blackhat 2017 July 22, 2017 to July 27, 2017, las vegas,usa
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
STEPPING UP OUR GAME: RE-FOCUSING THE SECURITY COMMUNITY ON DEFENSE AND MAKING SECURITY WORK FOR EVERYONE | Alex Stamos | Since the first Black Hat conference 20 years ago, the security community, industry and the ... | |
GHOST TELEPHONIST' LINK HIJACK EXPLOITATIONS IN 4G LTE CS FALLBACK | Jun Li , Lin Huang , Haoqi Shan , Qing Yang , Yuwei Zheng | In this presentation, one vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network is ... | |
(IN)SECURITY IN BUILDING AUTOMATION: HOW TO CREATE DARK BUILDINGS WITH LIGHT SPEED | Thomas Brandstetter | A number of talks in the last few years have addressed various topics in the ... | |
A NEW ERA OF SSRF - EXPLOITING URL PARSER IN TRENDING PROGRAMMING LANGUAGES! | Orange Tsai | We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF ... | |
ADVANCED PRE-BREACH PLANNING: UTILIZING A PURPLE TEAM TO MEASURE EFFECTIVENESS VS. MATURITY | Justin Harvey | For years, the cybersecurity industry has struggled with how to measure the cyber-readiness of an ... | |
ADVENTURES IN ATTACKING WIND FARM CONTROL NETWORKS | Jason Staggs | Wind farms are becoming a leading source for renewable energy. The increased reliance on wind ... | |
ALL YOUR SMS and CONTACTS BELONG TO ADUPS and OTHERS | Angelos Stavrou , Ryan Johnson , Azzedine Benameur | Our research has identified several models of Android mobile devices that contained firmware that collected ... | |
AN ACE UP THE SLEEVE: DESIGNING ACTIVE DIRECTORY DACL BACKDOORS | Will Schroeder , Andy Robbins | Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often ... | |
AND THEN THE SCRIPT-KIDDIE SAID LET THERE BE NO LIGHT. ARE CYBER-ATTACKS ON THE POWER GRID LIMITED TO NATION-STATE ACTORS? | Anastasis Keliris , Mihalis Maniatakos , Charalambos Konstantinou | Electricity is of paramount importance in our everyday lives. Our dependence on it is particularly ... | |
ATTACKING ENCRYPTED USB KEYS THE HARD(WARE) WAY | Elie Bursztein , Jean-michel Picod , Rémi Audebert | Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - ... | |
AUTOMATED DETECTION OF VULNERABILITIES IN BLACK-BOX ROUTERS (AND OTHER NETWORK DEVICES) | Gabi Nakibly | Network protocols are based on open standards. However, the Internet runs mostly on proprietary and ... | |
AUTOMATED TESTING OF CRYPTO SOFTWARE USING DIFFERENTIAL FUZZING | Jean-Philippe Aumasson , Yolan Romailler | We present a new and efficient approach to systematic testing of cryptographic software: differential fuzzing. ... | |
AVPASS: LEAKING AND BYPASSING ANTIVIRUS DETECTION MODEL AUTOMATICALLY | Taesoo Kim , Insu Yun , Jinho Jung , Chanil Jeon , Max Wolotsky | AVPASS is a tool for leaking the detection model of Android antivirus (AV) programs, and ... | |
BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING | Alex Matrosov | For UEFI firmware, the barbarians are at the gate -- and the gate is open. ... | |
BIG GAME THEORY HUNTING: THE PECULIARITIES OF HUMAN BEHAVIOR IN THE INFOSEC GAME | Kelly Shortridge | We all groan when we hear it's "time for some game theory," but traditional game ... | |
BLUE PILL FOR YOUR PHONE | Yuriy Bulygin , Oleksandr Bazhaniuk | In this research, we've explored attack surface of hypervisors and TrustZone monitor in modern ARM ... | |
BOCHSPWN RELOADED: DETECTING KERNEL MEMORY DISCLOSURE WITH X86 EMULATION AND TAINT TRACKING | Mateusz “j00ru” Jurczyk | In kernel-mode, buffer overflows and similar memory corruption issues in the internal logic are usually ... | |
BOT VS. BOT FOR EVADING MACHINE LEARNING MALWARE DETECTION | Hyrum Anderson | Machine learning offers opportunities to improve malware detection because of its ability to generalize to ... | |
BREAKING ELECTRONIC DOOR LOCKS LIKE YOU'RE ON CSI: CYBER | Colin O'flynn | Breaking electronic locks looks so fun in the movies – get your "tech wizard" member ... | |
BREAKING THE LAWS OF ROBOTICS: ATTACKING INDUSTRIAL ROBOTS | Stefano Zanero , Federico Maggi , Mario Polino , Davide Quarta , Marcello Pogliani , Andrea Maria Zanchettin | Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any ... | |
BREAKING THE X86 INSTRUCTION SET | Christopher Domas | A processor is not a trusted black box for running code; on the contrary, modern ... | |
BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM'S WI-FI CHIPSETS | Nitay Artenstein | Remote exploits that compromise Android and iOS devices without user interaction have become an endangered ... | |
BUG COLLISIONS MEET GOVERNMENT VULNERABILITY DISCLOSURE | Katie Moussouris , Jason Healey , Kim Zetter , Trey Herr , Lillian Ablon | How often does someone find your secret bugs? The Vulnerability Equities Process (VEP) helps determine ... | |
CHALLENGES OF COOPERATION ACROSS CYBERSPACE | Jeff ( Dark Tangent ) Moss , Marina Kaljurand , Joseph Nye , Bill Woodcock , Khoo Boon Hui , Wolfgang Kleinwachter | Cyberspace is formed and governed by a range of different technical and policy communities. A ... | |
CLOAK and DAGGER: FROM TWO PERMISSIONS TO COMPLETE CONTROL OF THE UI FEEDBACK LOOP | Wenke Lee , Simon Chung , Yanick Fratantonio , Chenxiong Qian | While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in ... | |
CRACKING THE LENS: TARGETING HTTP'S HIDDEN ATTACK-SURFACE | James Kettle | Modern websites are browsed through a lens of transparent systems built to enhance performance, extract ... | |
CYBER WARGAMING: LESSONS LEARNED IN INFLUENCING SECURITY STAKEHOLDERS INSIDE AND OUTSIDE YOUR ORGANIZATION | Jason Nichols | The security industry faces a tough and growing problem: many of the fundamental decisions made ... | |
DATACENTER ORCHESTRATION SECURITY AND INSECURITY: ASSESSING KUBERNETES MESOS AND DOCKER AT SCALE | Dino Dai Zovi | Your datacenter isn't a bunch of computers, it is *a* computer. While some large organizations ... | |
DEALING THE PERFECT HAND - SHUFFLING MEMORY BLOCKS ON Z/OS | Ayoub El Aassal | Follow me on a journey where we pwn one of the most secure platforms on ... | |
DEFEATING SAMSUNG KNOX WITH ZERO PRIVILEGE | Di Shen | The story started mid-2016 by exploiting CVE-2016-6787 (found by myself) and rooting large numbers of ... | |
DELIVERING JAVASCRIPT TO WORLD+DOG | Kyle Randolph | You've joined a startup building the next big enterprise unicorn. The product is delivered as ... | |
DEVELOPING TRUST AND GITTING BETRAYED | Noah Beddome , Clint Gibler | Trust is an implicit requirement of doing business - at some point, we must trust ... | |
DIGITAL VENGEANCE: EXPLOITING THE MOST NOTORIOUS C and C TOOLKITS | Waylon Grange | Every year thousands of organizations are compromised by targeted attacks. In many cases the attacks ... | |
DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS | Sebastian Lekies , Krzysztof Kotowicz , Eduardo Vela | Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques ... | |
ELECTRONEGATIVITY - A STUDY OF ELECTRON SECURITY | Luca Carettoni | Despite all predictions, native Desktop apps are back. After years porting stand-alone apps to the ... | |
ESCALATING INSIDER THREATS USING VMWARE'S API | Ofri Ziv | Enterprises often require that their IT teams have no access to data kept inside the ... | |
EVADING MICROSOFT ATA FOR ACTIVE DIRECTORY DOMINATION | Nikhil Mittal | Microsoft Advanced Threat Analytics (ATA) is a defense platform which reads information from multiple sources ... | |
EVIL BUBBLES OR HOW TO DELIVER ATTACK PAYLOAD VIA THE PHYSICS OF THE PROCESS | Marina Krotofil | Until now, electronic communication was considered a single avenue for delivering attack payload. However, when ... | |
EVILSPLOIT – A UNIVERSAL HARDWARE HACKING TOOLKIT | Chui Yew Leong , Mingming Wan | Hardware hacking is about to understand the inner working mechanism of hardware. Most of the ... | |
EVOLUTIONARY KERNEL FUZZING | Richard Johnson | The modern model of vulnerability mitigation includes robust sandboxing and usermode privilege separation to contain ... | |
EXPLOIT KIT CORNUCOPIA | Brad Antoniewicz , Matt Foley | Detecting the compromised websites, gates, and dedicated hosts that make up the infrastructure used by ... | |
EXPLOITATION OF KERNEL POOL OVERFLOW ON MICROSOFT WINDOWS 10 DKOM/DKOHM IS BACK IN DKOOHM! DIRECT KERNEL OPTIONAL OBJECT HEADER MANIPULATION | Nikita Tarakanov | With each new version of Windows OS, Microsoft enhances its security by adding mitigation mechanisms. ... | |
EXPLOITING NETWORK PRINTERS | Jens Müller | The idea of a paperless office has been dreamed of for more than three decades. ... | |
FAD OR FUTURE? GETTING PAST THE BUG BOUNTY HYPE | Angelo Prado , Kymberlee Price , Charles Valentine | Ever want to talk to someone that runs a bug bounty program and get the ... | |
FIGHTING TARGETED MALWARE IN THE MOBILE ECOSYSTEM | Andrew Blaich , Megan Ruthven | Meet Chrysaor, one of the most sophisticated and elusive mobile spyware products. Chrysaor, which is ... | |
FIGHTING THE PREVIOUS WAR (AKA: ATTACKING AND DEFENDING IN THE ERA OF THE CLOUD) | Haroon Meer , Marco Slaviero | For years and years, network pen-testers have owned companies and networks with playbooks written in ... | |
FIRMWARE IS THE NEW BLACK - ANALYZING PAST THREE YEARS OF BIOS/UEFI SECURITY VULNERABILITIES | Rodrigo Rubira Branco , Vincent Zimmer , Bruce Monroe | In recent years, we witnessed the rise of firmware-related vulnerabilities, likely a direct result of ... | |
FLOWFUZZ - A FRAMEWORK FOR FUZZING OPENFLOW-ENABLED SOFTWARE AND HARDWARE SWITCHES | Nicholas Gray , Thomas Zinner , Phuoc Tran-gia , Manuel Sommer | Software-defined Networking (SDN) is a new networking paradigm which aims for increasing the flexibility of ... | |
FRACTURED BACKBONE: BREAKING MODERN OS DEFENSES WITH FIRMWARE ATTACKS | Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk , Mikhail Gorobets | In this work we analyzed two recent trends. The first trend is the growing threat ... | |
FREE-FALL: HACKING TESLA FROM WIRELESS TO CAN BUS | Ling Liu , Sen Nie , Yuefeng Du | In today's world of connected cars, security is of vital importance. The security of these ... | |
FRIDAY THE 13TH: JSON ATTACKS | Alvaro Muñoz , Oleksandr Mirosh | 2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for ... | |
GAME OF CHROMES: OWNING THE WEB WITH ZOMBIE CHROME EXTENSIONS | Tomer Cohen | On April 16, 2016, an army of bots stormed upon Wix servers, creating new accounts ... | |
GARBAGE IN GARBAGE OUT: HOW PURPORTEDLY GREAT MACHINE LEARNING MODELS CAN BE SCREWED UP BY BAD DATA | Hillary Sanders | As processing power and deep learning techniques have improved, deep learning has become a powerful ... | |
GO NUCLEAR: BREAKING RADIATION MONITORING DEVICES | Ruben Santamarta | USA, 1979: The Three Mile Island Nuclear Generating Station suffered a core meltdown. Operators were ... | |
GO TO HUNT THEN SLEEP | Robert E. Lee , David J. Bianco | Are nightmares of data breaches and targeted attacks keeping your CISO up at night? You ... | |
HACKING HARDWARE WITH A $10 SD CARD READER | Amir ( zenofex ) Etemadieh , Cj Heres , Khoa Hoang | Dumping firmware from hardware, utilizing a non-eMMC flash storage device, can be a daunting task ... | |
HACKING SERVERLESS RUNTIMES: PROFILING AWS LAMBDA AZURE FUNCTIONS AND MORE | Andrew Krug , Graham Jones | Serverless technology is getting increasingly ubiquitous in the enterprise and startup communities. As micro-services multiply ... | |
HONEY I SHRUNK THE ATTACK SURFACE – ADVENTURES IN ANDROID SECURITY HARDENING | Nick Kralevich | Information security is ever evolving, and Android's security posture is no different. Users and application ... | |
HOW WE CREATED THE FIRST SHA-1 COLLISION AND WHAT IT MEANS FOR HASH SECURITY | Elie Bursztein | In February 2017, we announced the first SHA-1 collision. This collision combined with a clever ... | |
HUNTING GPS JAMMERS | Vlad Gostomelsky | This presentation provides an introduction to the vulnerabilities of satellite navigation and timing systems and ... | |
ICHTHYOLOGY: PHISHING AS A SCIENCE | Karla Burnett | Many companies consider phishing inevitable: the best we can do is run training for our ... | |
INDUSTROYER/CRASHOVERRIDE: ZERO THINGS COOL ABOUT A THREAT GROUP TARGETING THE POWER GRID | Robert E. Lee , Ben Miller , Robert Lipovsky , Anton Cherepanov , Joe Slowik | The cyber attack on Ukraine's power grid on December 17th, 2016 was the second time ... | |
INFECTING THE ENTERPRISE: ABUSING OFFICE365+POWERSHELL FOR COVERT C2 | Craig Dods | As Enterprises rush to adopt Office365 for increased business agility and cost reduction, too few ... | |
INFLUENCING THE MARKET TO IMPROVE SECURITY | Chris Wysopal , Justine Bone | Vulnerabilities have never been so marketable. There are many ways for security researchers to monetize ... | |
INTEL AMT STEALTH BREAKTHROUGH | Dmitriy ( d1g1 ) Evdokimov , Alexander Ermolov , Maksim Malyutin | Every modern computer system based on Intel architecture has Intel Management Engine (ME) - a ... | |
INTEL SGX REMOTE ATTESTATION IS NOT SUFFICIENT | Yogesh Swami | In this paper, we argue that SGX Remote Attestation provided by Intel is not sufficient ... | |
INTERCEPTING ICLOUD KEYCHAIN | Alex Radocea | iCloud Keychain employs end-to-end encryption to synchronise secrets across devices enrolled in iCloud. We discovered ... | |
IOTCANDYJAR: TOWARDS AN INTELLIGENT-INTERACTION HONEYPOT FOR IOT DEVICES | Tongbo Luo , Xing Jin , Zhaoyan Xu , Xin Ouyang | In recent years, the emerging Internet-of-Things (IoT) has led to rising concerns about the security ... | |
KR^X: COMPREHENSIVE KERNEL PROTECTION AGAINST JUST-IN-TIME CODE REUSE | Marios Pomonis | The abundance of memory corruption and disclosure vulnerabilities in kernel code necessitates the deployment of ... | |
LIES AND DAMN LIES: GETTING PAST THE HYPE OF ENDPOINT SECURITY SOLUTIONS | Mike Spaulding , Lidia Giuliano | Signatures are dead! We need to focus on machine learning, artificial intelligence, math models, lions, ... | |
MANY BIRDS ONE STONE: EXPLOITING A SINGLE SQLITE VULNERABILITY ACROSS MULTIPLE SOFTWARE | Kun Yang , Siji Feng , Zhi Zhou | SQLite is widely used as embedded database software for local/client storage in application software, such ... | |
NETWORK AUTOMATION IS NOT YOUR SAFE HAVEN: PROTOCOL ANALYSIS AND VULNERABILITIES OF AUTONOMIC NETWORK | Omar Eissa | Autonomic systems are smart systems which do not need any human management or intervention. Cisco ... | |
NEW ADVENTURES IN SPYING 3G AND 4G USERS: LOCATE TRACK and MONITOR | Ravishankar Borgaonkar , Andrew Martin , Jean-pierre Seifert , Altaf Shaik , Shinjo Park , Lucca Hirschi | The 3G and 4G devices deployed worldwide are vulnerable to IMSI catcher aka Stingray devices. ... | |
OCHKO123 - HOW THE FEDS CAUGHT RUSSIAN MEGA-CARDER ROMAN SELEZNEV | Harold Chun , Norman Barbosa | How did the Feds catch the notorious Russian computer hacker Roman Seleznev - the person ... | |
OFFENSIVE MALWARE ANALYSIS: DISSECTING OSX/FRUITFLY VIA A CUSTOM C and C SERVER | Patrick Wardle | Creating a custom command and control (C and C) server for someone else's malware has ... | |
OPENCRYPTO: UNCHAINING THE JAVACARD ECOSYSTEM | Dan Cvrcek , George Danezis , Petr Svenda , Vasilios Mavroudis | JavaCard is a subset of Java that allows applets to run securely on smartcards and ... | |
ORANGE IS THE NEW PURPLE - HOW AND WHY TO INTEGRATE DEVELOPMENT TEAMS WITH RED/BLUE TEAMS TO BUILD MORE SECURE SOFTWARE | April C. Wright | Introducing a new paradigm for integrating developers with offensive and defensive teams to enhance SDLC. ... | |
PEIMA: HARNESSING POWER LAWS TO DETECT MALICIOUS ACTIVITIES FROM DENIAL OF SERVICE TO INTRUSION DETECTION TRAFFIC ANALYSIS AND BEYOND | Stefan Prandl | Distributed denial of service attacks (DDoS) are a constant problem for network operators today. Thanks ... | |
PRACTICAL TIPS FOR DEFENDING WEB APPLICATIONS IN THE AGE OF DEVOPS | Zane Lackey | The standard approach for web application security over the last decade and beyond has focused ... | |
PROTECTING PENTESTS: RECOMMENDATIONS FOR PERFORMING MORE SECURE TESTS | Wesley Mcgrew | This presentation represents a capstone to previous years' work by the author on the subject ... | |
PROTECTING VISUAL ASSETS: DIGITAL IMAGE COUNTER-FORENSICS | Nikita Mazurov , Kenneth Brown | They say an image is worth a thousand words, and surely that means it's worth ... | |
QUANTIFYING RISK IN CONSUMER SOFTWARE AT SCALE - CONSUMER REPORTS' DIGITAL STANDARD | Sarah Zatko , Eason Goodale | Last year Mudge and Sarah pulled back the curtains on the non-profit Cyber Independent Testing ... | |
RBN RELOADED - AMPLIFYING SIGNALS FROM THE UNDERGROUND | Dhia Mahjoub , David Rodriguez , Jason Passwaters | Threat intelligence gains immensely in clarity and precision when signals intelligence (SIGINT) and on-the-ground human ... | |
REAL HUMANS SIMULATED ATTACKS: USABILITY TESTING WITH ATTACK SCENARIOS | Lorrie Faith Cranor | User studies are critical to understanding how users perceive and interact with security and privacy ... | |
REDESIGNING PKI TO SOLVE REVOCATION EXPIRATION AND ROTATION PROBLEMS | Brian Knopf | As the previous Director of Security at companies like Linksys, Belkin, and Wink, I learned ... | |
REVOKE-OBFUSCATION: POWERSHELL OBFUSCATION DETECTION (AND EVASION) USING SCIENCE | Lee Holmes , Daniel Bohannon | Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, being ... | |
RVMI: A NEW PARADIGM FOR FULL SYSTEM ANALYSIS | Sebastian Vogl , Jonas Pfoh | Debuggers can play a valuable role in dynamic malware analysis, but these tools fall short ... | |
SHIELDFS: THE LAST WORD IN RANSOMWARE RESILIENT FILE SYSTEMS | Stefano Zanero , Federico Maggi , Alessandro Barenghi , Andrea Continella , Alessandro Guagnelli , Giovanni Zingaro , Giulio De Pasquale | Preventive and reactive security measures can only partially mitigate the damage caused by modern ransomware ... | |
SKYPE and TYPE: KEYSTROKE LEAKAGE OVER VOIP | Gene Tsudik , Mauro Conti , Daniele Lain , Alberto Compagno | It is well-known that acoustic emanations of computer keyboards represent a serious privacy issue. As ... | |
SO YOU WANT TO MARKET YOUR SECURITY PRODUCT... | Terrell Mcsweeny , Aaron Alva | When it comes to marketing tactics, security products are no different than any other consumer ... | |
SONIC GUN TO SMART DEVICES: YOUR DEVICES LOSE CONTROL UNDER ULTRASOUND/SOUND | Bo Yang , Aimin Pan , Wang Kang , Zhengbo Wang , Shangyuan Li | MEMS sensors, such as accelerometers and gyroscopes, play non-substitutive roles in modern smart devices. A ... | |
SPLUNKING DARK TOOLS - A PENTESTERS GUIDE TO PWNAGE VISUALIZATION | Bryce Kunz , Nathan Bates | A rise in data analytics and machine learning has left the typical pentesters behind in ... | |
SS7 ATTACKER HEAVEN TURNS INTO RIOT: HOW TO MAKE NATION-STATE AND INTELLIGENCE ATTACKERS' LIVES MUCH HARDER ON MOBILE NETWORKS | Philippe Langlois , Martin Kacer | The SS7 mobile vulnerabilities affect the security of all mobile users worldwide. The SS7 is ... | |
TAKING DMA ATTACKS TO THE NEXT LEVEL: HOW TO DO ARBITRARY MEMORY READS/WRITES IN A LIVE AND UNMODIFIED SYSTEM USING A ROGUE MEMORY CONTROLLER | Anna Trikalinou , Dan Lake | Physical DMA attacks on devices and the ability to read and modify memory contents can ... | |
TAKING OVER THE WORLD THROUGH MQTT - AFTERMATH | Lucas Lundgren | During a test, we found an open port on a server. After some digging, we ... | |
TAKING WINDOWS 10 KERNEL EXPLOITATION TO THE NEXT LEVEL – LEVERAGING WRITE-WHAT-WHERE VULNERABILITIES IN CREATORS UPDATE | Morten Schenk | Since the release of Windows 10, and especially in the Anniversary Edition released in August ... | |
THE ACTIVE DIRECTORY BOTNET | Ty Miller , Paul Kalinin | Botnets and C and C servers are taking over the internet and are a major ... | |
THE ADVENTURES OF AV AND THE LEAKY SANDBOX | Itzik Kotler , Amit Klein | Everyone loves cloud-AV. It incorporates up-to-date intelligence from multiple global sources ("wisdom of the clouds"), ... | |
THE ART OF SECURING 100 PRODUCTS | Nir Valtman | How many times you heard people stating "its best practice"? How many times you successfully ... | |
THE AVALANCHE TAKEDOWN: LANDSLIDE FOR LAW ENFORCEMENT | Tom Grasso | It was a highly secure infrastructure of servers that allegedly offered cyber criminals an unfettered ... | |
THE EPOCHOLYPSE 2038: WHAT'S IN STORE FOR THE NEXT 20 YEARS | Mikko Hypponen | It's the 20th Black Hat, and it's been a wild ride from 1997 to 2017. ... | |
THE FUTURE OF APPLEPWN - HOW TO SAVE YOUR MONEY | Timur Yunusov | When people ask about wireless payments (PayPass, ApplePay, SamsungPay, etc), everyone certainly claims that ApplePay ... | |
THE INDUSTRIAL REVOLUTION OF LATERAL MOVEMENT | Tal Be'ery , Tal Maor | Recent advancements in the Targeted Attacks technology, and specifically to the Lateral Movement phase of ... | |
THE ORIGIN OF ARRAY [@@SPECIES]: HOW STANDARDS DRIVE BUGS IN SCRIPT ENGINES | Natalie Silvanovich | Web standards are ever-evolving and determine what browsers can do. But new features can also ... | |
THE SHADOW BROKERS – CYBER FEAR GAME-CHANGERS | Matt Suiche | Who are The Shadow Brokers? I have no clue. Nobody really does. The Shadow Brokers ... | |
THEY'RE COMING FOR YOUR TOOLS: EXPLOITING DESIGN FLAWS FOR ACTIVE INTRUSION PREVENTION | John Ventura | Several popular attack tools and techniques remain effective in the real world, even though they ... | |
TRACKING RANSOMWARE END TO END | Elie Bursztein , Luca Invernizzi , Kylie Mcroberts | A niche term just two years ago, ransomware has rapidly risen to fame in the ... | |
WEB CACHE DECEPTION ATTACK | Omer Gil | Web Cache Deception attack is a new web attack vector that puts various technologies and ... | |
WELL THAT ESCALATED QUICKLY! HOW ABUSING DOCKER API LED TO REMOTE CODE EXECUTION SAME ORIGIN BYPASS AND PERSISTENCE IN THE HYPERVISOR VIA SHADOW CONTAINERS | Michael Cherny , Sagie Dulce | With over 5 billion pulls from the Docker Hub, Docker is proving to be the ... | |
WHAT THEY'RE TEACHING KIDS THESE DAYS: COMPARING SECURITY CURRICULA AND ACCREDITATIONS TO INDUSTRY NEEDS | Chaim Sanders , Rob Olson | Security is hard, but security education may be harder. Few academic institutions have the skills ... | |
WHAT'S ON THE WIRELESS? AUTOMATING RF SIGNAL IDENTIFICATION | Michael Ossmann , Dominic Spill | Most organisations want to monitor wireless devices within their environment, but, with a growing number ... | |
WHEN IOT ATTACKS: UNDERSTANDING THE SAFETY RISKS ASSOCIATED WITH CONNECTED DEVICES | Billy Rios , Jonathan Butts | The Internet of Things (IoT) is all around us, making our lives more convenient. We've ... | |
WHITE HAT PRIVILEGE: THE LEGAL LANDSCAPE FOR A CYBERSECURITY PROFESSIONAL SEEKING TO SAFEGUARD SENSITIVE CLIENT DATA | Jacob Osborn , Karen Neuman | The law affords unique protections to communications between a lawyer and client, commonly referred to ... | |
WHY MOST CYBER SECURITY TRAINING FAILS AND WHAT WE CAN DO ABOUT IT | Arun Vishwanath | To date, the only pro-active, user-focused solution against spear phishing has been cyber security awareness ... | |
WIFUZZ: DETECTING AND EXPLOITING LOGICAL FLAWS IN THE WI-FI CRYPTOGRAPHIC HANDSHAKE | Mathy Vanhoef | Encrypted Wi-Fi networks are increasingly popular. This is highlighted by new standards such as Hotspot ... | |
WIRE ME THROUGH MACHINE LEARNING | Ankit Singh , Vijay Thaware | In this world of technology where communication through email plays an important role, vicious threats ... | |
WSUSPENDU: HOW TO HANG WSUS CLIENTS | Romain Coltel , Yves Le Provost | You are performing a pentest. You just owned the first domain controller. That was easy. ... |