BlackHatAsia 2020 Sept. 29, 2020 to Oct. 2, 2020, Virtual, Virtual

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Engineering Cybersecurity for a Nation: What Singapore is Learning from Cars and Sanitation Gaurav Keerthi Defending a country is different from a corporate network. Singapore wants to be a Smart ...
BitLeaker: Subverting BitLocker with One Vulnerability Seunghun Han Trusted Platform Module (TPM) is a tamper-resistant security module. It has been widely deployed in ...
Demystify Today's Binary Disassembling and How Modern ABI Makes it Easier Jun (Jim) Xu , Chengbin Pang , Eric Koskinen Disassembling is the process of restoring instructions and structure information from binary code, forming the ...
The Evil Alt-Ego: (ab)using HTTP Alternative Services Ari Trachtenberg , David Starobinski , Trishita Tiwari The HTTP Alternative Services header (Alt-Svc, RFC 7838) was introduced in 2013 by seasoned developers ...
The Evil of Spy Camera Shupeng Gao , Ye Zhang As you see, spy-cams have increased. In China, there has been a lot of news ...
3d Red Pill: A Guest-to-Host Escape on QEMU/KVM Virtio Device Jian Weng , Yue Zhang , Zhijian Shao As a critical para-virtualized driver platform for the hypervisor, virtio has been widely adopted in ...
Faking a Factory: Creating and Operating a Realistic Honeypot Charles Perine Designing realistic ICS honeypot requires substantial time and resource investment, as well as in-depth knowledge ...
Securing the Next Version of HTTP: How QUIC and HTTP/3 Compare to HTTP/2 Nick Harper QUIC is a new always-encrypted general-purpose transport protocol being standardized at the IETF designed for ...
CDPwn: Taking Over Millions of Enterprise-Things with Layer 2 Zero-Days Ben Hadad The attack surface exposed by proprietary layer 2 protocols is rarely explored by the research ...
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation Romain Thomas Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can ...
Making an Impact from India to the Rest of the World by Building and Nurturing Women Infosec Community Vandana Verma Sehgal India is one of the most diverse and fastest growing countries in the world and ...
The Inside Story: There are Apps in Apps and Here is How to Break Them Hao Xing With the rapid development of mobile internet, apps have become more and more complex. However, ...
Tracking the Criminal of Fake News Based on a Unified Embedding Lv Zhonghou , Wang Wenhua , Dou Goodman In recent years, public opinion attack has become more and more common. Attackers purposefully fabricate ...
What the Log?! So Many Events, so Little Time... Miriam Wiesner Detecting adversaries in your environment is a challenging task: Most organizations need at least several ...
WIFI-Important Remote Attack Surface: Threat is Expanding Ying Zhang , Haikuo Xie Wi-Fi technology is one of the most important infrastructures of today. A large amount of ...
First Contact - Vulnerabilities in Contactless Payments Leigh-anne Yunusov Introduced in 2007, contactless (NFC) payments have been used widely for a decade. Accounting for ...
Page Cache Attacks: Microarchitectural Attacks on Flawless Hardware Daniel Gruss , Trishita Tiwari , Michael Kraft In recent years, we have seen that optimizations in processors often enable new microarchitectural side ...
Walking Your Dog in Multiple Forests - Breaking AD Trust Boundaries through Kerberos Vulnerabilities Dirk-jan Mollema In larger enterprise environments multiple Active Directory forests are often in use to separate different ...
Wi-Fi Brokering Michael Kruger The common perception of 802.1X WiFi networks using tunneled authentication methods such as PEAP, are ...
Locknote: Conclusions and Key Takeaways from Day 1 Ryan Flores , Lidia Giuliano , Ty Shen At the end of day one of this year's virtual conference, join Black Hat Review ...
Complexity Killed Security Daniel Gruss In the past decade, we have seen an increasing number of software-based attacks on increasingly ...
Adversary Detection Pipelines: Finally Making Your Threat Intel Useful Xena Olsen Security teams often feel like they're in a losing battle with threat intel. They don't ...
The Black Hat NOC: Greatest Hits and Holy...Cows Bart Wyler This session will be a look into the most interesting things seen and learned within ...
Win the 0-Day Racing Game Against Botnet in Public Cloud Yue Huang Botnet appears to be one of the significant threats to public cloud. They exploit new ...
Biometrics & Privacy: Time to Faceoff or is that FaceApp? Melissa Wingard FaceApp sparked outrage recently when it was thought that the app was taking photos from ...
Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale University of California , Christopher Kruegel , Giovanni Vigna , Santa Barbara , Ruoyu Wang , Yan Shoshitaishvili , Andrea Continella , Aravind Machiry , Nilo Redini , Chad Student Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate ...
Patching Loopholes: Finding Backdoors in Applications Hui Chee In this digital age, we live in a world of applications that enable us to ...
Escaping Virtualized Containers Yuval Avrahami Containers offer speed, performance, and portability, but do they actually contain? While they try their ...
From an URGENT/11 Vulnerability to a Full Take-Down of a Factory, Using a Single Packet Barak Zusman Industrial Controllers are the basic building blocks for any automated factory. Our talk will demonstrate ...
Raiden Glitching Framework Grzegorz Laurie Voltage glitching is a developing technique in hardware hacking that has shown much promise, allowing ...
Store-to-Leak Forwarding: There and Back Again Claudio Canella , Lukas Schwarz In the past couple of years, we have seen many different attacks that allowed an ...
Attacking and Defending Machine Learning Applications of Public Cloud Hao Xin , Dou Wang In recent years, Machine Learning (ML) techniques have been extensively deployed for computer vision tasks, ...
Hey Google, Activate Spyware! – When Google Assistant Uses a Vulnerability as a Feature Erez Yalon This talk is based on research that was recently conducted and resulted in serious security ...
Misuse of DNS, the Second Most Used Protocol Emilio Couto Our precious Internet traffic relies significantly on DNS to work, now that IPv6 traffic starts ...
Redback: Advanced Static Binary Injection Anh Do Static binary injection is a technique to permanently insert external code to an executable file, ...
Back to the Future. Cross-Protocol Attacks in the Era of 5G Sergey Puzankov The state of mobile technologies can be baffling. We are already seeing deployment of 5G ...
Kr00k: How KRACKing Amazon Echo Exposed a Billion+ Vulnerable Wi-Fi Devices Robert Svorencik We have identified serious security weaknesses in chipsets used by a significant number of Wi-Fi ...
May the Trust be with You: Empowering TrustZone-M with Multiple Trusted Environments Sandro Oliveira Over the last decade, Arm TrustZone has been pivotal for securing hundreds of millions of ...
ZombieLoad: Leaking Data on Intel CPUs Michael Lipp The publication of Meltdown in January 2018 was the first instance of a hardware vulnerability ...
Locknote: Conclusions and Key Takeaways from Day 2 Seungjoo Kim , Neil Wyler , Asuka Nakajima , Mika Devonshire At the end of day two of this year's virtual conference, join Black Hat Review ...
Active Directory Security – You Aren’t Doing Enough to Protect AD Kenneth Kwan It’s 2020, why are you not paying attention to the threat and offensive campaign targeting ...
Data Driven Detection: Enabling Security Analysts to Build Customized Threat Detection Svetla Yankova This video features a demo of Chronicle Detect, a new threat detection solution built on ...
Defense Against the Dark Arts: Dissecting Sandbox Evasion Techniques Ben Abbott When traditional security products fail in preventing malware from infiltrating an organization, a malware sandbox ...
Demo: New-School Security Awareness Training and Simulated Phishing in Action Greg Kras Your email filters have an average 7-10% failure rate; you need a strong human firewall ...
Discover BloxOne™ Threat Defense with Infoblox Kevin Zettel BloxOne™ Threat Defense is Infoblox’s hybrid cybersecurity solution that uses DNS as the first line ...
Enriching Risk Assessment through Vulnerability Prioritization Christopher Strand Threat Intelligence is normally used to enrich the process of threat assessment, providing proof on ...
How Containers Change How You Need to Think About Application Security Tim Mackey Microservice architectures and cloud native solutions are cornerstones of the modern agile applications high-performing DevOps ...
Perimeter and Beyond…A Pervasive Versus Perimeter Based Approach to Email Security Edwin Moreno Attackers continue to find new ways to exploit organizations. By design, traditional secure email gateway ...
SASE: The New Frontier for Cybersecurity Tim Davis Legacy network architectures can’t secure the remote workforce or the omnipresent cloud. With the adoption ...
The Rise of Digital Empathy Ann Johnson When billions of people formed the largest remote workforce in history, overnight, the cybersecurity industry ...
Understanding and Combating Credential Stuffing Attacks Jamie Hughes Credential stuffing attacks are common threats that can lead to fraud, loss of reputation, and ...
A New Era of Remote Working During a Global Pandemic Abbas Kudrati The pandemic has changed the way we work, and how organizations interact internally and externally ...
Using Lookalike Domain Detection to Identify Attacks Before They Launch Druce Macfarlane Lookalike Domains are used as a tool to launch Phishing and Watering Hole Attacks. Automating ...
Incredible Ways You Can be Hacked Using Email & How to Stop the Bad Guys Roger A. Grimes Email is a top attack vector the bad guys use. A whopping 91% of cyberattacks ...
Modern Threat Detection in a Petabyte Security World Sandeep Patil Watch this session to learn about the release of Chronicle Detect, a threat detection solution ...
Finding Four Microsoft Office Vulnerabilities Meni Derey Over the past 12 months, the Mimecast Research Labs has discovered four Microsoft Office vulnerabilities, ...
5 Areas in Application Security that Organizations Handle Poorly and How to Avoid Them Ian Hall Everyone knows that there’s probably more that can be done to protect your organization from ...
Trends in Online Attacks Sherif D'sa Cyber attackers are becoming increasingly sophisticated in their exploits. From new forms of ransomware to ...
Organizational Approaches to Cybersecurity Complexity Maxine Holt In decades gone by, information security was the responsibility of an IT person within the ...
The Mind’s Lie: How Our Thoughts and Actions Can Be Hacked and Hijacked Perry Carpenter Discover the art and science behind deception… and why you may still fall for dirty ...
The Future of IT is SASE Jonathan Andresen Secure Access Service Edge (SASE) has become one of the hottest topics in the IT ...
The Future of Cyber Security, and What You Need to Think About Now. Max Douglas What are the security implications of moving to a cloud-first IT strategy? Does it mean ...
Automated DDoS Mitigations and Other Cybersecurity Innovations Vivek Morley Learn just-released innovations in securing against DDoS attacks, including the latest DDoS trends based on ...
Threat Landscape: OSINT and New Underground Offerings Etay Maor In this short session we will cover some of the way threat actors use OSINT ...
Beyond Bloodhound: Who Let the Dogs Out? Kenneth Kwan The year is 2014, the place in France. Researchers from ANSII (National Agency for the ...
Managing Data Breaches and Incident Response Tim Wilson , Mark Shpantzer You’ve just discovered a data compromise in your organization. What do you do now? In ...
Everything About Encrypted Network Traffic is About to Change Eric Parizo Network traffic encryption significantly inhibits the visibility organizations need to identify threats hiding in network ...