Tag: Black Hat USA 2018
Applied Self-Driving Car Security
In this talk, two researchers who have headed self-driving car security teams for multiple companies will discuss how self driving cars work, how they might be attacked, and how they can ultimately be secured. By Charlie Miller & Chris Valasek...
Legal Liability for IOT Cybersecurity Vulnerabilities
There has been much discussion of “software liability,” and whether new laws are needed to encourage or require safer software. My presentation will discuss how — regardless of whether new laws are passed — a tidal wave of litigation over...
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
We’ll discuss several strategies to make machine learning models more tamper resilient. We’ll compare the difficulty of tampering with cloud-based models and client-based models. By Holly Stewart + Jugal Parikh + Randy Treit Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks-11669
Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address this issue, automated exploit generation techniques can be adopted. By Jimmy Su + Wei Wu + Xinyu Xing Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#from-thousands-of-hours-to-a-couple-of-minutes-automating-exploit-generation-for-arbitrary-types-of-kernel-vulnerabilities-10389
An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
In this presentation, we will describe Microsoft’s approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the...
Playback: A TLS 1.3 Story
This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls...
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
In this talk, we ask what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing...
How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
This session outlines how someone with Autism Spectrum Disorder (ASD) offers a unique skillset that can be very helpful in the cybersecurity field. By Casey Hurt + Dr. Stacy Thayer + Rhett Greenhagen Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#how-can-someone-with-autism-specifically-enhance-the-cyber-security-workforce-11336
Mainframe [z/OS] Reverse Engineering and Exploit Development
Speak with any Fortune 500 running mainframe and they’ll tell you two things: (1) without their mainframes they’d be out of business (2) they do not conduct any security research on them, let alone vulnerability scans. The most infuriating part...
DeepLocker – Concealing Targeted Attacks with AI Locksmithing
In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in...
SDL the Wont Break the Bank
This briefing will describe some resources that can help smaller organizations create an effective SDL program. It will also outline some secure development concerns that may be especially important to those organizations – such as dependence on software they didn’t...
SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
SirenJack is a vulnerability that was found to affect radio-controlled emergency warning siren systems from ATI Systems. It allows a bad actor, with a $30 handheld radio and a laptop, to set off all sirens in a deployment. By Balint...
