Use-After-Use-After-Free: Exploit UAF by Generating Your Own
This talk will introduce Use-After-Use-After-Free (UAUAF), a novel and relatively universal exploitation technique for UAF vulnerabilities in Adobe Flash. By…Подробнее
BlackHat
Stumping the Mobile Chipset
Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape.…Подробнее
Code Deobfuscation: Intertwining Dynamic, Static and Symbolic Approaches
Over the years, obfuscation has taken a significant place in the software protection field. The term generally embraces any mean…Подробнее
Attacking Windows by Windows
Since win8, Microsoft introduced a variety of exploit mitigations into Windows kernel, such as Kernel DEP,KASLR,SMEP; this made the exploit…Подробнее
Open Sesame: Picking Locks with Cortana
In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers…Подробнее
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
I will discuss each of the techniques the malware author used in order to prevent reverse engineering of their Android…Подробнее
Practical Web Cache Poisoning: Redefining ‘Unexploitable’
Modern web applications are composed from a crude patchwork of caches and content delivery networks. In this session I’ll show…Подробнее
An Attacker Looks at Docker: Approaching Multi-Container Applications
The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems…Подробнее
SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ATI Systems. It allows a…Подробнее
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
In this talk, vulnerabilities that affect millions of traders will be shown in detail. Among them are unencrypted authentication, communications,…Подробнее
GOD MODE UNLOCKED — Hardware Backdoors in x86 CPUs
This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors,…Подробнее
Fire & Ice: Making and Breaking macOS Firewalls
In this talk, we’ll first dive into what it takes to create an effective firewall for macOS. Yes we’ll discuss…Подробнее
Best Practices On How Cybersecurity Leaders Avoid Data Breaches
Sean Convery, VP and GM Security and Risk Business Unit at ServiceNow discusses best practices on how cybersecurity leaders avoid…Подробнее
The Epocholypse 2038: What’s in Store for the Next 20 Years
It’s the 20th Black Hat, and it’s been a wild ride from 1997 to 2017. So, what will happen over…Подробнее
Insights From The Frontlines: Battling Global Cyber Threats with Christopher Glyer, FireEye
Cyber threats are intensifying dramatically, with growing global concerns about attacks on critical infrastructure, as well as political parties and…Подробнее
3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
In this work, we demonstrate the feasibility of the large-scale scanning over the 3G/4G intranet. First, we adapt the Nmap…Подробнее
The Irrelevance of K-Bytes Detection — Building a Robust Pipeline for Malicious Documents
Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files and legacy textual formats. This…Подробнее
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders…Подробнее
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets
Meet Broadpwn, a vulnerability in Broadcom’s Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered…Подробнее
Ichthyology: Phishing as a Science
In this talk we’ll cover the psychology of phishing, then walk through a series of real-world attacks conducted against a…Подробнее
Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks),…Подробнее
Breaking the x86 Instruction Set
A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full…Подробнее
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, being a Windows-signed binary native on…Подробнее
Ochko123 — How the Feds Caught Russian Mega-Carder Roman Seleznev
Best of Black Hat USA 2017 Briefings Winner How did the Feds catch the notorious Russian computer hacker Roman Seleznev…Подробнее