BlackHatEU 2016 Nov. 1, 2016 to Nov. 4, 2016, London,uk
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
(PEN)TESTING VEHICLES WITH CANTOOLZ | Alexey Sintsov | CANToolz is an open-source framework for working with CAN bus. In this presentation we will ... | |
50 THOUSAND NEEDLES IN 5 MILLION HAYSTACKS: UNDERSTANDING OLD MALWARE TRICKS TO FIND NEW MALWARE FAMILIES | Verónica Valeros , Karel Bartos , Lukas Machlica | The malware landscape is characterised by its rapid and constant evolution. Defenders often find themselves ... | |
AI BASED ANTIVIRUS: CAN ALPHAAV WIN THE BATTLE IN WHICH MAN HAS FAILED? | Thomas Lei Wang , Liuping Hou , Zhijun Jia , Yanyan Ji | This talk will introduce our work on AI based Antivirus using deep learning. We can ... | |
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AUTOMATA LEARNING | George Argyros , Ioannis Stais | Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the ... | |
ARMAGEDDON: HOW YOUR SMARTPHONE CPU BREAKS SOFTWARE-LEVEL SECURITY AND PRIVACY | Clémentine Maurice , Moritz Lipp | In the last years, mobile devices and smartphones have become the most important personal computing ... | |
ATTACKING WINDOWS BY WINDOWS | Li Zhou , Yin Liang | Since win8, Microsoft introduced a variety of exploit mitigations into Windows kernel, such as Kernel ... | |
AUTOMATING INCIDENT RESPONSE: SIT BACK AND RELAX BOTS ARE TAKING OVER… | Elvis Hovor , Mohamed El-sharkawi | Our research focuses on illustrating the value of automating functions and processes within Incident Response. ... | |
BACKSLASH POWERED SCANNING: HUNTING UNKNOWN VULNERABILITY CLASSES | James Kettle | Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific ... | |
BREAKING BHAD: ABUSING BELKIN HOME AUTOMATION DEVICES | Scott Tenaglia , Joe Tanen | In 2013 and 2014 several high profile vulnerabilities were found in Belkin's WeMo line of ... | |
BREAKING BIG DATA: EVADING ANALYSIS OF THE METADATA OF YOUR LIFE | David Venable | You are under surveillance. We all are. If you're targeted by a government, nothing you ... | |
BYPASSING CLANG'S SAFESTACK FOR FUN AND PROFIT | Herbert Bos , Georgios Portokalidis , Elias Athanasopoulos , Cristiano Giuffrida , Enes Göktaş , Robert Gawlik , Benjamin Kollenda , Aggelos Oikonomopoulos | SafeStack, a new compiler feature currently only available in clang[1] and underway for GCC[2], protects ... | |
BYPASSING SECURE BOOT USING FAULT INJECTION | Albert Spruyt , Niek Timmers | More and more embedded systems implement Secure Boot to assure the integrity and confidentiality of ... | |
CHASING FOXES BY THE NUMBERS: PATTERNS OF LIFE AND ACTIVITY IN HACKER FORUMS | Christopher Ahlberg | Cyber criminals, hacktivists, and the occasional state actor tend to congregate in underground forums and ... | |
CODE DEOBFUSCATION: INTERTWINING DYNAMIC STATIC AND SYMBOLIC APPROACHES | Robin David , Sébastien Bardin | Over the years, obfuscation has taken a significant place in the software protection field. The ... | |
CTX: ELIMINATING BREACH WITH CONTEXT HIDING | Aggelos Kiayias , Dimitris Karakostas , Dionysis Zindros , Eva Sarafianou | The BREACH attack presented at Black Hat USA 2013 still has not been mitigated, despite ... | |
CYBER JUDO: OFFENSIVE CYBER DEFENSE | Tal Be'ery , Itai Grady | In this talk, we will show how defenders can take a few pages out of ... | |
DETACH ME NOT - DOS ATTACKS AGAINST 4G CELLULAR USERS WORLDWIDE FROM YOUR DESK | Silke Holtmanns , Bhanu Kotte , Siddharth Rao | Ever since the public revelation of global surveillance and the exploits targeting the mobile communication ... | |
DRAMA: HOW YOUR DRAM BECOMES A SECURITY PROBLEM | Michael Schwarz , Anders Fogh | In this talk, we will present our research into how the design of DRAM common ... | |
EFFECTIVE FILE FORMAT FUZZING – THOUGHTS TECHNIQUES AND RESULTS | Mateusz “j00ru” Jurczyk | Fuzzing, as a native software testing technique, is an extremely popular approach to vulnerability hunting ... | |
EGO MARKET: WHEN PEOPLE'S GREED FOR FAME BENEFITS LARGE-SCALE BOTNETS | Olivier Bilodeau , Masarah Paquet-clouston | Want to give your blog a push or your "gun show" more views? Then why ... | |
FLIP FENG SHUI: ROWHAMMERING THE VM'S ISOLATION | Herbert Bos , Bart Preneel , Cristiano Giuffrida , Kaveh Razavi , Erik Bosman , Ben Gras | We show how an attacker virtual machine (VM) can induce Rowhammer bit flips over memory ... | |
GHOST IN THE PLC: DESIGNING AN UNDETECTABLE PROGRAMMABLE LOGIC CONTROLLER ROOTKIT | Ali Abbasi , Majid Hashemi | Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. ... | |
GPU SECURITY EXPOSED | Justin Taft | GPUs are found in millions of devices, allowing for stunning imagery to be generated on ... | |
HOW TO FOOL AN ADC PART II OR HIDING DESTRUCTION OF TURBINE WITH A LITTLE HELP OF SIGNAL PROCESSING | Gabriel Gonzalez , Alexander Bolshev | We live in the analog world but program and develop digital systems. The key element ... | |
I KNOW WHAT YOU SAW LAST MINUTE - THE CHROME BROWSER CASE | Ran Dubin | Every day, hundreds of millions of Internet users view videos online - in particular on ... | |
INSIDE WEB ATTACKS: THE REAL PAYLOADS | John Graham-cumming | When serious vulnerabilities like ShellShock or ImageTragick are revealed, the announcement is often accompanied by ... | |
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT EUROPE 2016 | Jeff ( Dark Tangent ) Moss , Sharon Conheady , Chris Wysopal , Daniel Cuthbert | At the close of this year's conference, join Black Hat Founder Jeff Moss and members ... | |
MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS | Seth Hardy , Andrew Blaich , Max Bazaliy | This briefing will take an in-depth look at the technical capabilities of mobile attacks that ... | |
NARCOS COUNTERFEITERS AND SCAMMERS: AN APPROACH TO VISUALIZE ILLEGAL MARKETS | Andrew Lewman , Stevan Keraudy | Counterfeiting is a global issue - one that has become even more complex as this ... | |
POCKET-SIZED BADNESS: WHY RANSOMWARE COMES AS A PLOT TWIST IN THE CAT-MOUSE GAME | Stefano Zanero , Federico Maggi | While we have grown accustomed to stealthy malware, specifically written to gain and maintain control ... | |
RANDOMIZATION CAN'T STOP BPF JIT SPRAY | N. Asokan , Elena Reshetova , Filippo Bonazzi | Linux Berkeley Packet Filters (BPF) is a mechanism that was originally introduced in Linux kernel ... | |
REAL-WORLD POST-QUANTUM CRYPTOGRAPHY: INTRODUCING THE OPENQUANTUMSAFE SOFTWARE PROJECT | Jennifer Fernick | Almost all of the widely-used cryptography on the internet will be broken or substantially compromised ... | |
ROOTING EVERY ANDROID: FROM EXTENSION TO EXPLOITATION | Di Shen , Jiahong (james) Fang | These years, Keen Lab of Tencent (formerly known as the Keen Team), worked on various ... | |
SIGNING INTO ONE BILLION MOBILE APP ACCOUNTS EFFORTLESSLY WITH OAUTH2.0 | Wing Cheong Lau , Ronghai Yang | OAuth2.0 protocol has been widely adopted by mainstream Identity Providers (IdPs) to support Single-Sign-On services. ... | |
STUMPING THE MOBILE CHIPSET | Adam Donenfeld | Following recent security issues discovered in Android, Google made a number of changes to tighten ... | |
TALKING BEHIND YOUR BACK: ATTACKS AND COUNTERMEASURES OF ULTRASONIC CROSS-DEVICE TRACKING | Christopher Kruegel , Giovanni Vigna , Shuang Hao , Federico Maggi , Yanick Fratantonio , Vasilios Mavroudis | Cross-device tracking (XDT) technologies are currently the "Holy Grail" for marketers because they allow to ... | |
TOWARDS A POLICY-AGNOSTIC CONTROL-FLOW INTEGRITY IMPLEMENTATION | Ahmad-reza Sadeghi , Yier Jin , Dean Sullivan , Orlando Arias | Control-flow integrity (CFI) is a general defense against code-reuse attacks. In theory, a CFI implementation ... | |
USE-AFTER-USE-AFTER-FREE: EXPLOIT UAF BY GENERATING YOUR OWN | Guanxing Wen | This talk will introduce Use-After-Use-After-Free (UAUAF), a novel and relatively universal exploitation technique for UAF ... | |
WHEN VIRTUALIZATION ENCOUNTER AFL: A PORTABLE VIRTUAL DEVICE FUZZING FRAMEWORK WITH AFL | Moony Li , Jack Tang | Along with virtualization technology adopted by both enterprise and customer popularly, virtual machines escape attacking ... | |
WIFI-BASED IMSI CATCHER | Ravishankar Borgaonkar , Piers O'hanlon | We introduce a new type of IMSI catcher which operates over WiFi. Whilst existing Stingray ... |