Black Hat Conference
Share This Collection
418
RESULTS
RESULTS
Media Type
Year
Topics & Subjects
Collection
Creator
Language
eye
Title
Date Archived
Creator
by Ralf Spenneberg & Maik Brüggemann & Hendrik Schwartke We will present and demonstrate the first PLC only worm. Our PLC worm will scan and compromise Siemens Simatic S7-1200 v1-v3 PLCs without any external support. No PCs or additional hardware is required. The worm is fully self-contained and "lives" only on the PLC. The Siemens Simatic PLCs are managed using a proprietary Siemens protocol. Using this protocol the PLC may be stopped, started and diagnostic information may...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
by Alex Ionescu Initially known as "Project Astoria" and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it's back and improved in Windows 10 Anniversary Update ("Redstone"), under the guise of Bash Shell interoperability. This new kernel and related...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=OwvlGijFm_Y Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Xiaoran Wang & Sergey Gorbaty Xml eXternal Entities (XXE) is one of the most deadly vulnerabilities on the Internet, and we will demonstrate how critical enterprise software packages are still vulnerable to these attacks today. In this action-packed presentation, we will demonstrate two 0-day vulnerabilities we identified in both popular server (Java) and client-side (Internet Explorer) technologies. The first vulnerability can be exploited with an attacker-controlled XML leading to...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=r1eB-N8vFP0 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Tielei Wang & Hao Xu & Xiaobo Chen Pangu 9, the first (and only) untethered jailbreak tool for iOS 9, exploited a sequence of vulnerabilities in the iOS userland to achieve final arbitrary code execution in the kernel and persistent code signing bypass. Although these vulnerabilities were fixed in iOS 9.2, there are no details disclosed. This talk will reveal the internals of Pangu 9. Specifically, this talk will first present a logical error in a system service that is exploitable...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
by Neil Wyler & Bart Stump Each year thousands of security professionals answer the siren song of Black Hat USA. They come to learn from the best trainers, and the smartest(and best looking) speakers. And hey, this is Vegas, and when you're in Vegas, you make it rain...exploits. Yes, every year thousands of security pros learn the latest tactics and techniques from the sharpest minds in the industry, and once they have, they can't wait to test them on the closest network they can find, our...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Daniel Chechik, Ben Hayak, and Orit Kravitz Chechik A mysterious vulnerability from 2011 almost made the Bitcoin network collapse. Silk Road, MTGox, and potentially many more trading websites claim to be prone to "Transaction Malleability." We will shed some light and show in practice how to exploit this vulnerability. Source: https://www.youtube.com/watch?v=bmxu3r_CUKE Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=DvYY2KAhQv4 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Day 2 Keynote Source: https://www.youtube.com/watch?v=SyVN5r31EE4 Uploader: Black Hat Upload date: 2013-10-03
Topics: Youtube, video, Education, Black, Hat, Briefings
Topics: Youtube, video, Education, Black, Hat, Briefings
The last of the protection-detection-response triad to get any real attention, incident response is big business these days. I plan on stepping back and looking at both the economic and psychological forces that affect incident response as both a business and a technical activity. Nothing seems to be able to keep sufficiently skilled and motivated attackers out of a network. Can incident response save the day? Source: https://www.youtube.com/watch?v=u54Radu2bF0 Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Yier Jin, Grant Hernandez, and Daniel Buentello "The Nest thermostat is a smart home automation device that aims to learn about your heating and cooling habits to help optimize your scheduling and power usage. Debuted in 2010, the smart NEST devices have been proved a huge success that Google spent $3.2B to acquire the whole company. However, the smartness of the thermostat also breeds security vulnerabilities, similar to all other smart consumer electronics. The severity of security...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
by Elliott Peterson & Michael Sandee & Tillmann Werner This presentation will detail many of the individuals responsible for GameOver Zeus and Cryptolocker, summarize the law enforcement investigation, and highlight the novel legal processes used to wrest control of the botnet from its operators. GameOver Zeus represents one of the most complex, and successful, law enforcement operations against cyber crime to date. The talk will highlight extensive industry and government partnerships,...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
by Dan Amiga & Dor Knafo The widespread adoption of AWS as an enterprise platform for storage, computing and services makes it a lucrative opportunity for the development of AWS focused APTs. We will cover pre-infection, post-infection and advanced persistency techniques on AWS that allows an attacker to access staging and production environments, as well as read and write data and even reverse its way from the cloud to the the corporate datacenter. This session will cover several methods...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons they are developing are different from any other kind of weapon we've ever seen, and we are now seeing the very beginning of the next arms race. By Mikko Hypponen Source: https://www.youtube.com/watch?v=l2rIVdpMToM Uploader: Black Hat
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
By Tao Wei and Yulong Zhang "While Google Play has little malware, many vulnerabilities exist in the apps as well as the Android system itself, and aggressive ad libs leak a lot of user privacy information. When they are combined together, more powerful targeted attacks can be conducted. We will present one practical case of such attacks called ""Sidewinder Targeted Attack."" It targets victims by intercepting location information reported from ad libs, which can be...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
By Ryan Kazanciyan and Matt Hastings "Over the past two years, we've seen targeted attackers increasingly make use of PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or Server 2008 R2, you've got PowerShell 2.0 installed (and on Server 2012, remoting is enabled by default!). This has created a whole new playground of attack techniques for intruders that have already popped a few admin accounts (or an entire domain)....
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
by Anirudh Duggal Health Level-7 or HL7 refers to a set of international standards for transfer of clinical and administrative data between software applications used by various healthcare providers. Healthcare provider organizations typically have many different computer systems used for everything from billing records to patient tracking. All of these systems should communicate with each other (or "interface") when they receive new information, or when they wish to retrieve...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Ron Gutierrez and Stephen Komal "One of the latest trends of BYOD solutions is to employ ""Mobile Application Management (MAM),"" which allows organizations to wrap existing applications to perform policy enforcement and data/transport security at the application layer rather than at the device level. Today's organizations face a complex choice: there are a plethora of BYOD application wrapping products on the market, each with their own colorful datasheets and hefty...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
By Lance James and John Bambenek "In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This ""police impersonation"" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thus significantly inhibiting security researchers...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
by Joshua Pitts The news media is awash with nation-states and criminals reusing malware. Why should they have all the fun? This is a case study about reversing the suspected Russian government made OnionDuke MitM patching system, discovered by the speaker in October 2014. During this talk we will seek to understand its inner workings, selecting desirable features, and repurposing it for use in other tools. This is pure malware plagiarism. Source: https://www.youtube.com/watch?v=OuyLzkG16Uk...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
by Nguyen Anh Quynh & Hoang-Vu Dang CPU emulator is a program emulating the internal operation of a physical CPU in software. CPU emulator plays a vital role and has a lot of applications in computer security area, such as reversing obfuscated malware or verifying code semantics. Unfortunately, such a fundamental component does not get the attention it absolutely deserves. At the moment, all the existing CPU emulators suffer from some major issues: Do not get updated with latest hardware....
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
by Joe FitzPatrick Embedded, IOT, and ICS devices tend to be things we can pick up, see, and touch. They're designed for nontechnical users who think of them as immutable hardware devices. Even software security experts, at some point, consider hardware attacks out of scope. Thankfully, even though a handful of hardware manufacturers are making some basic efforts to harden devices, there's still plenty of cheap and easy ways to subvert hardware. The leaked ANT catalog validated that these cheap...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Arsal Ertunga SAP applications build the business backbone of the largest organizations in the world. In this presentation, exploits will be shown manipulating a business process to extract money, critical payment information, and credit card data out of the business backbone. Follow the bird and enjoy tweets of data that will interest you. Source: https://www.youtube.com/watch?v=UuSu3vUG2TU Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, Black Hat, BlackHat
by Wesley McGrew Following previous presentations on the dangers penetration testers face in using current off-the-shelf tools and practices, this presentation explores how widely available learning materials used to train penetration testers lead to inadequate protection of client data and penetration testing operations. With widely available books and other training resources targeting the smallest set of prerequisites, in order to attract the largest audience, many penetration testers adopt...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Daniele Gallingani "We identified a set of vulnerabilities that common Android Apps programming (mis)practices might introduce. We developed an effective static analyzer to automatically detect a set of vulnerabilities rising by incorrect Android‰Ûªs Inter-Component Communication usage. We completed our analysis by automatically demonstrating whether the vulnerabilities identified by static analysis can actually be exploited or not at run-time by an attacker. We adopt a formal and...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2014
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2014
By Joshua 'jduck' Drake "In the last few years, Android has become the world's leading smart phone operating system. Unfortunately, the diversity and sheer number of devices in the ecosystem represent a significant challenge to security researchers. Primarily, auditing and exploit development efforts are less effective when focusing on a single device because each device is like a snowflake: unique. This presentation centers around the speaker's approach to dealing with the Android...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
by Wim Remes The underbelly of the Internet has been in a precarious condition for a while now. Even with all the knowledge about it's weaknesses, we only make slow progress in implementing technology to secure it. We see BGP routing leaks on a regular basis. It almost feels like we take it for granted but at the same time it undermines our trust in the Internet. In this talk, we'll review the current situation for BGP, a foundational piece of the network we all rely on, and focus on the...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
by Kenneth Geers The conflict between Russia and Ukraine appears to have all the ingredients for "cyber war". Moscow and Kyiv are playing for the highest geopolitical stakes, and both countries have expertise in information technology and computer hacking. However, there are still many skeptics of cyber war, and more questions than answers. Malicious code is great for espionage and crime, but how much does it help soldiers on the battlefield? Does computer hacking have strategic...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Patrick Gage Kelley Many critical communications now take place digitally, but recent revelations demonstrate that these communications can often be intercepted. To achieve true message privacy, users need end-to-end message encryption, in which the communications service provider is not able to decrypt the content. Historically, end-to-end encryption has proven extremely difficult for people to use correctly, but recently tools like Apple's iMessage and Google's End-to-End have made it more...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
by Vincent Tan The global market for Bring Your Own Device (BYOD) and enterprise mobility is expected to quadruple in size over the next four years, hitting $284 billion by 2019. BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, United States Department of Homeland Security, United States Army, Australian Department of Environment and numerous other organizations, big and small, all over the world. Enterprise...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, being a Windows-signed binary native on Windows 7 and later that enables reflective injection of binaries and DLLs and memory-resident execution of remotely hosted scripts, has made it increasingly attractive for attackers and commodity malware authors alike. In environments where PowerShell is heavily used, filtering out legitimate activity to detect malicious PowerShell usage is...
Topics: Youtube, video, Travel & Events, BlackHat, BHUSA, Black Hat, Data Forensics, Incident Response,...
Topics: Youtube, video, Travel & Events, BlackHat, BHUSA, Black Hat, Data Forensics, Incident Response,...
By Dr. Igor Muttik and Alex Naishtut "Often a solution from one area helps solve problems in a completely different field. In this session, we will show you how Intel CPU improvements designed to speed up computations have boosted security by creating a flexible memory monitor capable of detecting and reversing unauthorized memory changes. Modern CPUs support the detection and resolution of memory conflicts between multiple threads that access the same data: This is called the...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
THIS IS DeepERENT: Tracking App Behaviors With (Nothing Changed) Phone For Evasive Android Malware by Yeongung Park & Jun Young Choi Malwares on Android platform are increasing every year by explosive growth over the years and it is a serious threat on Android platform. Many tools have been released in order to quickly analyze these malicious code. Depending on the appearance of analysis tools, Android Malwares have been applied to the anti-analysis techniques, such as packing, environment...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=RWcdjyMldtI Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Lei Long & Peng Xiao & Aimin Pan Fuzzing is the most common way of exploiting vulnerabilities, and IOKit is an ideal target in kernel extensions for fuzzing. The interfaces in IOKit use specific structures, such as IOExternalMethod, IOExternalMethodDispatch, to check the input parameters in various ways. Purely random inputs when fuzzing IOKit can hardly pass the interfaces' parameter checking, so that most of fuzzing data cannot reach the kernel IOUserClient subclass at all. Thus,...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=sZfMf9-92Fc Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
By Ivan Novikov "Memcached is a distributed memory caching system. It is in great demand in big-data Internet projects as it allows reasonably sped up web applications by caching data in RAM. Cached data often includes user sessions and other operational information. This talk is based on research of different memcached wrappers to popular web application development platforms, such as Go, Ruby, Java, Python, PHP, Lua, and .NET. The primary goal is determining input validation issues at...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
by Yu Yu Recently, documents leaked from Edward Snowden alleged that NSA and GCHQ had stolen millions of SIM card encryption keys from one of the world's largest chip manufacturers. This incident draws the public attention to the longstanding concern for the mobile network security. Despite that various attacks against 2G (GSM) algorithms (COMP-128, A5) were found in literature, no practical attacks were known against 3G/4G (UMTS/LTE) SIM cards. 3G/4G SIM cards adopt a mutual authentication...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
By Yeongjin Jang, Tielei Wang, Byoungyoung Lee, and Bill Lau "Patching all vulnerabilities for a modern, complex software system (i.e., Windows, iOS) is often difficult due to the volume of bugs and response time requirements. Instead, software vendors usually devise quick workarounds to mitigate the exploitation of a given vulnerability. However, those patches are sometimes incomplete, and attackers can utilize different attack vectors to re-exploit a patched vulnerability. iOS is no...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
By Christopher Kruegel "Today, forensics experts and anti-malware solutions face a multitude of challenges when attempting to extract information from malicious files; dynamic analysis (sandboxing) is a popular method of identifying behavior associated with running or opening a given file, and provides the ability to examine the actions which that file is responsible for. Dynamic analysis technology is gaining popularity for use in detecting targeted threats and zero-day attacks, because...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. By Craig Young Full...
Topics: Youtube, video, Travel & Events
Topics: Youtube, video, Travel & Events
by Lucas Morris & Michael McAtee Over the past several years the world of password cracking has exploded with new tools and techniques. These new techniques have made it easier than ever to reverse captured password hashes. Based on our experience, within the past few years passwords have often become the first step into compromising the entire network. New techniques such as LLMNR/NetBIOS response have reduced the efficacy of pass the hash techniques, again increasing the necessity of...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
By Lars Haukli "Stealth and persistency are invaluable assets to an intruder. You cannot defend against what you cannot see. This talk discusses techniques to counter attempts at subverting modern security features, and regain control of compromised machines, by drilling down deep into internal structures of the operating system to battle the threat of bootkits. The security features added in modern 64-bit versions of Windows raise the bar for kernel mode rootkits. Loading unsigned...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
by Colby Moore Recently, there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
by Cara Marie A decompression bomb attack is relatively simple to perform --- but can be completely devastating to developers who have not taken the time to properly guard their applications against this type of denial of service. The decompression bomb is not a new attack - it's been around since at least 1996 - but unfortunately they are still horrifyingly common. The stereotypical bomb is the zip bomb, but in reality nearly any compression algorithm can provide fruit for this attack (images,...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
By Vijay Balasubramaniyan, Raj Bandyopadhyay, and Telvis Calhoun Enterprises are vulnerable to "human hacking," the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance,...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=d108Zwr821g Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Jelle Niemantsverdriet In this session we will explore why certain devices, pieces of software or companies lead us to utter frustration while others consistently delight us and put a smile on our face. With these insights in mind, we will explore how we typically create our security processes, teams and solutions. All too often we create something without properly understanding what our colleagues or customers are trying to achieve only to bombard them with awareness training and policies...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Alejandro Mayorkas Deputy Secretary of the Department of Homeland Security, Alejandro Mayorkas, will discuss the challenges of information access in today's world. He will also describe the information sharing vision of DHS: is a future where cybersecurity information, such as indicators of specific cyber threats, is shared widely across the public and private sectors at machine-speed and in formats that can be immediately used for network defense. To achieve this goal, cyber threat...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
By Mark Jaycox ""'We failed to connect the dots. And so, we had to come up with a way of helping to stop attacks.'" - General Keith B. Alexander, Former Director of NSA, at Black Hat USA 2013. There's been lot of hyperbole and misinformation about the NSA's collection of Americans' phone calls, emails, address books, buddy lists, calling records, online video game chats, financial documents, browsing history, video chats, text messages, and calendar data. Currently, a debate...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
By Matt Oh "There are many benefits to interacting directly with Flash memory when you're having a hard time finding the correct JTAG connection points. That's especially true when you're a software reverse engineer who delves into hardware reversing. Some vendors intentionally obfuscate JTAG points or remove them to prevent reverse engineering. In this talk, we look closely at the process of reverse engineering embedded devices by interacting directly with Flash memory. We also look at...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
by Christopher Domas In x86, beyond ring 0 lie the more privileged realms of execution, where our code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these negative rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
by Catherine (Kate) Pearce & Carl Vincent The meteoric rise of SPDY, HTTP/2, and QUIC has gone largely unremarked upon by most of the security field. QUIC is an application-layer UDP-based protocol that multiplexes connections between endpoints at the application level, rather than the kernel level. HTTP/2 (H2) is a successor to SPDY, and multiplexes different HTTP streams within a single connection. More than 10% of the top 1 Million websites are already using some of these technologies,...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! By Paula Januszkiewicz, Adrian Denkiewicz & Mike Jankowski-Lorek Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/briefings/schedule/#cqtools-the-new-ultimate-hacking-toolkit-14425 Source:...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
by Lei Ji & Yunding Jian Power line communication (PLC) is a kind of communication technology which uses the power line as the communication media. The PLC technology is divided with 2 sub-field: narrow-band PLC and wide-band PLC. For the narrow-band PLC, there are 2 very import standards: Prime and G3. Both the standards are widely used in AMR and electric monitor system and it lead to the rise of threat in AMR system security and electric safety. This topic will talk about how to get the...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Bryant Zadegan & Ryan Lester Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Ivan Krstic With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10. HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data –...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2016, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2016, Black Hat
by Shangcong Luan The Xen Project has been a widely used virtualization platform powering some of the largest clouds in production today. Sitting directly on the hardware below any operating systems, the Xen hypervisor is responsible for the management of CPU/MMU and guest operating systems. Guest operating systems cound be controled to run in PV mode using paravirtualization technologies or HVM mode using hardware-assisted virtualization technologies. Compare to HVM mode, PV mode guest OS...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Ashkan Soltani & Terrell McSweeny As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commissions work. You may be familiar with the agency's enforcement actions against some of the worlds biggest tech companies for privacy/data security violations, but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commissions recent tech-related actions,...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
by Laura Bell It will not be a surprise to you that of all the elements within our organisations and systems, the people are most likely to expose us to risk. In short we are a mess of emotional unpredictablity that threaten us all (and security professionals are the worst of the bunch). Many very clever people have spent a long time teaching us this. This is not news. So if this is the case, why in 20 years of modern information security have we done so little to actively protect them?...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
by Claudio Guarnieri & Collin Anderson Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Similarly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=liU0_ujMYUw Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Ofri Ziv Security breaches never happen exactly the way you expected or planned for. Yet an organization's infrastructure should be able to withstand a breach of its perimeter security layer, and also handle the infection of internal servers. The security testing toolset available to security professionals today consists mainly of penetration testing and vulnerability scanners.These tools were designed for traditional, relatively static networks and can no longer address ALL the possible...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Jennifer Granick In the early days of the public internet, we believed that we were helping build something totally new, a world that would leave behind the shackles of age, of race, of gender, of class, even of law. Twenty years on, "cyberspace" looks a lot less revolutionary than it once did. Hackers have become information security professionals. Racism and sexism have proven resiliant enough to thrive in the digital world. Big companies are getting even bigger, and the...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Jennifer Granick, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Jennifer Granick, Black Hat, BlackHat
by Colin O'Flynn This presentation demonstrates a method of brute-forcing an AES-256 encrypted hard drive by spoofing the front-panel keyboard. In addition to tears into the internal design of the hard drive, and extends the work by J. Czarny & R. Rigo to validate the (in)security of any encrypted drive based on the MB86C311 chipset. Source: https://www.youtube.com/watch?v=FAwtXBXQ460 Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
by Erik Bosman & Kaveh Razavi & Herbert Bos & Cristiano Giuffrida Memory deduplication, a well-known technique to reduce the memory footprint across virtual machines, is now also a default-on feature inside the Windows 10 operating system. Deduplication maps multiple identical copies of a physical page onto a single shared copy with copy-on-write semantics. As a result, a write to such a shared page triggers a page fault and is thus measurably slower than a write to a normal page....
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
By Mikko Hypponen After cancelling his RSA talk in protest, Mikko delivered his talk on Goverments as Malware Authors at TrustyCon instead. This follow-up talk will look at what's changed since then, and what new we have learned about governments that write malware. Which governments are involved? Where do they get the skills? How big are the budgets for this? And, most importantly: do we have any hope of fighting malwareof this caliber? Source: https://www.youtube.com/watch?v=9MILrkozpAk...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
by Matthew Prince Google, Facebook, and Twitter all started out with admirable, lofty goals about preserving freedom of speech online saying that they wouldn't arbitrarily remove "distasteful" content. Yet one-by-one they all changed their position. Now countries, like Turkey are holding YouTube for ransom and bullying them to remove anything that they consider offensive or even inconvenient. By protecting lawful content, no matter the source or how distasteful, you're protecting...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=UMa9659DXXw Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
by Cooper Quintin & Eva Galperin Targeted malware campaigns against Activists, Lawyers and journalists are becoming extremely commonplace. These attacks range in sophistication from simple spear-phishing campaigns using off the shelf malware, to APT-level attacks employing exploits, large budgets, and increasingly sophisticated techniques. Activists, lawyers and journalists are, for the most part, completely unprepared to deal with cyber-attacks; most of them don't even have a single...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
by Luyi Xing & Xiaolong Bai With the proliferation of portable computing systems such as tablet, smartphone, Internet of Things (IoT), etc., ordinary users are facing the increasing burden to properly configure those devices, enabling them to work together. In response to this utility challenge, major device manufacturers and software vendors (e.g., Apple, Microsoft, Hewlett-Packard) tend to build their systems in a "plug-and-play" fashion, using techniques dubbed...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
by Kyle Wilhoit & Stephen Hilt Over a period of months, several Guardian AST gas pump monitoring systems were attacked. These attacks occurred on real pump monitoring systems, but also on systems that we controlled, created, and deployed. We watched these attackers, what they did, and performed intelligence gathering on the nefarious actors. Details and intelligence on whom the attackers were, possible motivations behind the attacks, and detailed indicators of compromise will be shared in...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
by Morgan Marquis-Boire, Marion Marschalek, Claudio Guarnieri The security industry focus on state-sponsored espionage is a relatively recent phenomenon. Since the Aurora Incident brought nation-state hacking into the spotlight, there's been high profile reports on targeted hacking by China, Russia, U.S.A, Israel, to name a few. This has lead to the rise of a lucrative Threat intelligence business, propelling marketing and media campaigns and fueling political debate. This talk will cover the...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
By Axelle Apvrille "Malware authors are always interested in concealing their goals to evade detection. We have discovered a technique which enables them to hide whatever payload they wish in an Android package (APK). The malicious payload is encrypted with AES, thus its reverse engineering does not give in any element. Moreover, contrary to general belief, it is actually possible to manipulate the output of encryption and have it look like, for instance, a chosen image. Thus, the...
Topics: Youtube, video, People & Blogs, InfoSec, Black Hat Europe 2014, Black Hat, BlackHat,...
Topics: Youtube, video, People & Blogs, InfoSec, Black Hat Europe 2014, Black Hat, BlackHat,...
Fetching more results
DESCRIPTION
Collection Info
- Addeddate
- 2019-11-14 18:47:16
- Collection
- hackercons
movies
- Identifier
- BlackHatCon
- Mediatype
- collection
- Num_recent_reviews
- 5
- Num_top_dl
- 5
- Publicdate
- 2019-11-14 18:47:16
- Title
- Black Hat Conference
Created on
November 14
2019
2019
narabot
Archivist
Archivist
ITEMS
Total Items 418 (Older Stats)
TOP REGIONS (LAST 30 DAYS)
(data not available)
