Tag: BlackHat

The Air-Gap Jumpers

In this talk, we focus on ‘Bridgeware’, a type of malware which allows attackers to overcome (‘bridge’) air-gap isolation in order to leak data. We talk about various covert channels proposed over the years, including electromagnetic, magnetic, acoustic, thermal, electrical...

/ January 15, 2020

Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

All Windows researchers know about RPC and ALPC, and the attack surface provided through the kernel’s system call layer. As they know about shared memory, the object manager, the registry, and countless other more ‘creative’ kernel mechanisms which allow cross-process...

/ January 15, 2020

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities

Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor...

/ January 15, 2020

Fire & Ice: Making and Breaking macOS Firewalls

In this talk, we’ll first dive into what it takes to create an effective firewall for macOS. Yes we’ll discuss core concepts such as kernel-level socket filtering, but also how to communicate with user-mode components, install privileged code in a...

/ January 15, 2020

There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently

Automotive security is a hot topic, and hacking cars is cool. These vehicles are suffering the growing pains seen in many embedded systems: security is a work-in-progress, and in the meantime we see some fun and impressive hacks. Perhaps the...

/ January 15, 2020