Tag: BlackHat
TLBleed: When Protecting Your CPU Caches is Not Enough
We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. By Ben Gras Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting-your-cpu-caches-is-not-enough-10149
Exploitation of a Modern Smartphone Baseband
In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. By Marco...
Return of Bleichenbacher’s Oracle Threat (ROBOT)
We’ll show how we found one of the oldest TLS vulnerabilities in products of 10 different vendors and how we practically exploited it on famous sites. We’ll also discuss how the countermeasures introduced back in TLS 1.0 and expanded over...
An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
In this presentation, we will describe Microsoft’s approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the...
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
To test the viability of our framework, we fuzzed over one hundred packages from the Arch Linux package repository with essentially zero effort. After only a few days, we already found 11 crashes, six of which were exploitable. By Bhargava...
So I became a Domain Controller
While SAMBA did implement Active Directory replication protocol for years, it was not easy to abuse it, especially on the Windows OS. The lsadump::DCSync feature in mimikatz was a first breakout in this area. Red teamers could extract secrets needed...
How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
This session outlines how someone with Autism Spectrum Disorder (ASD) offers a unique skillset that can be very helpful in the cybersecurity field. By Casey Hurt + Dr. Stacy Thayer + Rhett Greenhagen Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#how-can-someone-with-autism-specifically-enhance-the-cyber-security-workforce-11336
Outsmarting the Smart City
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the...
A Deep Dive into macOS MDM (and How it can be Compromised)
Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a...
The Science of Hiring and Retaining Female Cybersecurity Engineers
The wisdom on why it is difficult to recruit and retain women in the industry has changed over the past decade; the speaker will share the latest information about the most successful approaches and results from a recent working group...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to users with the reported goal of promoting free speech. By leveraging unofficial Top-Level Domains (TLDs) such as .bit and alternate DNS resolution methods such as...
Is the Mafia Taking Over Cybercrime?
This talk broadly addresses the range of connections between Mafias, organised crime, and cybercrime. But, it focuses this discussion on the so-called “Russian Mafia” as this is the specific boogieman that many claims mention and some of the most sophisticated...
