blackhatEurope 2018 Dec. 3, 2018 to Dec. 6, 2018, London, United Kingdom

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: Developments and Challenges in Cybersecurity from the Nation-State Perspective Marina Kaljurand Eleven years ago Estonia was the first country in the world to fall under politically ...
Drill Apple Core: Up and Down - Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit Yuefeng Li , Dongyang Wu , Juwei Lin Apple operation system has gained much popularity both in the personal computer (MacOS) and in ...
Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild Jean-ian Boutin , Frédéric Vachon BIOS rootkits have been researched and discussed heavily in the past few years, but sparse ...
No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank Mauro Conti , Veelasha Moonsamy , Riccardo Spolaor , Riccardo Bonafede Thanks to their omnipresence and multi-purposeness, users rely on smartphones to execute in few touches ...
SDL at Scale: Growing Security Champions Ryan O'Boyle If you're tasked with securing a portfolio of applications it's a practice in extremes. You've ...
DeepPhish: Simulating Malicious AI Alejandro Correa Bahnsen 91% of cybercrimes and attacks start with a phishing email. This means that cyber security ...
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces Igor Korkin In Windows 10, Microsoft is introducing a new memory protection concept: Windows Defender Device Guard, ...
PASTA: Portable Automotive Security Testbed with Adaptability Tsutomu Matsumoto , Tsuyoshi Toyama , Takuya Yoshida , Hisashi Oguma For accelerating the development of sophisticated driving-assist technologies such as automated driving, securing vehicles against ...
Real-Time Detection of Attacks Leveraging Domain Administrator Privilege Takuho Mitsunaga , Mariko Fujimoto , Wataru Matsuda In Advanced Persistent Threat (APT) attacks, attackers tend to target the Active Directory to expand ...
Attacking and Defending Blockchains: From Horror Stories to Secure Wallets Jean-Philippe Aumasson This talk will review some of the most spectacular security failures in blockchain systems, and ...
Eternal War in XNU Kernel Objects Xiaolong Bai , Min (spark) Zheng Jailbreaking, in general, means breaking the device out of its "jail'." Apple devices (e.g., iPhone, ...
Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling Michael Flossman , Kristin Del Rosso This briefing will highlight the most recent expansion of the tools of the Syrian Electronic ...
Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX Tim (wadhwa-)brown Over the past fifteen years there's been an uptick in "interesting" UNIX infrastructures being integrated ...
A Measured Response to a Grain of Rice Joe Fitzpatrick Over time, our hardware has become smaller, faster, cheaper - and also incredibly more complicated. ...
Container Attack Surface Reduction Beyond Name Space Isolation Michalis Polychronakis , Azzedine Benameur , Jay Chien-an Chen , Lei Ding Public container images are riddled with vulnerabilities. We've analyzed the top 100 official Docker images ...
Keeping Secrets: Emerging Practice in Database Encryption Kenn White A wide gap exists between real-world attack scenarios and the implicit security guarantees of most ...
The Undeniable Truth: How Remote Attestation Circumvents Deniability Guarantees in Secure Messaging Protocols Lachlan Gunn , Ricardo Vieitez Parra , N Asokan In 2016, attackers broke into John Podesta's e-mail account and published his mailbox via WikiLeaks; ...
Level Up Your Security Mindset Nathan Hamiel We live in a world of constant change, so why is it the people who ...
Old New Things: An Examination of the Philips TriMedia Architecture Nahuel Cayetano Riva In today's Intel/AMD and ARM controlled world, it's always interesting, for a reverse engineer, to ...
Video Killed the Text Star: OSINT Approach Francisco Jesús Gómez , Cesar Jimenez In 1979 The Buggles launched the hit song "Video Killed the Radio Star." Nowadays The ...
When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence Magal Baz , Tom Sela In Windows domain environments most attacks involve obtaining domain admin privileges. But that's not enough ...
AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace Vijay Thaware , Niranjan Agnihotri The face: A crucial means of identity. But what if this crucial means of identity ...
Broken Links: Emergence and Future of Software-Supply Chain Compromises Ryan Kazanciyan The last two years have been filled with high-profile enterprise security incidents that shared a ...
In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild Nick Sullivan , Luke Valenta We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS ...
The Last Line of Defense: Understanding and Attacking Apple File System on iOS Xiaolong Bai , Min (spark) Zheng With its rapid evolvement, Apple has deployed many mechanisms in iOS to defend against potential ...
Deep Impact: Recognizing Unknown Malicious Activities from Zero Knowledge Hiroshi Suzuki , Hisao Nashiwa To detect malicious activities, there are pattern matching, blacklists, behavioral analysis, and event correlation. However, ...
Don't Eat Spaghetti with a Spoon - An Analysis of the Practical Value of Threat Intelligence Charl van der Walt , Sid Pillarisetty Threat Intelligence is a sound proposition that has its place in a mature security operation. ...
RustZone: Writing Trusted Applications in Rust Eric Evenchick Trusted Execution Environments (TEEs) are present in many devices today, and are used to perform ...
Straight Outta VMware: Modern Exploitation of the SVGA Device for Guest-to-Host Escapes Zisis Sialveras This presentation focuses on modern exploitation techniques for VMware Workstation guest's virtual graphics device in ...
Attacking Hardware Systems Using Resonance and the Laws of Physics Ivan Reedman Everything has a resonant frequency. By finding the resonant frequency of certain electronic sensors, programmable ...
Evolving Security Experts Among Teenagers Nahman Khayet , Shlomi Boutnaru By 2020, the estimated shortfall in the security workforce will reach 1.5 million people (https://bit.ly/2GO6Ov0). ...
I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor Takuya Watanabe In this talk, we present a practical side-channel attack that identifies the social web service ...
Perfectly Deniable Steganographic Disk Encryption Dominic Schaub Deniable encryption and steganography nominally safeguard sensitive information against forced password disclosure by concealing its ...
BLEEDINGBIT: Your APs Belong to Us Ben Seri , Dor Zusman Enterprise Wi-Fi access points featuring BLE (Bluetooth Low Energy) chips have become increasingly common in ...
Network Defender Archeology: An NSM Case Study in Lateral Movement with DCOM Justin Warner , Alex Sirr Adversaries love leveraging legitimate functionality that lays dormant inside of Microsoft Windows for malicious purposes ...
Perception Deception: Physical Adversarial Attack Challenges and Tactics for DNN-Based Object Detection Tao Wei , Weilin Xu , Yunhan Jack Jia , Zhenyu Zhong DNN has been successful for Object Detection, which is critical to the perceptions of Autonomous ...
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses Niek Timmers , Martijn Bogaard Secure Boot is widely deployed in modern embedded systems and an essential part of the ...
Cutting Edge: Microsoft Browser Security — From People Who Owned It Wei Wei , Chuanda Ding , Zhipeng Huo Microsoft Edge, the new default browser for Windows 10, is heavily sandboxed. In fact, it ...
Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC Neil Wyler , Bart Stump This session is your chance to get up close and personal with the Black Hat ...
How to Build Synthetic Persons in Cyberspace Fernando Maymi , Alex Nickels One of the greatest challenges in developing capable cyberspace operators is building realistic environments for ...
When Machines Can't Talk: Security and Privacy Issues of Machine-to-Machine Data Protocols Federico Maggi , Davide Quarta Two popular machine-to-machine (M2M) protocols—MQTT & CoAP—are slowly forming the backbone of many IoT infrastructures, ...
Cloud-Native Sandboxes for Microservices: Understanding New Threats and Attacks Tongbo Luo , Zhaoyan Xu Sandboxing is a proven technique for detecting malware and targeted attacks. In practice, sandboxes inspect ...
Off-Path Attacks Against PKI Haya Shulman , Elias Heftrig The security of Internet-based applications fundamentally relies on the trustwortiness of Certificate Authorities (CAs). We ...
The Mummy 2018 – Microsoft Accidentally Summons Back Ugly Attacks from the Past Ran Menscher In the early 2000s attackers could very easily leverage naïve mechanisms of IP fragmentation and ...
Thermanator and the Thermal Residue Attack Gene Tsudik , Tyler Kaczmarek , Ercan Ozturk As warm-blooded mammals, humans routinely leave thermal residue on various objects with which they come ...
Locknote: Conclusions and Key Takeaways from Black Hat Europe 2018 Jeff ( Dark Tangent ) Moss At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...