BlackHatAsia2019 2019 March 26, 2019 to March 29, 2019, Singapore, Singapore

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: The Next Arms Race Mikko Hypponen The Internet is not supposed to have borders, but it does. Countries fight and spy ...
ACSploit: Exploit Algorithmic Complexity Vulnerabilities Scott Tenaglia Algorithmic Complexity (AC) vulnerabilities arise when a program uses an algorithm with a particularly inefficient ...
NetSpectre: A Truly Remote Spectre Variant Michael Schwarzl Modern processors use branch prediction and speculative execution to increase their performance. Since January 2018, ...
Office in Wonderland Pieter Hegt In this talk we will explore a wide range of novel techniques that abuse Microsoft ...
PASTA: Portable Automotive Security Testbed with Adaptability Tsutomu Matsumoto , Tsuyoshi Toyama , Takuya Yoshida , Hisashi Oguma For accelerating the development of sophisticated driving-assist technologies such as automated driving, securing vehicles against ...
CQTools: The New Ultimate Hacking Toolkit Paula Januszkiewicz , Adrian Denkiewicz , Mike Jankowski-lorek CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose ...
How to Survive the Hardware Assisted Control-Flow Integrity Enforcement Chong Xu , Bing Sun , Jin Liu Control-flow hijacking is a crucial step of modern vulnerability exploitation, which helps to convert a ...
Keep Everyone In Sync: Effective Approaches Borrowed from Open Source Communities Wang Kang Keeping members of a community in sync is a resource-consuming task. For example, many security ...
Pwning the Core of IoT Botnets: From a Honeypot to Gigabytes of Botnet Source Code Tan Kean Siong With the leak of Mirai botnet source code back in 2016, countless IoT botnet variants ...
Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with the Napper Seunghun Park Trusted Platform Module (TPM) is a tamper-resistant device and designed to provide hardware-based security functions. ...
Intel VISA: Through the Rabbit Hole Maxim Ermolov The complexity of x86-based systems has become so great that not even specialists can know ...
iOS Dual Booting Demystified Max Bazaliy In this talk, we will investigate and present on the ways in which to boot ...
Preloading Insecurity In Your Electron Luca Carettoni Modern browsers are complicated systems. They enforce numerous security mechanisms to ensure isolation between sites, ...
Investigating Malware Using Memory Forensics - A Practical Approach Monnappa K A The number of cyber attacks is undoubtedly on the rise targeting government, military, public and ...
Reverse Engineering Custom ASICs by Exploiting Potential Supply-Chain Leaks Thomas Weber Many industry specific solutions in the field of SCADA consist of unknown custom chips without ...
Winter is Coming Back: Defeating the Most Advanced Rowhammer Defenses to Gain Root and Kernel Privileges Zhi Wang , Yueqiang Cheng , Zhi Zhang , Surya Nepal Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any ...
DevSecOps: What, Why and How Anant Shrivastava Security is often added towards the end of a typical DevOps cycle, through manual/automated review. ...
See Like a Bat: Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs Yisroel Mirsky Although Man-in-the-Middle (MitM) attacks on LANs have been known for some time, they are still ...
The Cost of Learning from the Best: How Prior Knowledge Weakens the Security of Deep Neural Networks Yulong Zhang , Tao Wei , Qian Feng , Yunhan Jack Jia , Zhenyu Zhong , Yantao Lu Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an ...
Dive into VxWorks Based IoT Device: Debug the Undebugable Device Yu Zhou , Wenzhe Zhu , Jiashui Wang , Ruikai Liu VxWorks is the industry's leading real-time operating system. It has been widely used in various ...
Modern Secure Boot Attacks: Bypassing Hardware Root of Trust from Software Alex Matrosov Many hardware vendors are armoring modern Secure Boot by moving Root of Trust to the ...
When Voice Phishing Met Malicious Android App Min-chang Jang The traditional voice phishing we know is that an attacker makes a call to the ...
Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All Craig Young HTTPS is the backbone for online privacy and commerce – yet, for two decades, the ...
Attacking Browser Sandbox: Live Persistently and Prosperously Yongke Wang , Huiming Liu , Bin Ma The Sandbox technique has been widely adopted in almost all web browsers and is proven ...
Industrial Remote Controller: Safety, Security, Vulnerabilities Philippe Lin , Akira Urano Radio-frequency (RF) remote controllers are widely used in the manufacturing, construction, transportation, and many other ...
Monocerus: Dynamic Analysis for Smart Contract Anh Quynh Nguyen By introducing the concept of storing and executing program on blockchain, smart contract becomes vital ...
Oh No! KPTI Defeated, Unauthorized Data Leakage is Still Possible Yueqiang Cheng , Yulong Zhang , Tao Wei , Zhaofeng Chen , Yu Ding Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ...
Automated REST API Endpoint Identification for Security Testing at Scale: How Machine Learning Accelerates Security Testing Jay Chen , Azzedine Benameur , Lei Ding , Jeffrey Jacob Unlike traditional web applications where a web crawler is used to discover various urls, REST ...
Don't Eat Spaghetti with a Spoon - An Analysis of the Practical Value of Threat Intelligence Charl van der Walt Threat Intelligence is a sound proposition that has its place in a mature security operation. ...
Return of the Insecure Brazilian Voting Machines Diego F. Aranha This talk presents a detailed and up-to-date security analysis of the voting software used in ...
Who Left Open the Cookie Jar? Tom Van Goethem , Gertjan Franken Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. ...
Efficient Approach to Fuzzing Interpreters Marcin Dominiak , Wojciech Rauner Fuzzing has started to gain more recognition over the past years. The basic concept behind ...
Ghosts in a Nutshell Moritz Lipp , Claudio Canella At the beginning of 2018, two severe attacks, called Meltdown and Spectre, have been published. ...
Using the JIT Vulnerability to Pwn Microsoft Edge Zhenhuan Li , Shenrong Liu To speed up the javascript code, the modern browser introduces the Just-In-Time(JIT) compiler to javascript ...
AcuTherm: A Hybrid Attack on Password Entry Based on Both Acoustic and Thermal Side-Channels Gene Tsudik , Tyler Kaczmarek , Ercan Ozturk , Pier Paolo Tricomi Despite predictions of their demise and calls for their deprecation, passwords remain the most popular ...
Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC Neil Wyler , Bart Stump This session is your chance to get up close and personal with the Black Hat ...
Make Redirection Evil Again - URL Parser Issues in OAuth Wing Cheong Lau , Ronghai Yang , Xianbo Wang , Shangcheng Shi Since 2012, OAuth 2.0 has been widely deployed by online service providers worldwide. Security-related headlines ...
Locknote: Conclusions and Key Takeaways from Black Hat Asia 2019 Jeff ( Dark Tangent ) Moss At the close of this year's conference, join Black Hat Founder Jeff Moss and members ...