Tag: BlackHatUSA
Hardening Hyper-V through Offensive Security Research
Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft’s virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000 public bug bounty...
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
Live video streaming services are getting more and more popular in China. In order to ensure their own interests, various service providers have added visible watermarks, which have become increasingly fierce and vicious. Users (originators and viewers) are fed up...
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
This talk will give you the tools to expose what Android malware authors are trying to hide. By Maddie Stone Full Abstract & Presentation Materials: https://www.blackhat.com/us-18/briefings/schedule/index.html#unpacking-the-packed-unpacker-reverse-engineering-an-android-anti-analysis-native-library-10795
Exploitation of a Modern Smartphone Baseband
In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. By Marco...
So I became a Domain Controller
While SAMBA did implement Active Directory replication protocol for years, it was not easy to abuse it, especially on the Windows OS. The lsadump::DCSync feature in mimikatz was a first breakout in this area. Red teamers could extract secrets needed...
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Computer malware in all its forms is nearly as old as the first PCs running commodity OSes, dating back at least 30 years. However, the number and the variety of “computing devices” dramatically increased during the last several years. Therefore,...
An Attacker Looks at Docker: Approaching Multi-Container Applications
The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example...
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
In this presentation, we will explain the inner workings of this technology and showcase the new capability that was developed in the Tesla hacking 2017. Multiple 0-days of different in-vehicle components are included in the new attack chain. By Ling...
SDL the Wont Break the Bank
This briefing will describe some resources that can help smaller organizations create an effective SDL program. It will also outline some secure development concerns that may be especially important to those organizations – such as dependence on software they didn’t...
Automated Discovery of Deserialization Gadget Chains
Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn’t going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published...
Outsmarting the Smart City
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the...
Catch me, Yes we can! – Pwning Social Engineers
Social engineering is a big problem but very little progress has been made in stopping it, aside from the detection of email phishing. Social engineering attacks are launched via many vectors in addition to email, including phone, in-person, and via...
