Tag: Black Hat Briefings
Hardening Hyper-V through Offensive Security Research
Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft’s virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000 public bug bounty...
Applied Self-Driving Car Security
In this talk, two researchers who have headed self-driving car security teams for multiple companies will discuss how self driving cars work, how they might be attacked, and how they can ultimately be secured. By Charlie Miller & Chris Valasek...
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
Live video streaming services are getting more and more popular in China. In order to ensure their own interests, various service providers have added visible watermarks, which have become increasingly fierce and vicious. Users (originators and viewers) are fed up...
Legal Liability for IOT Cybersecurity Vulnerabilities
There has been much discussion of “software liability,” and whether new laws are needed to encourage or require safer software. My presentation will discuss how — regardless of whether new laws are passed — a tidal wave of litigation over...
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
This talk will give you the tools to expose what Android malware authors are trying to hide. By Maddie Stone Full Abstract & Presentation Materials: https://www.blackhat.com/us-18/briefings/schedule/index.html#unpacking-the-packed-unpacker-reverse-engineering-an-android-anti-analysis-native-library-10795
Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address this issue, automated exploit generation techniques can be adopted. By Jimmy Su + Wei Wu + Xinyu Xing Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#from-thousands-of-hours-to-a-couple-of-minutes-automating-exploit-generation-for-arbitrary-types-of-kernel-vulnerabilities-10389
Return of Bleichenbacher’s Oracle Threat (ROBOT)
We’ll show how we found one of the oldest TLS vulnerabilities in products of 10 different vendors and how we practically exploited it on famous sites. We’ll also discuss how the countermeasures introduced back in TLS 1.0 and expanded over...
Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
In this presentation, we’ll look at Defender’s emulator for analysis of potentially malicious Windows PE binaries on the endpoint. To the best of my knowledge, there has never been a conference talk or publication on reverse engineering the internals of...
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
To test the viability of our framework, we fuzzed over one hundred packages from the Arch Linux package repository with essentially zero effort. After only a few days, we already found 11 crashes, six of which were exploitable. By Bhargava...
Another Flip in the Row
The Rowhammer bug is an issue in most DRAM modules which allows software to cause bit flips in DRAM cells, consequently manipulating data. Although only considered a reliability issue by DRAM vendors, research has showed that a single bit flip...
The Finest Penetration Testing Framework for Software-Defined Networks
In this talk, we introduce a powerful penetration testing tool for SDN called DELTA, which is officially supported by Open Networking Foundation (ONF). By Jinwoo Kim + Seungsoo Lee + Seungwon Shin + Seungwon Woo Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#the-finest-penetration-testing-framework-for-software-defined-networks–10101
WebAssembly: A New World of Native Exploits on the Browser
The goal of this talk is to provide a basic introduction to WebAssembly and examine the actual security risks that a developer may take on by using it. We will cover the low-level semantics of WebAssembly, including the Javascript API,...
