BlackHatUSA2019 2019 Aug. 3, 2019 to Aug. 8, 2019, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: Every Security Team is a Software Team Now Dino Dai Zovi As software is eating the world, every company is becoming a software company. This doesn’t ...
A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works Sze Yiu Chau In the 2006 CRYPTO rump session, Daniel Bleichenbacher gave a talk on how to exploit ...
Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically Wenxu Wu System services have always been an important component of Windows 10. In recent years, there ...
Biometric Authentication Under Threat: Liveness Detection Hacking Yu Chen , Bin Ma , Zhuo Ma Biometric authentication has been widely used in scenarios such as device unlocking, App login, real-name ...
Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone Xiling Pi Though researchers have found lots of vulnerabilities in Stagefright framework for audio/video codecs on Android ...
ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended William Burke As tried-and-true methods of code execution via phishing are getting phased out, new research was ...
Detecting Deep Fakes with Mice George Williams , Jonathan Comerford Neural networks can generate increasingly realistic, human-like speech. These so-called "deep fakes" can be used ...
Legal GNSS Spoofing and its Effects on Autonomous Vehicles Victor Murray Many systems depend on accurate location information from Global Navigation System Satellites (GNSS) for normal ...
Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception Luke Fisher The practice of HTTPS interception continues to be commonplace on the Internet. In a basic ...
SSO Wars: The Token Menace Alvaro Mirosh It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On ...
APIC's Adventures in Wonderland Oliver Block Software-defined networking (SDN) along-side with micro-segmentation has been proposed as a new paradigm to deploy ...
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD) Sean Morowczynski The allure of the "Cloud" is indisputable. Organizations are moving into the cloud at a ...
Attacking Electric Motors for Fun and Profit Matthew Wijesekera Electric motors (EMs) account for more than 40 percent of annual global electricity consumption and ...
Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware Masarah Bilodeau This talk is the 'grand finale' of a four-year long investigation that started with analyzing ...
Dragonblood: Attacking the Dragonfly Handshake of WPA3 Mathy Vanhoef One of its main advantages of WPA3 is that it provides forward secrecy and prevents ...
Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine Joe Bialek Cloud proliferation continues to increase the worlds dependency on the security of virtualization stacks. But ...
Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society Bruce Schneier , Camille Galperin We’re at a critical juncture right now where the benefits from technological advances are increasingly ...
PicoDMA: DMA Attacks at Your Fingertips Joel Blaxill Direct Memory Access (DMA) attacks are typically performed in real-time by an attacker that gains ...
The Most Secure Browser? Pwning Chrome from 2016 to 2019 Zhen Hua Liu Browser security is always a prevalent topic in security research. Due to the great design ...
All the 4G Modules Could be Hacked Shupeng Gao , Haikuo Xie , Zheng Ye Nowadays more and more 4G modules are built into IoT devices around the world, such ...
Behind the Scenes of Intel Security and Manageability Engine Shai Moyal Today low-level firmware vulnerabilities are becoming more a focus than in the past, mainly due ...
Cyber Insurance 101 for CISO’s Jeffrey Smith This session provides a basic understanding of a cyber policy including market dynamics, coverage terms ...
HTTP Desync Attacks: Smashing into the Cell Next Door James Kettle HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques ...
I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy Matt Wixey Almost everything about us – our handwriting, DNA, faces, voices, fingerprints, even our eyes – ...
It's Not What You Know, It's What You Do: How Data Can Shape Security Engagement Masha Sengirbay When it comes to security training, one size does not fit all. Company-wide and even ...
New Vulnerabilities in 5G Networks Altaf Borgaonkar The security in the 5G network has evolved and is more efficient than the previous ...
Selling 0-Days to Governments and Offensive Security Companies Maor Shwartz Selling 0-days is a fascinating process that not a lot of people are familiar with. ...
Sensor and Process Fingerprinting in Industrial Control Systems Martin Chuadhry Critical infrastructure, such as electricity and water distribution, is heavily dependent on automated control. The ...
The Path Less Traveled: Abusing Kubernetes Defaults Ian Cooley Kubernetes is a container orchestration framework that is increasingly widely used in enterprise and elsewhere. ...
Chip.Fail - Glitching the Silicon of the Connected World Thomas Datko All smart devices, from cars to IoT, are based around processors. Often these processors are ...
Come Join the CAFSA - Continuous Automated Firmware Security Analysis Collin Mulliner Modern devices are complex and their firmware often consists of multiple parts that together make ...
Finding a Needle in an Encrypted Haystack: Leveraging Cryptographic Abilities to Detect the Most Prevalent Attacks on Active Directory Marina Zinar Active Directory has always been a popular target for attackers, with a constant rise in ...
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs Orange Chang SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are ...
Integration of Cyber Insurance Into A Risk Management Program Jake Kouns This session will provide information on the current data breach landscape and then discuss how ...
Lessons From Two Years of Crypto Audits Jean-Philippe Aumasson Over the last two years, we've completed many successful crypto audits. These audits consisted of ...
Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone Natalie Silvanovich There have been rumors of remote vulnerabilities requiring no user interaction being used to attack ...
MITRE ATT&CK: The Play at Home Edition Katie Kovar You've seen the tactics and techniques. You've read the descriptions. However, something is missing…how do ...
Responding to a Cyber Attack with Missiles Mikko Hypponen The lines between real and virtual worlds are blurring fast. Several governments have publicly stated ...
Worm Charming: Harvesting Malware Lures for Fun and Profit Pedram Amini It's no secret that client-side attacks are a common source of compromise for many organizations. ...
Arm IDA and Cross Check: Reversing the Boeing 787's Core Network Ruben Santamarta In 2008 the FAA issued several Special Conditions for The Boeing 787 Dreamliner. There were ...
Controlled Chaos: The Inevitable Marriage of DevOps & Security Kelly Forsgren We've all heard "software is eating the world" – that most organizations are becoming software ...
Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover Nick Landers Command and Control (C2) is at the center of successful malware development. Given the importance ...
Hacking Your Non-Compete Gregory Dykstra Nearly everyone in the cybersecurity community found themselves contemplating leaving an employer, been offered an ...
He Said, She Said – Poisoned RDP Offense and Defense Dana Itkin It's safe to assume that many people reading this text have heard of using the ...
How Do Cyber Insurers View The World? Matt Prevost With the rise of data breaches there have been many discussions, presentations and articles written ...
Hunting for Bugs, Catching Dragons Nicolas Joly While browser and plugin exploits are frequent, it's less common to see exploits affecting targets ...
Internet-Scale Analysis of AWS Cognito Security Andrès Pablo Riancho This talk will show the results of an internet-scale analysis of the security of AWS ...
Messaging Layer Security: Towards a New Era of Secure Group Messaging Benjamin Beurdouche , Raphael Cohn-gordon http://i.blackhat.com/USA-19/Wednesday/us-19-Robert-Messaging-Layer-Security-Towards-A-New-Era-Of-Secure-Group-Messaging.pdfThe world is moving towards end-to-end encryption (E2EE) for person-to-person messaging, as more services now ...
The Cyber Shell Game – War, Information Warfare, and the Darkening Web Alexander Klimburg This year we celebrate a dubious anniversary – it’s been 20 years since the first ...
Cybersecurity Risk Assessment for Safety-Critical Systems Ken Johnson , Ly Vessels When you consider critical infrastructure, we rarely consider the enabling technology and systems that realize ...
Deconstructing the Phishing Campaigns that Target Gmail Users Elie Oliveira With over 1.4 billion active users and million of companies entrusting it to handle their ...
Defense Against Rapidly Morphing DDOS Mudit Fedorov In June 2018 ProtonMail suffered rapidly morphing sustained DDOS attacks that included Syn Floods, TCP ...
Detecting Malicious Files with YARA Rules as They Traverse the Network David Bernal YARA, the pattern matching swiss knife for malware researchers, has been extremely useful at detecting ...
Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing Jonathan Metzman Coverage-guided fuzzers like AFL and libFuzzer have led to a "fuzzing renaissance". This is because ...
MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection Colin O'flynn How secure is a typical hardware bitcoin wallet? Surely such a device would not pin ...
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary Dokyung Song The OS kernel is an attractive target for remote attackers. If compromised, the kernel gives ...
Reverse Engineering WhatsApp Encryption for Chat Manipulation and More Roman Vanunu As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with ...
Transparency in the Software Supply Chain: Making SBOM a Reality Allan Friedman We can't buy a piece of candy without knowing its ingredients, or design and sell ...
Attack Surface as a Service Anna Westelius Protecting public facing assets is becoming increasingly problematic for any company with an online presence ...
Death to the IOC: What's Next in Threat Intelligence Bhavna Soman Humans cannot scale to the amount of Threat Intelligence being generated. While the Security Community ...
GDPArrrrr: Using Privacy Laws to Steal Identities James Pavur On May 25, 2018 the European Union's General Data Protection Regulation (GDPR) came into effect, ...
Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated Guillaume Teissier "Walled garden" used to be the security principle backing SS7 networks. This is no longer ...
On Trust: Stories from the Front Lines Jamil Farshchi Time and again, we as consumers read about the latest significant data breach, and we ...
Testing Your Organization's Social Media Awareness Jacob Wilkin The phishing landscape is rapidly changing, and in the last few years we have witnessed ...
The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring Andrea Carcano , Alessandro Dragoni Until recently, passive monitoring has been the standard approach for OT networks because of the ...
WebAuthn 101 - Demystifying WebAuthn Christiaan Brand Five years later and we're finally at the finish line: Proposed recommendation for W3C WebAuthn. ...
Woke Hiring Won't Save Us: An Actionable Approach to Diversity Hiring and Retention Rebecca Lynch "Okay, so there are fewer women in infosec than there are men. Let's just hire ...
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans Jatin Kataria , Richard Cui First commercially introduced in 2013, Cisco Trust Anchor module(TAm) is a proprietary hardware security module ...
All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices Min Bai Privacy is about people. Smartphones and laptops (e.g., iPhone, iPad, and MacBooks) are the most ...
Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller Alex Gazet Hardware security boundaries are really difficult to support and correctly design. On modern x86 platforms ...
Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities Nathan Renardy How many bytes do you need to take down a web server? The answer might ...
Information Security in the Public Interest Bruce Schneier Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities ...
Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch Adam Ruddermann Thinking about launching a vulnerability disclosure or bug bounty program and not sure where to ...
Playing Offense and Defense with Deepfakes Mike Price This presentation seeks to demonstrate how deepfaking can be leveraged for offensive and defensive purposes. ...
Project Zero: Five Years of 'Make 0Day Hard Ben Hawkes This year marks the fifth anniversary of Project Zero, an applied security research team at ...
Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence Jason Jenkins The US is in the midst of its most dramatic shift in policy, emphasizing forward ...
The Enemy Within: Modern Supply Chain Attacks Eric Doerr I'm in your supply chain, and you're probably in mine. Our increasingly interconnected infrastructure leaves ...
API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web Joshua Maddux The 2016 WWDC saw the dawn of Apple Pay Web, an API that lets websites ...
Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months Jarek Stanley , Shannon Sabens , Greg Jay Ever want to talk to someone that runs a bug bounty program and trade best ...
Breaking Encrypted Databases: Generic Attacks on Range Queries Marie-sarah Lacharité Security researchers and practitioners have proposed many techniques for securely storing and querying outsourced data. ...
DevSecOps : What, Why and How Anant Shrivastava Security is often added towards the end, in a typical DevOps cycle through a manual/automated ...
Finding Our Path: How We're Trying to Improve Active Directory Security Rohan Vazarkar , Will Schroeder , Andy Robbins As the dominant directory service solution, Active Directory persists as the crucial backbone of identity, ...
Operational Templates for State-Level Attack and Collective Defense of Countries Gregory Fanelli The veneer of modern civilization is thin and brittle. Given sufficient will, it is disturbingly ...
Process Injection Techniques - Gotta Catch Them All Itzik Klein When it comes to process injection in Windows, there are only 6-7 fundamental techniques, right? ...
Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs Uriel Malin , Sara Bitan , Avishai Biham The Siemens industrial control systems architecture consists of Simatic S7 PLCs which communicate with a ...
Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan Asuka Nakajima , Suhee Yen The information security industry has historically been a male-dominated field, and today, unfortunately, this situation ...
0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars Wenkai Zhang , Zhiqiang Cai , Aohui Wang , Michael Schweppe Cyber security for connected cars has become a widespread concern over the past years. In ...
Behind the scenes of iOS and Mac Security Ivan Krstic With over 1.4 billion active devices and in-depth security protections spanning every layer from silicon ...
Exploiting Qualcomm WLAN and Modem Over The Air Xiling Pi In this talk, we will share our research in which we successfully exploit Qualcomm WLAN ...
Firmware Cartography: Charting the Course for Modern Server Compromise Nathan Blazakis The modern server is the Matryoshka doll of computers, computers inside computers, a giant, undocumented ...
Ghidra - Journey from Classified NSA Tool to Open Source Brian Delikat This year was a momentous one for the National Security Agency (NSA) as we released ...
Infighting Among Russian Security Services in the Cyber Sphere Kimberly Zenz Much Western coverage of Russian hacking focuses on "Russia," as if the nation were a ...
Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term Chloe Brown Your bounty program has launched and is clicking along… but are you getting optimal results ...
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale Aladdin Almubayed Over the last decade, there has been steady growth in the adoption of open-source components ...
Predictive Vulnerability Scoring System Michael J. Jacobs Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat ...
Zombie Ant Farming: Practical Tips for Playing Hide and Seek with Linux EDRs Dimitry Snezhkov EDR solutions have landed in Linux. With the ever increasing footprint of Linux machines deployed ...
Automation Techniques in C++ Reverse Engineering Rolf Rolles This presentation will discuss several generic, automated dynamic analysis techniques based on DLL injection for ...
Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers Sheila Ayelen Berta Throughout the years, many studies have been published addressing different ways of backdooring devices by ...
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS Ben Zusman VxWorks is the most popular operating system you have never heard about. It is a ...
Fantastic Red-Team Attacks and How to Find Them Casey Wolf Red team testing in organizations over the last year has shown a dramatic increase in ...
Inside the Apple T2 Mikhail Erickson Apple's T2 Security Chip promised to bring "a new level of integration and security" to ...
Making Big Things Better the Dead Cow Way Joseph Menn , Peiter "mudge" Zatko , Christien Benfey Trying to change the security culture of a single company can be daunting. The Cult ...
Preventing Authentication Bypass: A Tale of Two Researchers Terry Zhang , Ron Jaiswal “I discovered a critical security issue that lets an attacker compromise any other user’s account ...
Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps Maddie Stone The Android security community has been predominantly focused on user-space applications for many years. However, ...
Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime Tao Wang Zero-click or one-click remote exploits targeting Apple FaceTime or iMessage attract increasing attention, but neither ...
A Compendium of Container Escapes Brandon Freeman Containers are a hot topic because of the simplicity they bring to the process of ...
Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers Paula Januszkiewicz Best practices come out when true experts’ experience meets the power of science! Let’s face ...
Attacking iPhone XS Max Tielei Xu With the release of iPhone XS and XS Max, Apple's implementation of Pointer Authentication Code ...
Everybody be Cool, This is a Robbery! Gabriel Bédrune HSMs (Hardware Security Modules) bring cryptographic mechanisms to environments where the highest level of security ...
Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project David Breuer Online propaganda and election influence have received much attention recently. Defense leaders and the general ...
HostSplit: Exploitable Antipatterns in Unicode Normalization Jonathan Birch This talk demonstrates new exploit techniques that leverage Unicode normalization behavior to bypass URL security ...
Securing Apps in the Open-By-Default Cloud Winston Wozniak Services created in cloud environments like GCP or AWS are open to the internet by ...
The Discovery of a Government Malware and an Unexpected Spy Scandal Lorenzo Franceschi-bicchierai In early 2019, we revealed the existence of a new intrusion software built and primarily ...
The Future of ATO Philip Martin Account Takeover (ATO) is the silent killer of online security. Between password megalists, massive PII ...
Breaking Samsung's ARM TrustZone Maxime Peterlin , Alexandre Guilbon The increasing popularity of connected devices in recent years has led manufacturers to put a ...
Command Injection in F5 iRules Christoffer Jerkeby BigIP F5 products are used by large corporations and governments all around the world. Its ...
Debug for Bug: Crack and Hack Apple Core by Itself - Fun and Profit to Debug and Fuzz Apple Kernel by lldb Script Lilang Li As we know for security researchers, almost every operation system vendor has highly raised the ...
Exploring the New World : Remote Exploitation of SQLite and Curl Wenxiang Qian , Yuxiang Wu Over the past years, our team has used several new approaches to identify multiple critical ...
How to Detect that Your Domains are Being Abused for Phishing by Using DNS Arnold Lovink As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming ...
Lessons and Lulz: The 5th Annual Black Hat USA NOC Report Neil Stump Back with another year of soul crushing statistics, the Black Hat NOC team will be ...
Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites Ray Huebler We're taking Bluetooth LE hacking from toys and padlocks to the real world. Improving the ...
Paging All Windows Geeks – Finding Evil in Windows 10 Compressed Memory Omar Andonov FireEye's FLARE team analyzed the Windows 10 memory compression implementation to enable access to data ...
Shifting Knowledge Left: Keeping up with Modern Application Security Mark Heisler With security "shifting left" into DevSecOps, it's more difficult than ever to keep up with ...