BlackHatEurope 2019 Dec. 2, 2019 to Dec. 5, 2019, London, United Kingdom
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Keynote: Blue to Red: Traversing the Spectrum | Amanda Rousseau | The rising demand for talent to fill thousands of open roles in the security industry ... | |
Chain of Fools: An Exploration of Certificate Chain Validation Mishaps | James Barclay , Nick Anise | Typically, when software needs to perform cryptographic tasks, developers use libraries or APIs that abstract ... | |
Conducting a Successful False Flag Cyber Operation (Blame it on China) | Jake Williams | Cyber attribution is hard, really hard. But luckily for attackers, a new armchair analyst is ... | |
First Contact - Vulnerabilities in Contactless Payments | Leigh-anne Yunusov | Introduced in 2007, contactless (NFC) payments have been used widely for a decade. Accounting for ... | |
Money Doesn't Stink - Cybercriminal Business Insight of A New Android Botnet | Sebastian Garcia , María Shirokova | In mid 2018, we discovered one of the largest reported Android banking botnets known to ... | |
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection | Daniele Cono D'elia | In the malware realm designing transparent sandboxes is only one part of the story. When ... | |
Doors of Durin: The Veiled Gate to Siemens S7 Silicon | Ali Abbasi , Tobias Holz | Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 ... | |
Exploiting Windows Hello for Business | Michael Grafnetter | In Windows 10 and Windows Server 2016, Microsoft has introduced a new feature called Windows ... | |
Mobile Network Hacking, IP Edition | Karsten Nohl , Luca Yazdanmehr | Mobile networks have gone through a decade of security improvements ranging from better GSM encryption ... | |
Far Sides of Java Remote Protocols | An Trinh | Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) are widely deployed ... | |
Hackers, Journalists and the Ethical Swamp | Geoff White | As hacking stories have increasingly made news headlines, those behind the attacks have become ever ... | |
HTTP Desync Attacks: Request Smuggling Reborn | James Kettle | HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques ... | |
Sneak into Your Room: Security Holes in the Integration and Management of Messaging Protocols on Commercial IoT Clouds | Yan Jia , Luyi Zhang | With the increasing popularity of the Internet of Things (IoT), many IoT clouds have emerged ... | |
Advanced VBA Macros Attack & Defence | Philippe Lagadec | In 2019, VBA macros are still heavily used to deliver malware, and new obfuscation techniques ... | |
Hands Off and Putting SLAB/SLUB Feng Shui in a Blackbox | Yueqi Chen , Xinyu Su | Successful exploitation against a Linux kernel vulnerability requires the manipulation of memory layout. Over the ... | |
Is Your Mental Health for Sale? | Eliot Kaltheuner | According to the WHO, 25% of the European population suffer from depression or anxiety each ... | |
Reverse Engineering and Exploiting Builds in the Cloud | Etienne Stalmans , Chris Luft | Continuous Integration, Delivery, and Deployment (CI/CD) and Containers are common terms in today’s IT landscapes ... | |
Booting the iOS Kernel to an Interactive Bash Shell on QEMU | Jonathan Afek | Booting the iOS kernel on QEMU with an interactive bash shell and a live debugger ... | |
Bring Your Own Token (BYOT) to Replace the Traditional Smartcards for Strong Authentication and Signing | Karthik Hampshire | Smartcards are a good way to enable strong authentication to enterprise network and applications as ... | |
ClusterFuzz: Fuzzing at Google Scale | Abhishek Chang | Fuzzing is an effective way of finding security vulnerabilities, but it does not scale well ... | |
Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit | Yeongjin Jang , Chun Sung Park , Seungjoo Lee | The Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, allowing users to ... | |
Detecting (un)Intentionally Hidden Injected Code by Examining Page Table Entries | Frank Block | Malware utilizes code injection techniques to either manipulate other processes (e.g. done by banking trojans) ... | |
Side Channel Attacks in 4G and 5G Cellular Networks | Syed Atyab Hussain | The adoption of Fourth Generation Long Term Evolution (4G LTE)—the de facto standard for cellular ... | |
Understanding the IoT Threat Landscape and a Home Appliance Manufacturer's Approach to Counter Threats to IoT | Hikohiro Osawa | As we live in a world where billions of IoT devices are connected to the ... | |
Unleashing the Power of My 20+ Years Old Car | Stanislas Lejay | When I came to Japan about a year and half ago, the first thing I ... | |
How to Break PDF Encryption | Jens Ising | PDF is among the most widely used document formats worldwide. To ensure confidentiality, PDF supports ... | |
Implementing the Lessons Learned From a Major Cyber Attack | Andy Powell | In June 2017, Maersk suffered a major notpetya cyber-attack, this session explains lessons learned and ... | |
Unveiling the Underground World of Anti-Cheats | Joel Noguera | In a world where billion players spend money in games while playing, it was obvious ... | |
What the Fuzz | Cornelius Schumilo | Fuzzers have become one of the most powerful tools at the disposal of offensive security ... | |
BitLeaker: Subverting BitLocker with One Vulnerability | Seunghun Park | Trusted Platform Module (TPM) is a tamper-resistant security module. It has been widely deployed in ... | |
New Exploit Technique In Java Deserialization Attack | Yongtao Wang , Lucas Chai | Java deserialization attack has been proposed around 2015 by Foxglove Security Team. Afterward, another attack ... | |
OEM Finder: Hunting Vulnerable OEM IoT Devices at Scale | Asuka Nakajima | Nowadays, many consumer IoT vendors employ an OEM production model. They purchase IoT devices from ... | |
Tackling Privilege Escalation with Offense and Defense | Abdul-aziz Pek | Over the past couple of years, various JavaScript APIs have been closely examined by security ... | |
Alexa, Hack My Server(less) Please | Tal Melamed | When adopting serverless technology, we eliminate the need to manage a server for our application. ... | |
BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication | Youngman Jung , Junbum Jang | Bluetooth enabled devices can indirectly check the proximity of other connected devices, and this proximity ... | |
Fatal Fury on ESP32: Time to Release Hardware Exploits | Limited Results | Released on January 1st 2016, the ESP32, the System-on-Chip (SoC) from Espressif Systems, becomes quickly ... | |
Site Isolation: Confining Untrustworthy Code in the Web Browser | Nasko Reis | In the late 2000s, web browsers moved from single-process to multi-process architectures, introducing a sandbox ... | |
Bypassing KPTI Using the Speculative Behavior of the SWAPGS Instruction | Andrei Vlad Lutas | Speculative-execution based attacks and side-channels are more and more common as disclosures continue to increase ... | |
Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC | Neil Stump | This session is your chance to get up close and personal with the Black Hat ... | |
Practical Side-Channel Attacks Against WPA-TKIP | Domien Vanhoef | Wireless networks and their security protocols keep evolving due to increased performance and reliability demands. ... | |
Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol | Ta-lun Yen | Apple devices are known for "it works", after you unbox it and login with your ... | |
Breaking Bootloaders on the Cheap | Qais Oswald | One of the challenges in securing embedded devices is to protect the flash memory storing ... | |
Inside Out - The Cloud has Never been so Close | Igal Shani | The public cloud infrastructure adds new management layer and security challenges that need to be ... | |
Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them | Thomas Tellenbach | With the releases of Android Oreo and Pie, Google introduced some background execution limits for ... | |
Thinking Outside the JIT Compiler: Understanding and Bypassing StructureID Randomization with Generic and Old-School Methods | Yong Wang | In the last two years, lots of JIT compiler bugs have been found in the ... | |
Locknote: Conclusions and Key Takeaways from Black Hat Europe 2019 | Jeff ( Dark Tangent ) Moss , Daniel Cuthbert , Leigh-anne Krotofil | At the close of this year's conference, join Black Hat Founder Jeff Moss and members ... |