Tag: Black Hat Briefings 2018
Practical Web Cache Poisoning: Redefining ‘Unexploitable’
Modern web applications are composed from a crude patchwork of caches and content delivery networks. In this session I’ll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone...
Understanding and Exploiting Implanted Medical Devices
This presentation is the culmination of an 18-month independent case study in implanted medical devices. The presenters will provide detailed technical findings on remote exploitation of a pacemaker systems, pacemaker infrastructure, and a neurostimulator system. Exploitation of these vulnerabilities allow...
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
We’ll discuss several strategies to make machine learning models more tamper resilient. We’ll compare the difficulty of tampering with cloud-based models and client-based models. By Holly Stewart + Jugal Parikh + Randy Treit Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks-11669
TLBleed: When Protecting Your CPU Caches is Not Enough
We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. By Ben Gras Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting-your-cpu-caches-is-not-enough-10149
Exploitation of a Modern Smartphone Baseband
In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. By Marco...
Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
In this presentation, we’ll look at Defender’s emulator for analysis of potentially malicious Windows PE binaries on the endpoint. To the best of my knowledge, there has never been a conference talk or publication on reverse engineering the internals of...
Another Flip in the Row
The Rowhammer bug is an issue in most DRAM modules which allows software to cause bit flips in DRAM cells, consequently manipulating data. Although only considered a reliability issue by DRAM vendors, research has showed that a single bit flip...
An Attacker Looks at Docker: Approaching Multi-Container Applications
The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example...
Last Call for SATCOM Security
In 2014, we took to the stage and presented “A Wake-up Call for SATCOM Security,” during which we described several theoretical scenarios that could result from the disturbingly weak security posture of multiple SATCOM products. Four years later, we are...
Lowering the Bar: Deep Learning for Side Channel Analysis
Deep learning can help automate the signal analysis process in power side channel analysis. So far, power side channel analysis relies on the combination of cryptanalytic science, and the art of signal processing. By Jasper van Woudenberg Full abstract and...
A Deep Dive into macOS MDM (and How it can be Compromised)
Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a...
From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised. This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink...
