BlackHatAsia 2020 Sept. 29, 2020 to Oct. 2, 2020, Virtual, Virtual
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Engineering Cybersecurity for a Nation: What Singapore is Learning from Cars and Sanitation | Gaurav Keerthi | Defending a country is different from a corporate network. Singapore wants to be a Smart ... | |
BitLeaker: Subverting BitLocker with One Vulnerability | Seunghun Han | Trusted Platform Module (TPM) is a tamper-resistant security module. It has been widely deployed in ... | |
Demystify Today's Binary Disassembling and How Modern ABI Makes it Easier | Jun (Jim) Xu , Chengbin Pang , Eric Koskinen | Disassembling is the process of restoring instructions and structure information from binary code, forming the ... | |
The Evil Alt-Ego: (ab)using HTTP Alternative Services | Ari Trachtenberg , David Starobinski , Trishita Tiwari | The HTTP Alternative Services header (Alt-Svc, RFC 7838) was introduced in 2013 by seasoned developers ... | |
The Evil of Spy Camera | Shupeng Gao , Ye Zhang | As you see, spy-cams have increased. In China, there has been a lot of news ... | |
3d Red Pill: A Guest-to-Host Escape on QEMU/KVM Virtio Device | Jian Weng , Yue Zhang , Zhijian Shao | As a critical para-virtualized driver platform for the hypervisor, virtio has been widely adopted in ... | |
Faking a Factory: Creating and Operating a Realistic Honeypot | Charles Perine | Designing realistic ICS honeypot requires substantial time and resource investment, as well as in-depth knowledge ... | |
Securing the Next Version of HTTP: How QUIC and HTTP/3 Compare to HTTP/2 | Nick Harper | QUIC is a new always-encrypted general-purpose transport protocol being standardized at the IETF designed for ... | |
CDPwn: Taking Over Millions of Enterprise-Things with Layer 2 Zero-Days | Ben Hadad | The attack surface exposed by proprietary layer 2 protocols is rarely explored by the research ... | |
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation | Romain Thomas | Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can ... | |
Making an Impact from India to the Rest of the World by Building and Nurturing Women Infosec Community | Vandana Verma Sehgal | India is one of the most diverse and fastest growing countries in the world and ... | |
The Inside Story: There are Apps in Apps and Here is How to Break Them | Hao Xing | With the rapid development of mobile internet, apps have become more and more complex. However, ... | |
Tracking the Criminal of Fake News Based on a Unified Embedding | Lv Zhonghou , Wang Wenhua , Dou Goodman | In recent years, public opinion attack has become more and more common. Attackers purposefully fabricate ... | |
What the Log?! So Many Events, so Little Time... | Miriam Wiesner | Detecting adversaries in your environment is a challenging task: Most organizations need at least several ... | |
WIFI-Important Remote Attack Surface: Threat is Expanding | Ying Zhang , Haikuo Xie | Wi-Fi technology is one of the most important infrastructures of today. A large amount of ... | |
First Contact - Vulnerabilities in Contactless Payments | Leigh-anne Yunusov | Introduced in 2007, contactless (NFC) payments have been used widely for a decade. Accounting for ... | |
Page Cache Attacks: Microarchitectural Attacks on Flawless Hardware | Daniel Gruss , Trishita Tiwari , Michael Kraft | In recent years, we have seen that optimizations in processors often enable new microarchitectural side ... | |
Walking Your Dog in Multiple Forests - Breaking AD Trust Boundaries through Kerberos Vulnerabilities | Dirk-jan Mollema | In larger enterprise environments multiple Active Directory forests are often in use to separate different ... | |
Wi-Fi Brokering | Michael Kruger | The common perception of 802.1X WiFi networks using tunneled authentication methods such as PEAP, are ... | |
Locknote: Conclusions and Key Takeaways from Day 1 | Ryan Flores , Lidia Giuliano , Ty Shen | At the end of day one of this year's virtual conference, join Black Hat Review ... | |
Complexity Killed Security | Daniel Gruss | In the past decade, we have seen an increasing number of software-based attacks on increasingly ... | |
Adversary Detection Pipelines: Finally Making Your Threat Intel Useful | Xena Olsen | Security teams often feel like they're in a losing battle with threat intel. They don't ... | |
The Black Hat NOC: Greatest Hits and Holy...Cows | Bart Wyler | This session will be a look into the most interesting things seen and learned within ... | |
Win the 0-Day Racing Game Against Botnet in Public Cloud | Yue Huang | Botnet appears to be one of the significant threats to public cloud. They exploit new ... | |
Biometrics & Privacy: Time to Faceoff or is that FaceApp? | Melissa Wingard | FaceApp sparked outrage recently when it was thought that the app was taking photos from ... | |
Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale | University of California , Christopher Kruegel , Giovanni Vigna , Santa Barbara , Ruoyu Wang , Yan Shoshitaishvili , Andrea Continella , Aravind Machiry , Nilo Redini , Chad Student | Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate ... | |
Patching Loopholes: Finding Backdoors in Applications | Hui Chee | In this digital age, we live in a world of applications that enable us to ... | |
Escaping Virtualized Containers | Yuval Avrahami | Containers offer speed, performance, and portability, but do they actually contain? While they try their ... | |
From an URGENT/11 Vulnerability to a Full Take-Down of a Factory, Using a Single Packet | Barak Zusman | Industrial Controllers are the basic building blocks for any automated factory. Our talk will demonstrate ... | |
Raiden Glitching Framework | Grzegorz Laurie | Voltage glitching is a developing technique in hardware hacking that has shown much promise, allowing ... | |
Store-to-Leak Forwarding: There and Back Again | Claudio Canella , Lukas Schwarz | In the past couple of years, we have seen many different attacks that allowed an ... | |
Attacking and Defending Machine Learning Applications of Public Cloud | Hao Xin , Dou Wang | In recent years, Machine Learning (ML) techniques have been extensively deployed for computer vision tasks, ... | |
Hey Google, Activate Spyware! – When Google Assistant Uses a Vulnerability as a Feature | Erez Yalon | This talk is based on research that was recently conducted and resulted in serious security ... | |
Misuse of DNS, the Second Most Used Protocol | Emilio Couto | Our precious Internet traffic relies significantly on DNS to work, now that IPv6 traffic starts ... | |
Redback: Advanced Static Binary Injection | Anh Do | Static binary injection is a technique to permanently insert external code to an executable file, ... | |
Back to the Future. Cross-Protocol Attacks in the Era of 5G | Sergey Puzankov | The state of mobile technologies can be baffling. We are already seeing deployment of 5G ... | |
Kr00k: How KRACKing Amazon Echo Exposed a Billion+ Vulnerable Wi-Fi Devices | Robert Svorencik | We have identified serious security weaknesses in chipsets used by a significant number of Wi-Fi ... | |
May the Trust be with You: Empowering TrustZone-M with Multiple Trusted Environments | Sandro Oliveira | Over the last decade, Arm TrustZone has been pivotal for securing hundreds of millions of ... | |
ZombieLoad: Leaking Data on Intel CPUs | Michael Lipp | The publication of Meltdown in January 2018 was the first instance of a hardware vulnerability ... | |
Locknote: Conclusions and Key Takeaways from Day 2 | Seungjoo Kim , Neil Wyler , Asuka Nakajima , Mika Devonshire | At the end of day two of this year's virtual conference, join Black Hat Review ... | |
Active Directory Security – You Aren’t Doing Enough to Protect AD | Kenneth Kwan | It’s 2020, why are you not paying attention to the threat and offensive campaign targeting ... | |
Data Driven Detection: Enabling Security Analysts to Build Customized Threat Detection | Svetla Yankova | This video features a demo of Chronicle Detect, a new threat detection solution built on ... | |
Defense Against the Dark Arts: Dissecting Sandbox Evasion Techniques | Ben Abbott | When traditional security products fail in preventing malware from infiltrating an organization, a malware sandbox ... | |
Demo: New-School Security Awareness Training and Simulated Phishing in Action | Greg Kras | Your email filters have an average 7-10% failure rate; you need a strong human firewall ... | |
Discover BloxOne™ Threat Defense with Infoblox | Kevin Zettel | BloxOne™ Threat Defense is Infoblox’s hybrid cybersecurity solution that uses DNS as the first line ... | |
Enriching Risk Assessment through Vulnerability Prioritization | Christopher Strand | Threat Intelligence is normally used to enrich the process of threat assessment, providing proof on ... | |
How Containers Change How You Need to Think About Application Security | Tim Mackey | Microservice architectures and cloud native solutions are cornerstones of the modern agile applications high-performing DevOps ... | |
Perimeter and Beyond…A Pervasive Versus Perimeter Based Approach to Email Security | Edwin Moreno | Attackers continue to find new ways to exploit organizations. By design, traditional secure email gateway ... | |
SASE: The New Frontier for Cybersecurity | Tim Davis | Legacy network architectures can’t secure the remote workforce or the omnipresent cloud. With the adoption ... | |
The Rise of Digital Empathy | Ann Johnson | When billions of people formed the largest remote workforce in history, overnight, the cybersecurity industry ... | |
Understanding and Combating Credential Stuffing Attacks | Jamie Hughes | Credential stuffing attacks are common threats that can lead to fraud, loss of reputation, and ... | |
A New Era of Remote Working During a Global Pandemic | Abbas Kudrati | The pandemic has changed the way we work, and how organizations interact internally and externally ... | |
Using Lookalike Domain Detection to Identify Attacks Before They Launch | Druce Macfarlane | Lookalike Domains are used as a tool to launch Phishing and Watering Hole Attacks. Automating ... | |
Incredible Ways You Can be Hacked Using Email & How to Stop the Bad Guys | Roger A. Grimes | Email is a top attack vector the bad guys use. A whopping 91% of cyberattacks ... | |
Modern Threat Detection in a Petabyte Security World | Sandeep Patil | Watch this session to learn about the release of Chronicle Detect, a threat detection solution ... | |
Finding Four Microsoft Office Vulnerabilities | Meni Derey | Over the past 12 months, the Mimecast Research Labs has discovered four Microsoft Office vulnerabilities, ... | |
5 Areas in Application Security that Organizations Handle Poorly and How to Avoid Them | Ian Hall | Everyone knows that there’s probably more that can be done to protect your organization from ... | |
Trends in Online Attacks | Sherif D'sa | Cyber attackers are becoming increasingly sophisticated in their exploits. From new forms of ransomware to ... | |
Organizational Approaches to Cybersecurity Complexity | Maxine Holt | In decades gone by, information security was the responsibility of an IT person within the ... | |
The Mind’s Lie: How Our Thoughts and Actions Can Be Hacked and Hijacked | Perry Carpenter | Discover the art and science behind deception… and why you may still fall for dirty ... | |
The Future of IT is SASE | Jonathan Andresen | Secure Access Service Edge (SASE) has become one of the hottest topics in the IT ... | |
The Future of Cyber Security, and What You Need to Think About Now. | Max Douglas | What are the security implications of moving to a cloud-first IT strategy? Does it mean ... | |
Automated DDoS Mitigations and Other Cybersecurity Innovations | Vivek Morley | Learn just-released innovations in securing against DDoS attacks, including the latest DDoS trends based on ... | |
Threat Landscape: OSINT and New Underground Offerings | Etay Maor | In this short session we will cover some of the way threat actors use OSINT ... | |
Beyond Bloodhound: Who Let the Dogs Out? | Kenneth Kwan | The year is 2014, the place in France. Researchers from ANSII (National Agency for the ... | |
Managing Data Breaches and Incident Response | Tim Wilson , Mark Shpantzer | You’ve just discovered a data compromise in your organization. What do you do now? In ... | |
Everything About Encrypted Network Traffic is About to Change | Eric Parizo | Network traffic encryption significantly inhibits the visibility organizations need to identify threats hiding in network ... |