BlackHatUSA2020 2020 Aug. 1, 2020 to Aug. 6, 2020, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Stress-Testing Democracy: Election Integrity During a Global Pandemic Matt Blaze Technologists have long warned that much of the technology and infrastructure we depend on for ...
All You Ever Wanted to Know about the AMD Platform Security Processor and were Afraid to Emulate - Inside a Deeply Embedded Security Processor Robert Eichner AMDs Zen (and later) CPUs contain the "(Platform) Secure Processor" (PSP) which is an embedded ...
Carrying our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces Alan Michaels This talk explores the contradiction of allowing increasingly smart Implanted Medical Devices (IMD) in secure ...
CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms Yier Jin , Honggang Yu , Tsung-yi Ho Deep Neural Networks (DNN) have been widely deployed for a variety of tasks across many ...
Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes Sheila Berta Today, with a few commands anyone can have containers running on their machine; at this ...
Emulating Samsung's Baseband for Security Testing Grant Muench The most crucial interface between modern mobile phones and cellular networks are baseband processors. Basebands ...
Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Tens of Millions of Critical Devices Shlomi Oberman , Moshe Schön This is the story of how we found and exploited a series of critical vulnerabilities ...
Hiding Process Memory via Anti-Forensic Techniques Frank Block Nowadays, security practitioners typically use memory acquisition or live forensics to detect and analyze sophisticated ...
HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges Amit Klein HTTP Request Smuggling (AKA HTTP Desyncing) is an attack technique invented in 2005 that exploits ...
Room for Escape: Scribbling Outside the Lines of Template Security Alvaro Mirosh Now more than ever, digital communication and collaboration are essential to the modern human experience. ...
An Unauthenticated Journey to Root: Pwning Your Company's Enterprise Software Servers Pablo Genuer Often Fortune 1000 companies consist of a plethora of software, hardware, vendors, and solutions all ...
Decade of the RATs – Custom Chinese Linux Rootkits for Everyone Kevin Livelli While 2020 is the Year of the Rat for the Chinese, it's felt more like ...
Detecting Fake 4G Base Stations in Real Time Cooper Quintin 4G/LTE IMSI-catchers (such as the Hailstorm) are becoming more popular with governments and law enforcement ...
Election Security: Securing America's Future Christopher Krebs The United States Government is intensely focused on election security and is working together with ...
Engineering Empathy: Adapting Software Engineering Principles and Process to Security Craig Mackinnon Software engineering has a lot to teach our 'security engineering' teams - this session will ...
Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares Veronica Kovah Bluetooth Low Energy (BLE) has seen widespread product adoption and a renewed interest from a ...
Industrial Protocol Gateways Under Analysis Marco ‘embyte’ Balduzzi With the development of the Industry 4.0, legacy devices like serial control servers or PLCs ...
Repurposing Neural Networks to Generate Synthetic Media for Information Operations Philip Foster Deep neural networks routinely achieve near human-level performances on a variety of tasks, but each ...
Web Cache Entanglement: Novel Pathways to Poisoning James Kettle Caches are woven into websites throughout the net, discreetly juggling data between users, and yet ...
Demystifying Modern Windows Rootkits Bill Demirkapi This talk will demystify the process of writing a rootkit, moving past theory and instead ...
Discovering Hidden Properties to Attack the Node.js Ecosystem Wenke Lee , Guofei Gu , Guangliang Yang , Hong Hu , Feng Xiao , Jianwei Huang , Yichang Xiong Node.js is widely used for developing both server-side and desktop applications. It provides a cross-platform ...
iOS Kernel PAC, One Year Later Brandon Azad In February 2019, I reported to Apple five ways to bypass kernel Pointer Authentication on ...
Policy Implications of Faulty Cyber Risk Models and How to Fix Them Wade Severski Bad security data leads to bad security policies; better data enables better policies. That, in ...
Reverse Engineering the Tesla Battery Management System to increase Power Available Patrick Kiley Tesla released the dual motor performance Model S in late 2014. At that time the ...
Ruling StarCraft Game Spitefully -- Exploiting the Blind Spot of AI-Powered Game Bots Xinyu Xing , Jimmy Su , Wenbo Guo , Xian Wu With recent breakthroughs of deep neural networks in problems like computer vision, machine translation, and ...
Stopping Snake Oil with Smaller Healthcare Providers: Addressing Security with Actionable Plans and Maximum Value Mitchell Brett Parker Healthcare has been the most affected industry by ransomware, data breaches, and hacks. Every week ...
We Went to Iowa and All We Got were These Felony Arrest Records Justin Demercurio In-depth discussion and review of the red team engagement of Iowa courthouses which resulted in ...
Whispers Among the Stars: A Practical Look at Perpetrating (and Preventing) Satellite Eavesdropping Attacks James Pavur Space is changing. The number of satellites in orbit will increase from approximately 2,000 today ...
Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot Cheng-yu Chao , Hung Chi Su , Che-yang Wu Being the highest market share smartphone manufacturer, Samsung conducts a series of protection on Android ...
Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers Chris Kuhr Election vendors are an integral part of American democracy. Because voting machines and the companies ...
FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud Kevin Perlow The INJX_Pure and Lazarus FASTCash malware families are each built on publicly documented standards that ...
Healthscare – An Insider's Biopsy of Healthcare Application Security Seth Fogie Healthcare security teams are in a tough spot. While the provider industry is taking security ...
NoJITsu: Locking Down JavaScript Engines Taemin Park Data-only attacks against dynamic scripting environments have become common. Web browsers and other modern applications ...
OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts Stefano Zanero , Federico Maggi , Marco ‘embyte’ Balduzzi , Davide Quarta , Marcello Pogliani In this talk, we delve into industrial robot programming, focusing on the security issues arising ...
Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild Maddie Stone Over the past 12 months, Project Zero has analyzed eleven 0-day vulnerabilities that were exploited ...
The Devil's in the Dependency: Data-Driven Software Composition Analysis Benjamin Eng We all know that lurking within even the most popular open source packages are flaws ...
Uncommon Sense: Detecting Exploits with Novel Hardware Performance Counters and ML Magic Nick Kannan In recent years, exploits like speculative execution, Rowhammer, and Return Oriented Programming (ROP) were detected ...
Demigod: The Art of Emulating Kernel Rootkits Quynh Nguyen Anh , Quang Nguyen Hong , Tuan Do Minh Kernel rootkit is considered the most dangerous malware that may infect computers. Operating at ring ...
Hacking the Voter: Lessons from a Decade of Russian Military Operations Nate Beach-westmoreland Election security faces a persistent problem: defenders are often thinking tactically, while the most capable, ...
IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets Tohid Beyah Despite the many conveniences afforded by Internet of Things (IoT) devices, their rapid and global ...
Needing the DoH: The Ongoing Encryption and Centralization of DNS Eldridge Alexander Most connections on the Internet start with a DNS request. As the connections themselves increasingly ...
Office Drama on macOS Patrick Wardle In the world of Windows, macro-based Office attacks are well understood (and frankly are rather ...
Practical Defenses Against Adversarial Machine Learning Ariel Herbert-voss Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, ...
Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication Sourcell Xin Every Android phone loves Bluetooth, a short-range wireless communication technology. We can find a large ...
Superman Powered by Kryptonite: Turn the Adversarial Attack into Your Defense Weapon Tongbo Luo , Xinyu Xing , Kailiang Ying , Jimmy Su Artificial Intelligence (AI) is wielding a profound impact on global economic and social progress as ...
When TLS Hacks You Joshua Maddux Lots of people try to attack the security of TLS. But, what if we use ...
Locknote: Conclusions and Key Takeaways from Day 1 Chris Eng , Daniel Cuthbert , Natalie Silvanovich , Marina Krotofil At the end of day one of this year's virtual conference, join Black Hat Review ...
Keynote: Hacking Public Opinion Renee Diresta Online disinformation has reached fever pitch: grifters pushing fake cures for COVID-19, nation states spinning ...
Breaking VSM by Attacking SecureKernel Saar King Virtualization based security technologies (VBS) continue to increase the world's dependency on the security of ...
Escaping Virtualized Containers Yuval Avrahami Containers offer speed, performance, and portability, but do they actually contain? While they try their ...
EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks Ben Vishnepolsky The concept of physical layer conditions in which a packet is re-evaluated in transit leading ...
Fooling Windows through Superfetch Mathilde David Have you ever tried to hide your traces after doing some obscure stuff on a ...
How I Created My Clone Using AI - Next-Gen Social Engineering Tamaghna Basu This talk is inspired by an episode of Black Mirror. I will be demonstrating a ...
Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from Lamps Ben Nassi Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects ...
Making an Impact from India to the Rest of the World by Building and Nurturing Women Infosec Community Vandana Verma Sehgal India is one of the most diverse and fastest growing countries in the world and ...
Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets Omer Aumasson Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts ...
Security Research on Mercedes-Benz: From Hardware to Car Control Minrui Yan , Jiahao Li , Guy Harpak Nowadays, more and more intelligent functionalities have been introduced to modern cars, which also brings ...
A Decade After Stuxnet's Printer Vulnerability: Printing is Still the Stairway to Heaven Peleg Hadar , Tomer Bar In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage ...
A Framework for Evaluating and Patching the Human Factor in Cybersecurity Ron Bitton Social engineering (SE) attacks have dramatically changed in recent years: They are no longer limited ...
Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa Laura Kilel The increase in cyber attacks in sub-Saharan Africa has become an issue of major concern ...
Detecting Access Token Manipulation William Burgess Windows access token manipulation attacks are well known and abused from an offensive perspective, but ...
I calc'd Calc - Exploiting Excel Online Nicolas Joly The Microsoft Security Response Center has a unique position in monitoring exploits in the wild. ...
IMP4GT: IMPersonation Attacks in 4G NeTworks David Rupprecht Long Term Evolution (LTE/4G) establishes mutual authentication with a provably secure AKA protocol on protocol ...
Plundervolt: Flipping Bits from Software without Rowhammer Frank Piessens , Flavio D. Garcia , David Oswald , Daniel Gruss , Jo Van Bulck , Kit Murdock Fault attacks pose a substantial threat to the security of our modern systems, allowing to ...
Portable Document Flaws 101 Jens Müller PDF is a document format on steroids. In this talk, we will dive deep into ...
Spectra: Breaking Separation Between Wireless Chips Jiska Gringoli Nowadays wireless technologies are increasingly sharing spectrum. This is the case for Wi-Fi and Bluetooth, ...
About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs? Sébastien Nguyen Fuzzing is a popular and effective automated approach to vulnerability detection. Directed fuzzing focuses on ...
A Little Less Speculation, a Little More Action: A Deep Dive into Fuchsia's Mitigations for Specific CPU Side-Channel Attacks Matthew Riley We know the story by now: researchers find a new side-channel attack and disclose it ...
Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for InfoSec Professionals Matt Wixey Many of us got into security because we like solving hard problems, and problem-solving is ...
Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities Taesoo Kim , Insu Yun , Yonghwi Jin , Jungwon Lim Compromising a kernel through a browser is the ultimate goal for offensive security researchers. Because ...
EdTech- The Ultimate APT Michelle Wolfe This talk will show the audience that edtech is being implemented in schools without due ...
Heroku Abuse Operations: Hunting Wolves in Sheep's Clothing Spencer Stojanovic Black Hat attendees 'get' security - but strategically speaking, where does abuse management fit?Abuse Operations ...
Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys Paul Grubbs Deploying new cryptography often means using existing building blocks in new ways. A prime example ...
Kr00k: Serious Vulnerability Affected Encryption of Billion+ Wi-Fi Devices Robert Svorencik We identified Kr00k (CVE-2019-15126) – a previously unknown vulnerability in chips used by a significant ...
When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security Björn Ruytenberg Thunderbolt is a high-bandwidth interconnect promoted by Intel and included in laptops, desktops, and other ...
Black-Box Laser Fault Injection on a Secure Memory Olivier Heriveaux With the constant development of electronic devices, their increasing complexity and need for security, cryptography ...
Dive into Apple IO80211FamilyV2 Yu Wang Starting from macOS Catalina Beta, Apple refactored the architecture of the 80211 Wi-Fi client drivers ...
Experimenting with Real-Time Event Feeds Jose Morris Today, defenders in a typical security operation center rely on their SIEM to do forensics ...
Exploiting Kernel Races through Taming Thread Interleaving Byoungyoung Lee , Changwoo Min , Yoochan Lee A kernel race condition vulnerability is difficult to exploit, because thread interleaving is non-deterministic and ...
Improving Mental Models of End-to-End Encrypted Communication Wei Bai , Omer Akgul Research has repeatedly established that although many messaging apps (WhatsApp, iMessage, Signal etc.) have incorporated ...
My Cloud is APT's Cloud: Investigating and Defending Office 365 Doug Madeley As organizations increase their adoption of cloud services, we see attackers following them to the ...
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys ...
Routopsy: Modern Routing Protocol Vulnerability Analysis and Exploitation Szymon Kemp An often-overlooked area of network security are the routing and redundancy protocols used between routing ...
The Dark Side of the Cloud - How a Lack of EMR Security Controls Helped Amplify the Opioid Crisis Mitchell Brett Parker The Opioid crisis has caused mass addiction of prescription painkillers. Tens of thousands have died ...
A Hacker's Guide to Reducing Side-Channel Attack Surfaces Using Deep-Learning Elie Bursztein In recent years, deep-learning based side-channel attacks have been proven to be very effective and ...
Beyond Root: Custom Firmware for Embedded Mobile Chipsets Christopher Wade Rooting a smartphone is often considered the ultimate method to allow a user to take ...
Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant Dylan Donovan Google Cloud's security model in many ways is quite different from AWS. Spark jobs, Cloud ...
Mind Games: Using Data to Solve for the Human Element Masha Sedova The security industry's traditional approach to mitigating human risk is predicated on the assumption that ...
Operation Chimera - APT Operation Targets Semiconductor Vendors Chung-kuan Chen , Inndy Lin , Shang-de Jiang This presentation provides an analysis of the advanced persistent threat (APT) attacks that have occurred ...
The Paramedic's Guide to Surviving Cybersecurity Rich Mogull The security world is fraught with cases of mental health issues, burnout, substance abuse, and ...
TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices - Pwn Android Phones from 2015 to 2020 Guang Gong As more and more mitigations have been introduced into Android, modern Android devices become much ...
Virtually Private Networks Charl Ross Is Secure Remote Access like the emperor’s new clothes?Enterprise businesses equip staff with mobile devices ...
You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication Jianjun Chen , Vern Jiang Our study demonstrates an unfortunate fact that even a conscientious security professional using a state-of-the-art ...
Locknote: Conclusions and Key Takeaways from Day 2 Stefano Zanero , Rodrigo Rubira Branco , Kymberlee Price , Aanchal Gupta At the end of day two of this year's virtual conference, join Black Hat Review ...