How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
This session outlines how someone with Autism Spectrum Disorder (ASD) offers a unique skillset that can be very helpful in…Подробнее
black hat
Outsmarting the Smart City
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology,…Подробнее
Automated Discovery of Deserialization Gadget Chains
Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be…Подробнее
SDL the Wont Break the Bank
This briefing will describe some resources that can help smaller organizations create an effective SDL program. It will also outline…Подробнее
DeepLocker — Concealing Targeted Attacks with AI Locksmithing
In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI).…Подробнее
Last Call for SATCOM Security
In 2014, we took to the stage and presented «A Wake-up Call for SATCOM Security,» during which we described several…Подробнее
Mainframe [z/OS] Reverse Engineering and Exploit Development
Speak with any Fortune 500 running mainframe and they’ll tell you two things: (1) without their mainframes they’d be out…Подробнее
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
In this presentation, we will explain the inner workings of this technology and showcase the new capability that was developed…Подробнее
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
Back with another year of soul crushing statistics, the Black Hat NOC team will be sharing all of the data…Подробнее
Catch me, Yes we can! — Pwning Social Engineers
Social engineering is a big problem but very little progress has been made in stopping it, aside from the detection…Подробнее
Lowering the Bar: Deep Learning for Side Channel Analysis
Deep learning can help automate the signal analysis process in power side channel analysis. So far, power side channel analysis…Подробнее
SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ATI Systems. It allows a…Подробнее
A Deep Dive into macOS MDM (and How it can be Compromised)
Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device,…Подробнее
The Science of Hiring and Retaining Female Cybersecurity Engineers
The wisdom on why it is difficult to recruit and retain women in the industry has changed over the past…Подробнее
From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised. This…Подробнее
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to users with the reported goal…Подробнее
Is the Mafia Taking Over Cybercrime?
This talk broadly addresses the range of connections between Mafias, organised crime, and cybercrime. But, it focuses this discussion on…Подробнее
Black Box is Dead. Long Live Black Box!
The number of logic attacks on ATMs continues to rise. Some of them involve a «black box,» a device that…Подробнее
WireGuard: Next Generation Secure Network Tunnel
The state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with…Подробнее
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
Healthcare infosec is in critical condition- too few bodies, underfunded to a fault, and limping along on legacy systems stuffed…Подробнее
Stop that Release, There’s a Vulnerability!
This presentation looks at the real world process of the BlackBerry Product Security team. In partnership with product owners, developers,…Подробнее
InfoSec Philosophies for the Corrupt Economy
This talk discusses the realities of corruption, with real-life anecdotes from interviews conducted with real criminals and victims. This talk…Подробнее
AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
This presentation demonstrates such limitations with examples showing how the blindspot limits AFL’s ability to find bugs, and how it…Подробнее
Back to the Future: A Radical Insecure Design of KVM on ARM
In ARM there are certain instructions that generates exception. Such instructions are typically executed to request a service from software…Подробнее
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today’s viewpoint this is surprising…Подробнее
Demystifying PTSD in the Cybersecurity Environment
In this talk, I will speak to my own story of PTSD – from military service in Afghanistan to a…Подробнее
How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
When incidents of sexual harassment or sexual assault occur within communities, as we’ve recently seen in InfoSec, how can a…Подробнее
Kernel Mode Threats and Practical Defenses
Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity…Подробнее
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
In this talk, I place ROSE within the context of other false personae activities – trolling, sockpuppetry, bots, catfishing, and…Подробнее
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
In this talk, we will analyze the «zero trust» approach in several threat scenarios to determine its true effectiveness. This…Подробнее