blackhatUSA2018 2018 Aug. 4, 2018 to Aug. 9, 2018, Las Vegas, USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Keynote: Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes | Parisa Tabriz | N/A | |
Detecting Credential Compromise in AWS | William Bengtson | Credential compromise in the cloud is not a threat that one company faces, rather it ... | |
Dissecting Non-Malicious Artifacts: One IP at a Time | Ido Naor , Dani Goland | For years and years, anti-malware solutions, across many levels of the network, have been assisted ... | |
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking | Louis Dion-marcil | When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors ... | |
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection | Kingkane Malmquist | The purpose of an information security awareness program serves to protect business data through user ... | |
Finding Xori: Malware Analysis Triage with Automated Disassembly | Amanda Rousseau , Richard Seymour | In a world of high volume malware and limited researchers, we need a dramatic improvement ... | |
Holding on for Tonight: Addiction in InfoSec | Jamie Tomasello | Substance abuse is present in and affects all communities, even information security. This session will ... | |
How I Learned to Stop Worrying and Love the SBOM | Allan Friedman | Despite its simplicity, the "software bill of materials" (SBOM) has been met with apathy and ... | |
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware | Richard Harang , Felipe Ducau | Security is a constant cat-and-mouse game between those trying to keep abreast of and detect ... | |
Software Attacks on Hardware Wallets | Alyssa Milburn , Sergei Volokitin | Almost all security research has a question often left unanswered: what would be the financial ... | |
A Dive in to Hyper-V Architecture & Vulnerabilities | Joe Bialek , Nicolas Joly | Virtualization technology is an increasingly common foundation on which platform security is built and clouds ... | |
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths | Jay Little | In the blockchain, contracts may be lost but are never forgotten. Over 1,500,000 Ethereum smart ... | |
Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools | Joshua Saxe | Anyone who keeps up with technology news has read about deep neural networks beating human ... | |
From Bot to Robot: How Abilities and Law Change with Physicality | Brittany Postnikoff , Wendy Knox Everette , Sara-jayne Terp | Online bots and real-world robots are both capable of manipulating people and communities. Online bots ... | |
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous | Liang Chen | Modern operating systems nowadays implement read-only memory mappings at their CPU architecture level, preventing common ... | |
Miasm: Reverse Engineering Framework | Fabrice Desclaux , Camille Mougey | Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). ... | |
New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers | Samuel Groß | As finding reliably exploitable vulnerabilities in web browser engines becomes gradually harder, attackers turn to ... | |
Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops | Celeste Paul , Josiah Dykstra | Hacking is a high-risk, high-reward, with a high-cost to human capital. In this session, we ... | |
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever | Marina Krotofil , Andrea Carcano , Younes Dragoni | In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial ... | |
CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment | Sergey Gordeychik , Aleksandr Timorin | The software defined wide-area network is technology based on SDN approach applied to branch office ... | |
Compression Oracle Attacks on VPN Networks | Ahamed Nafeez | Security researchers have done a good amount of practical attacks in the past using chosen ... | |
Deep Dive into an ICS Firewall, Looking for the Fire Hole | Julien Lenoir , Benoit Camredon | Industrial control systems (ICS) security has become a serious concern over the past years. Indeed, ... | |
Legal Landmines: How Law and Policy are Rapidly Shaping Information Security | Jennifer Granick , Joseph Menn , Leonard Bailey , Amit Elazari , Allison Bender , Paul Rosen | The Internet was a much different place 25 years ago. Technology, and the free flow ... | |
No Royal Road … Notes on Dangerous Game | Mara Tam | Attribution fatigue is real. We are 20 years past Moonlight Maze, 15 years past Titan ... | |
Remotely Attacking System Firmware | Mickey Shkatov , Oleksandr Bazhaniuk , Jesse Michael | In recent years, we have been witnessing a steady increase in security vulnerabilities in firmware. ... | |
Reversing a Japanese Wireless SD Card - From Zero to Code Execution | Guillaume Valadon | Toshiba FlashAir are wireless SD cards used by photographers and IoT enthusiasts. They integrate both ... | |
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers | Aurélien Francillon , Sebastian Poeplau , Marius Muench , Giovanni Camurati , Tom Hayes | The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," ... | |
There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently | Marc Witteman , Niek Timmers , Alyssa Milburn , Nils Wiersma , Ramiro Pareja Veredas , Santiago Cordoba Pellicer | Automotive security is a hot topic, and hacking cars is cool. These vehicles are suffering ... | |
An Attacker Looks at Docker: Approaching Multi-Container Applications | Wesley Mcgrew | Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale ... | |
Don't @ Me: Hunting Twitter Bots at Scale | Jordan Wright , Olabode Anise | Automated Twitter accounts have been making headlines for their ability to spread spam and malware ... | |
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering | Matt Wixeye | Traditional phishing and social engineering attack techniques are typically well-documented and understood. While such attacks ... | |
From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it | Sean Metcalf | N/A | |
Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community | Jay Radcliffe , Christian quaddi Dameff | It's not easy to miss the gunshot wound in the trauma bay, or the cough ... | |
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology | Matt Graeber , Lee Christensen | While security products are a great supplement to the defensive posture of an enterprise, to ... | |
The Unbearable Lightness of BMC's | Nico Waisman , Matias Sebastian Soler | Welcome to a data center! A place where the air conditioner never stops and the ... | |
Threat Modeling in 2018: Attacks, Impacts and Other Updates | Adam Shostack | Attacks always get better, and that means your threat modeling needs to evolve. This talk ... | |
WireGuard: Next Generation Secure Network Tunnel | Jason A. Donenfeld | The state of VPN protocols is not pretty, with popular options, such as IPsec and ... | |
A Brief History of Mitigation: The Path to EL1 in iOS 11 | Ian Beer | In December last year, I released the async_wake exploit for iOS 11.1.2. In this talk, ... | |
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre | Art Manion , Matt Linton , Christopher Robinson , Eric Doerr | It's January 2nd, 2018. Your phone buzzes. You've been working for more than 6 months ... | |
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! | Orange Tsai | We propose a new exploit technique that brings a whole-new attack surface to defeat path ... | |
Breaking the IIoT: Hacking industrial Control Gateways | Thomas Roth | Industrial control gateways connect most of the critical infrastructure surrounding us to the centralized management ... | |
LTE Network Automation Under Threat | Ravishankar Borgaonkar , Altaf Shaik | The control and management of mobile networks is shifting from manual to automatic in order ... | |
Open Sesame: Picking Locks with Cortana | Tal Be'ery , Amichai Shulman , Ron Marcovich , Yuval Ron | Many new devices are trying to fit into our life seamlessly. As a result, there’s ... | |
Squeezing a Key through a Carry Bit | Filippo Valsorda | The Go implementation of the P-256 elliptic curve had a small bug due to a ... | |
Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems | Nemanja Mulasmajic , Nicolas Peterson | There exists a "feature" in the x86 architecture that, due to improper programming by many ... | |
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? | David Weston | Over the last year, the "zero trust" network (ZTN) security architecture concept has generated interest ... | |
AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries | Kang Li | AFL has claimed many successes on fuzzing a wide range of applications. In the past ... | |
A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme | Neha Narula , Ethan Heilman | Our talk presents attacks on the cryptography used in the cryptocurrency IOTA, which is currently ... | |
Back to the Future: A Radical Insecure Design of KVM on ARM | Rahul Kashyap , Baibhav Singh | In ARM there are certain instructions that generates exception. Such instructions are typically executed to ... | |
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure | Kevin Perlow | The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to ... | |
How can Communities Move Forward After Incidents of Sexual Harassment or Assault? | Makenzie Peterson | When incidents of sexual harassment or sexual assault occur within communities, as we've recently seen ... | |
I, for One, Welcome Our New Power Analysis Overlords | Colin O'flynn | Despite high-profile failures, there can be no doubt that embedded security is improving. Yet, several ... | |
InfoSec Philosophies for the Corrupt Economy | Lawrence Munro | The majority of systematic approaches to information security are created by contributors from stable nation ... | |
Is the Mafia Taking Over Cybercrime? | Jonathan Lusthaus | Claims abound that the Mafia is not only getting involved in cybercrime, but taking a ... | |
The Air-Gap Jumpers | Mordechai Guri | The term 'air-gap' in cyber security refers to a situation in which a sensitive computer, ... | |
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware | Oliver Schranz | The Android Runtime (ART), even though introduced in Android 5 already, has not received much ... | |
Demystifying PTSD in the Cybersecurity Environment | Joe Slowik | In February 2018, an article appeared concerning 'cybersecurity PTSD' and its impact on the security ... | |
Fire & Ice: Making and Breaking macOS Firewalls | Patrick Wardle | In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential ... | |
Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines | Carsten Schuermann | The WinVote voting machine was used extensively in Virginia elections during 2004 and 2015. It ... | |
Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims | Cathal Smyth , Clare Gollnick | Right now, combatting credit card fraud is mostly a reactionary process. Issuers wait until transactions ... | |
Real Eyes, Realize, Real Lies: Beating Deception Technologies | Matan Hart | Recent advancements have reinvented deception technologies and their use as a security layer of defense, ... | |
Stop that Release, There's a Vulnerability! | Christine Gadsby | Software companies can have hundreds of software products in-market at any one time, all requiring ... | |
The Problems and Promise of WebAssembly | Natalie Silvanovich | WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native ... | |
Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key | L jean Camp , Gianpaolo Russo , Sanchari Das | Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report ... | |
Black Box is Dead. Long Live Black Box! | Aleksei Stennikov , Vladimir Kononovich | The number of logic attacks on ATMs continues to rise. Some of them involve a ... | |
Identity Theft: Attacks on SSO Systems | Kelby Ludwig | SAML is often the trust anchor for Single Sign-On (SSO) in most modern day organizations. ... | |
Kernel Mode Threats and Practical Defenses | Joe Desimone , Gabriel Landau | Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot ... | |
New Norms and Policies in Cyber-Diplomacy | Jeff ( Dark Tangent ) Moss , Jane holl Lute , James Andrew Lewis , Christopher Painter | After the last round of the UN sponsored consultations on international cybersecurity collapsed in 2016, ... | |
Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots | Hiroshi Suzuki , Minoru Kobayashi | Volume Shadow Copy Service (VSS) is a backup feature for recent Windows OSes. You can ... | |
Snooping on Cellular Gateways and Their Critical Role in ICS | Justin Shattuck | To keep up with the growing demand of always-on and available-anywhere connectivity, the use of ... | |
The Science of Hiring and Retaining Female Cybersecurity Engineers | Ashley Holtz | The wisdom on why it is difficult to recruit and retain women in the industry ... | |
The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet | Alex Ionescu , Gabrielle Viala | All Windows researchers know about RPC and ALPC, and the attack surface provided through the ... | |
Your Voice is My Passport | John Seymour , Azeem Aqil | Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a ... | |
A Deep Dive into macOS MDM (and How it can be Compromised) | Jesse Endahl , Max Bélanger | On macOS, DEP (Device Enrollment Program) and MDM (Mobile Device Management) are the recommended methods ... | |
AI & ML in Cyber Security - Why Algorithms are Dangerous | Raffael Marty | Every single security company is talking in some way or another about how they are ... | |
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies | Alejandro Hernandez | With the advent of electronic trading platforms and networks, the exchange of financial securities now ... | |
Decompiler Internals: Microcode | Ilfak Guilfanov | This talk sheds some light into the intermediate language that is used inside the Hex-Rays ... | |
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities | Brad Geesaman | Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity ... | |
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels | Jens Müller , Christian Dresen | OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From ... | |
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs | Christopher Domas | Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems ... | |
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives | Christian quaddi Dameff , Jeffrey Tully , Maxwell Bland | Healthcare infosec is in critical condition- too few bodies, underfunded to a fault, and limping ... | |
Stealth Mango and the Prevalence of Mobile Surveillanceware | Andrew Blaich , Michael Flossman | In this talk, we will unveil the new in-house capabilities of a nation state actor ... | |
Applied Self-Driving Car Security | Chris Valasek , Charlie Miller | In the not too distant future, we'll live in a world where computers are driving ... | |
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service | Wang Kang , Yi-qun Hui | Live video streaming services are getting more and more popular in China. In order to ... | |
Outsmarting the Smart City | Daniel Crowley , Jennifer Savage , Mauro Paredes | The term "smart city" evokes imagery of flying cars, shop windows that double as informational ... | |
Playback: A TLS 1.3 Story | Alejo Murillo Moya , Alfonso Garcia Alguacil | TLS 1.3 is the new secure communication protocol that should be already with us. One ... | |
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks | Holly Stewart , Jugal Parikh , Randy Treit | Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable ... | |
So I became a Domain Controller | Benjamin Delpy , Vincent Le Toux | "They told me I could be anything I wanted, so I became a Domain Controller."While ... | |
TLBleed: When Protecting Your CPU Caches is Not Enough | Ben Gras | We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers ... | |
WebAssembly: A New World of Native Exploits on the Browser | Justin Engler , Tyler Lukasiewicz | WebAssembly (WASM) is a new technology being developed by the major browser vendors through the ... | |
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities | Matt Miller , Anders Fogh , Christopher Ertl | 2018 started off with a bang as the world was introduced to a new class ... | |
Another Flip in the Row | Daniel Gruss , Moritz Lipp , Michael Schwarz | The Rowhammer bug is an issue in most DRAM modules which allows software to cause ... | |
Automated Discovery of Deserialization Gadget Chains | Ian Haken | Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, ... | |
Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time | Ian G. Harris , Marcel Carlsson | Social engineering is a big problem but very little progress has been made in stopping ... | |
Exploitation of a Modern Smartphone Baseband | Marco Grassi , Muqing Liu , Tianyi Xie | In this talk, we will explore the baseband of a modern smartphone, discussing the design ... | |
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities | Xinyu Xing , Jimmy Su , Wei Wu | Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address ... | |
How can Someone with Autism Specifically Enhance the Cyber Security Workforce? | Rhett Greenhagen , Casey Hurt , Dr. Stacy Thayer | This session outlines how someone with Autism Spectrum Disorder (ASD) offers a unique skillset that ... | |
Last Call for SATCOM Security | Ruben Santamarta | In 2014, we took to the stage and presented "A Wake-up Call for SATCOM Security," ... | |
Legal Liability for IOT Cybersecurity Vulnerabilities | Ijay Palansky | There has been much discussion of "software liability," and whether new laws are needed to ... | |
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator | Alexei Bulazel | Windows Defender's mpengine.dll implements the core of Defender antivirus' functionality in an enormous ~11 MB, ... | |
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems | Leigh-anne Galloway , Tim Yunusov | These days it's hard to find a business that doesn't accept faster payments. Mobile Point ... | |
Hardening Hyper-V through Offensive Security Research | Jordan Rabet | Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. ... | |
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies | Andrei Costin , Jonas Zaddach | Computer malware in all its forms is nearly as old as the first PCs running ... | |
Lowering the Bar: Deep Learning for Side Channel Analysis | Jasper van Woudenberg , Baris Ege , Guilherme Perin | Deep learning can help automate the signal analysis process in power side channel analysis. So ... | |
Mainframe [z/OS] Reverse Engineering and Exploit Development | Chad Rikansrud | Speak with any Fortune 500 running mainframe and they'll tell you two things: (1) without ... | |
Practical Web Cache Poisoning: Redefining 'Unexploitable | James Kettle | Modern web applications are composed from a crude patchwork of caches and content delivery networks. ... | |
SDL That Won't Break the Bank | Steve Lipner | Over the last fifteen years, many large software development organizations have adopted Security Development Lifecycle ... | |
SirenJack: Cracking a 'Secure' Emergency Warning Siren System | Balint Seeber | SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ... | |
Understanding and Exploiting Implanted Medical Devices | Billy Rios , Jonathan Butts | There has been significant attention recently surrounding the risks associated with cyber vulnerabilities in critical ... | |
DeepLocker - Concealing Targeted Attacks with AI Locksmithing | Jiyong Jang , Marc Ph. Stoecklin , Dhilung Kirat | In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks ... | |
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina | Bhargava Shastry , Dominik Maier , Vincent Ulitzsch | Setting up a fuzzing pipeline takes time and manual effort for identifying fuzzable programs and ... | |
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It | Sam Thomas | Recent years have seen the emergence of PHP unserialization vulnerabilities as a viable route to ... | |
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report | Neil Wyler , Bart Stump | Back with another year of soul crushing statistics, the Black Hat NOC team will be ... | |
Meltdown: Basics, Details, Consequences | Daniel Gruss , Moritz Lipp , Michael Schwarz | The security of computer systems fundamentally relies on the principle of confidentiality. Confidentiality is typically ... | |
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars | Ling Liu , Sen Nie , Yuefeng Du , Wenkai Zhang | We, Keen Security Lab of Tencent, have successfully implemented two remote attacks on the Tesla ... | |
Return of Bleichenbacher's Oracle Threat (ROBOT) | Craig Young , Hanno Böck | With a 19 year old vulnerability, we were able to sign a message with the ... | |
The Finest Penetration Testing Framework for Software-Defined Networks | Seungwon Shin , Seungsoo Lee , Jinwoo Kim , Seungwon Woo | Software-Defined Networking (SDN) is getting attention for the next-generation networking today. The key concept of ... | |
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library | Maddie Stone | Malware authors implement many different techniques to frustrate analysis and make reverse engineering malware more ... |