Material De Black Hat USA 2019 [Presentaciones, Papers Y Herramientas]
Black Hat USA es el evento de seguridad de la información más importante del mundo, proporcionando a los asistentes lo último en investigación, desarrollo y tendencias. Todos los años asistentes de todas partes y de cualquier rubro, viajan a la conferencia para aprender lo último en ciberseguridad y hacking.
Este es su año 22° y ya han liberado los vídeos de las presentaciones:
- Every Security Team is a Software Team Now
- Detecting Deep Fakes with Mice
- Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone
- A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
- ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended
- Legal GNSS Spoofing and its Effects on Autonomous Vehicles
- Biometric Authentication Under Threat: Liveness Detection Hacking
- Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
- SSO Wars: The Token Menace
- Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception
- Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine
- Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society
- Dragonblood: Attacking the Dragonfly Handshake of WPA3
- The Most Secure Browser? Pwning Chrome from 2016 to 2019
- Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
- PicoDMA: DMA Attacks at Your Fingertips
- APIC’s Adventures in Wonderland
- Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
- Attacking Electric Motors for Fun and Profit
- Sensor and Process Fingerprinting in Industrial Control Systems
- HTTP Desync Attacks: Smashing into the Cell Next Door
- Behind the Scenes of Intel Security and Manageability Engine
- All the 4G Modules Could be Hacked
- New Vulnerabilities in 5G Networks
- I’m Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy
- It’s Not What You Know, It’s What You Do: How Data Can Shape Security Engagement
- Cyber Insurance 101 for CISO’s
- The Path Less Traveled: Abusing Kubernetes Defaults
- Selling 0-Days to Governments and Offensive Security Companies
- Selling 0-Days to Governments and Offensive Security Companies
- Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
- Integration of Cyber Insurance Into A Risk Management Program
- Come Join the CAFSA - Continuous Automated Firmware Security Analysis
- Worm Charming: Harvesting Malware Lures for Fun and Profit
- MITRE ATT&CK: The Play at Home Edition
- Look, No Hands! – The Remote, Interaction-less Attack Surface of the iPhone
- Chip.Fail - Glitching the Silicon of the Connected World
- Lessons From Two Years of Crypto Audits
- Responding to a Cyber Attack with Missiles
- Finding a Needle in an Encrypted Haystack: Leveraging Cryptographic Abilities to Detect the Most Prevalent Attacks on Active Directory
- Controlled Chaos: The Inevitable Marriage of DevOps & Security
- Arm IDA and Cross Check: Reversing the Boeing 787's Core Network
- The Cyber Shell Game – War, Information Warfare, and the Darkening Web
- He Said, She Said – Poisoned RDP Offense and Defense
- How Do Cyber Insurers View The World?
- Internet-Scale Analysis of AWS Cognito Security
- Messaging Layer Security: Towards a New Era of Secure Group Messaging
- Hacking Your Non-Compete
- Hunting for Bugs, Catching Dragons
- Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
- Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing
- Transparency in the Software Supply Chain: Making SBOM a Reality
- Deconstructing the Phishing Campaigns that Target Gmail Users
- Cybersecurity Risk Assessment for Safety-Critical Systems
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- Defense Against Rapidly Morphing DDOS
- Reverse Engineering WhatsApp Encryption for Chat Manipulation and More
- Detecting Malicious Files with YARA Rules as They Traverse the Network
- MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection
- Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated
- On Trust: Stories from the Front Lines
- WebAuthn 101 - Demystifying WebAuthn
- Attack Surface as a Service
- Woke Hiring Won’t Save Us: An Actionable Approach to Diversity Hiring and Retention
- GDPArrrrr: Using Privacy Laws to Steal Identities
- The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring
- Testing Your Organization's Social Media Awareness
- Death to the IOC: What's Next in Threat Intelligence
- Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch
- Playing Offense and Defense with Deepfakes
- All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices
- The Enemy Within: Modern Supply Chain Attacks
- Information Security in the Public Interest
- Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
- Project Zero: Five Years of 'Make 0Day Hard'
- Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence
- 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
- Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
- Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan
- Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs
- Operational Templates for State-Level Attack and Collective Defense of Countries
- Process Injection Techniques - Gotta Catch Them All
- Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months
- DevSecOps : What, Why and How
- Breaking Encrypted Databases: Generic Attacks on Range Queries
- Finding Our Path: How We're Trying to Improve Active Directory Security
- API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web
- Exploiting Qualcomm WLAN and Modem Over The Air
- Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale
- Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term
- Ghidra - Journey from Classified NSA Tool to Open Source
- Firmware Cartography: Charting the Course for Modern Server Compromise
- 0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
- Infighting Among Russian Security Services in the Cyber Sphere
- Behind the scenes of iOS and Mac Security
- Zombie Ant Farming: Practical Tips for Playing Hide and Seek with Linux EDRs
- Predictive Vulnerability Scoring System
- Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime
- Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers
- Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
- Preventing Authentication Bypass: A Tale of Two Researchers
- Automation Techniques in C++ Reverse Engineering
- Inside the Apple T2
- Making Big Things Better the Dead Cow Way
- Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
- Fantastic Red-Team Attacks and How to Find Them
- The Discovery of a Government Malware and an Unexpected Spy Scandal
- Attacking iPhone XS Max
- Securing Apps in the Open-By-Default Cloud
- Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers
- HostSplit: Exploitable Antipatterns in Unicode Normalization
- Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project
- Everybody be Cool, This is a Robbery!
- A Compendium of Container Escapes
- The Future of ATO
- Exploring the New World : Remote Exploitation of SQLite and Curl
- How to Detect that Your Domains are Being Abused for Phishing by Using DNS
- Debug for Bug: Crack and Hack Apple Core by Itself - Fun and Profit to Debug and Fuzz Apple Kernel by lldb Script
- Shifting Knowledge Left: Keeping up with Modern Application Security
- Paging All Windows Geeks – Finding Evil in Windows 10 Compressed Memory
- Breaking Samsung’s ARM TrustZone
- Command Injection in F5 iRules
- Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites
- Lessons and Lulz: The 5th Annual Black Hat USA NOC Report
Fuente: https://www.cyberhades.com
Via: feedproxy.google.com
Material De Black Hat USA 2019 [Presentaciones, Papers Y Herramientas]
Reviewed by Anónimo
on
18:50
Rating: