HACK YOUR ATM WITH FRIEND'S RASPBERRY.PY Alexey Osipov , Olga Kochetova At all times there have been bad guys, who tried to steal money. ATM machines ...
HACKING THE WIRELESS WORLD WITH SOFTWARE DEFINED RADIO - 2.0 Balint Seeber Ever wanted to communicate with a NASA space probe launched in 1978, or spoof a ...
HADOOP SECURITY: SEVEN WAYS TO KILL AN ELEPHANT Davi Ottenheimer Many companies are getting Hadoopy often with little or no consideration of security because Big ...
HIDE ANDROID APPLICATIONS IN IMAGES Axelle Apvrille , Ange ( ange4771 ) Albertini Malware authors are always interested in concealing their goals to evade detection. We have discovered ...
INDUSTRIAL CONTROL SYSTEMS : PENTESTING PLCS 101 Arnaud Soullie There is a lot of talking about ICS, SCADA and such nowadays, but only few ...
LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS Rafal Wojtczuk Hypervisors have become a key element of both cloud and client computing. It is without ...
LIGHTS OFF! THE DARKNESS OF THE SMART METERS Alberto garcia Illera , Javier Vazquez Vidal We all know that connected devices are uprising, and this enables more overall control over ...
MAN IN THE BINDER: HE WHO CONTROLS IPC, CONTROLS THE DROID Nitay Artenstein , Idan Revivo Big Brother is watching your droid. His name is Binder. As the only vehicle of ...
NETWORK ATTACHED SHELL: N.A.S.TY SYSTEMS THAT STORE NETWORK ACCESSIBLE SHELLS Jacob Holcomb Through extensive analysis, ISE has identified dozens of previously undisclosed, critical security vulnerabilities in numerous ...
NEXT LEVEL CHEATING AND LEVELING UP MITIGATIONS Joel St. John , Nicolas Guigo Cheaters are a growing problem in multiplayer gaming. As games become increasingly complex, the level ...
PDF ATTACK: A JOURNEY FROM THE EXPLOIT KIT TO THE SHELLCODE Jose Miguel Esparza "PDF Attack: A Journey from the Exploit Kit to the Shellcode" is a workshop to ...
QUANTIFIED SELF - A PATH TO SELF-ENLIGHTENMENT OR JUST A SECURITY NIGHTMARE? Candid Wueest In recent years, the idea of collecting and analyzing data about a subject has transitioned ...
QUANTUM KEY DISTRIBUTION AND THE FUTURE OF ENCRYPTION Konstantinos Karagiannis Quantum computing will bring tumultuous change to the world of information security in the coming ...
REFLECTED FILE DOWNLOAD - A NEW WEB ATTACK VECTOR Oren Hafif Attackers would LOVE having the ability to upload executable files to domains like Google.com, Facebook.com, ...
RET2DIR: DECONSTRUCTING KERNEL ISOLATION Vasileios Kemerlis Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to controlled data residing in user space, by ...
REVISITING XSS SANITIZATION Ashar Javed The online WYSIWYG "What You See Is What You Get" editors or rich-text editors are ...
ROUNDTABLE: DEFENSE POST-SNOWDEN Jeff ( Dark Tangent ) Moss The initial barrage of revelations from Mr. Snowden revealed that the state of offense far ...
SAME ORIGIN METHOD EXECUTION (SOME) - EXPLOITING A CALLBACK FOR SAME ORIGIN POLICY BYPASS Ben Hayak SOME - "Same Origin Method Execution" is a new technique that abuses JSONP in order ...
SCALA SECURITY: EXAMINING THE PLAY AND LIFTWEB FRAMEWORKS Erik Cabetas , Paolo Soto Scala is an increasingly popular language that runs on the JVM. LiftWeb and Play are ...
SESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER - XSS-BASED ABUSE OF BROWSER PASSWORD MANAGERS Martin Johns , Ben Stock , Sebastian Lekies Ever since Cross-site Scripting (XSS) was discovered in the year 2000, one of the main ...
SSL VALIDATION CHECKING VS. GO(ING) TO FAIL Thomas Brandstetter The "go to fail" bug was a shock for all security-aware apple users. A simple ...
THE POWER OF PAIR: ONE TEMPLATE THAT REVEALS 100+ UAF IE VULNERABILITIES Bo Qu , Chienhua Lu The browser, as no one needs to explain, plays a very important role in security. ...
TWO FACTOR FAILURE Ryan Lackey Two Factor Authentication (2FA) systems are required by security standards and help to solve the ...