BlackhatAsia 2017 March 30, 2017 to March 10, 2017, marina bay,singapore
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
THE SEVEN AXIOMS OF SECURITY | Saumil Udayan Shah | "Today's attacks succeed because the defense is reactive." As the defenses have caught up and ... | |
WHY WE ARE NOT BUILDING A DEFENDABLE INTERNET | Halvar Flake | In IT security, offensive problems are technical - but most defensive problems are political and ... | |
MAN-IN-THE-SCADA: ANATOMY OF DATA INTEGRITY ATTACKS IN INDUSTRIAL CONTROL SYSTEMS | Chris Sistrunk , Marina Krotofil | There is a continuous evolving gap between SCADA/ICS attackers and the defenders. Once unauthorized access ... | |
24 TECHNIQUES TO GATHER THREAT INTEL AND TRACK ACTORS | Wayne Huang , Sun Huang | In recent years, we delivered many talks detailing threat actors, their operations, and their tools. ... | |
3G/4G INTRANET SCANNING AND ITS APPLICATION ON THE WORMHOLE VULNERABILITY | Guangdong Bai , Zhang Qing | Traditionally, organizing trusted computers within a firewall-equipped intranet which is accessible only to the insiders ... | |
ALL YOUR EMAILS BELONG TO US: EXPLOITING VULNERABLE EMAIL CLIENTS VIA DOMAIN NAME COLLISION | Maxim Goncharov , Ilya Nesterov | One of the central points of failure is an email address. We use email addresses ... | |
ANTI-PLUGIN: DON'T LET YOUR APP PLAY AS AN ANDROID PLUGIN | Zhi Xu , Tongbo Luo , Cong Zheng , Xin Ouyang | The Android plugin technology is an innovative application-level virtualization framework that allows a mobile application ... | |
BETTING AGAINST THE HOUSE: SECURITY AND STABILITY WHEN THE ODDS ARE AGAINST YOU | Neil Wyler , Bart Stump | Designing, deploying, and securing an enterprise network is a stressful job when you have time, ... | |
BEYOND THE BLACKLISTS: DETECTING MALICIOUS URL THROUGH MACHINE LEARNING | Hao Dong , Chenghuai Lu , David Yu , Jin Shang | Many types of modern malware utilize HTTP-based communications. Network-level behavioral signature/modeling in malware detection has ... | |
BREAKING KOREA TRANSIT CARD WITH SIDE-CHANNEL ATTACK - UNAUTHORIZED RECHARGING | Tae Won Kim | Recent side-channel attacks have shown that the security of smart devices is a matter of ... | |
CACHE SIDE CHANNEL ATTACK: EXPLOITABILITY AND COUNTERMEASURES | Gorka Irazoqui , Xiaofei Guo | Cache attacks have proven to be a big concern for security code designers because they ... | |
CROSS THE WALL - BYPASS ALL MODERN MITIGATIONS OF MICROSOFT EDGE | Jack Tang , Henry Li | Address Space Layout Randomization(ASLR) and Data Execution Prevention (DEP) and Control Flow Guard (CFG) are ... | |
DAILY-LIFE PEEPER: BUG HUNTING AND EXPLOIT TECHNIQUES IN IOT | Yuhao Song , Huiming Liu | As we know, with the rapid increasing and widespread use of IoT devices, the security ... | |
DELEGATE TO THE TOP: ABUSING KERBEROS FOR ARBITRARY IMPERSONATIONS AND RCE | Matan Hart | Delegation is the assignment of responsibility or authority to another identity to carry out specific ... | |
DIG INTO THE ATTACK SURFACE OF PDF AND GAIN 100+ CVES IN 1 YEAR | Ke Liu | Portable Document Format (a.k.a. PDF) is one of the most widely used file formats in ... | |
DOMO ARIGATO MR. ROBOTO: SECURITY ROBOTS A LA UNIT-TESTING | Seth Law | Security testing is difficult, no matter who is doing it or how it is performed. ... | |
DROP THE ROP: FINE-GRAINED CONTROL-FLOW INTEGRITY FOR THE LINUX KERNEL | João Moreira | The introduction of W^X memory policies and the subsequent mitigation of return-to-user attacks, tackled the ... | |
EXPLOITING USB/IP IN LINUX | Ignat Korchagin | USB/IP is a framework for sharing USB devices over the network: it encapsulates USB I/O ... | |
FRIED APPLES: JAILBREAK DIY | Max Bazaliy , Alex Hude , Vlad Putin | In this talk we focus on challenges that Fried Apple team solved in a process ... | |
GO GET MY/VULNERABILITIES: AN IN-DEPTH ANALYSIS OF GO LANGUAGE RUNTIME AND THE NEW CLASS OF VULNERABILITIES IT INTRODUCES | Roberto Clapis | Golang is rapidly becoming the language of choice for programming both simple applications for embedded ... | |
HACK MICROSOFT USING MICROSOFT SIGNED BINARIES | Pierre-alexandre Braeken | Imagine being attacked by legitimate software tools that cannot be detected by usual defender tools. ... | |
HACKING HTTP/2 - NEW ATTACKS ON THE INTERNET'S NEXT GENERATION FOUNDATION | Nadav Avital | HTTP/2 is the emerging network protocol for the Internet, facilitating leaner and faster web browsing ... | |
HELLO FROM THE OTHER SIDE: SSH OVER ROBUST CACHE COVERT CHANNELS IN THE CLOUD | Michael Schwarz , Manuel Weber | In this talk, we present the first practical cache covert channel in the cloud. The ... | |
LOCKNOTE: CONCLUSIONS AND KEY TAKEAWAYS FROM BLACK HAT ASIA 2017 | Saumil Udayan Shah , Jeff ( Dark Tangent ) Moss , Halvar Flake , Christian Karam | At the close of this year's conference, join Black Hat Founder Jeff Moss and members ... | |
MASHABLE: MOBILE APPLICATIONS OF SECRET HANDSHAKES OVER BLUETOOTH LE | Yan Michalevsky | In this talk, we present new applications for cryptographic secret handshakes between mobile devices on ... | |
MOBILE-TELEPHONY THREATS IN ASIA | Payas Gupta , Marco ‘embyte’ Balduzzi , Lion Gu | Over the last 10 years, the number of mobile subscribers has largely increased overtaking the ... | |
MYTH AND TRUTH ABOUT HYPERVISOR-BASED KERNEL PROTECTOR: THE REASON WHY YOU NEED SHADOW-BOX | Seunghun Han , Junghwan Kang | Protection mechanisms running in the kernel-level (Ring 0) cannot completely prevent security threats such as ... | |
NEVER LET YOUR GUARD DOWN: FINDING UNGUARDED GATES TO BYPASS CONTROL FLOW GUARD WITH BIG DATA | Ya Ou , Ke Sun | Control Flow Guard (CFG) is a security mechanism to prevent indirect branches (indirect call/jmp) to ... | |
OPEN SOURCING AUTOMOTIVE DIAGNOSTICS | Eric Evenchick | Automotive systems use a small number of protocols for diagnostic functionality. As researchers, it's very ... | |
PHISHING FOR FUNDS: UNDERSTANDING BUSINESS EMAIL COMPROMISE | Keith Turpin | Business Email Compromise (aka CEO fraud) is a rapidly expanding cybercrime in which reported cases ... | |
REMOTELY COMPROMISING IOS VIA WI-FI AND ESCAPING THE SANDBOX | Marco Grassi | Wi-Fi is nowadays an established technology - supported on almost all devices - including the ... | |
THE IRRELEVANCE OF K-BYTES DETECTION - BUILDING A ROBUST PIPELINE FOR MALICIOUS DOCUMENTS | Dan Amiga , Dor Knafo | Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files ... | |
THE POWER OF DATA-ORIENTED ATTACKS: BYPASSING MEMORY MITIGATION USING DATA-ONLY EXPLOITATION TECHNIQUES | Chong Xu , Bing Sun , Stanley Zhu | As Control Flow Integrity (CFI) enforcement solutions are widely adapted by major applications, traditional memory ... | |
THE UEFI FIRMWARE ROOTKITS: MYTHS AND REALITY | Eugene Rodionov , Alex Matrosov | In recent days, the topic of UEFI firmware security is very hot. There is a ... |