Skip to main content

Hacking and InfoSec stuff



rss RSS

40
RESULTS


More right-solid

Show sorted alphabetically

Show sorted alphabetically

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Hacking and InfoSec stuff
movies

eye 23

favorite 0

comment 0

In this talk, we demonstrate how our 3dRedPill exploit breaks the security measures of virtio-gpu devices, achieving a full guest-to-host escape exploitation... By: Zhijian Shao, Matthew Shao, Jian Weng & Yue Zhang Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#d-red-pill--a-guest-to-host-escape-on-qemukvm-virtio-device-18583 Source: https://www.youtube.com/watch?v=oNV6KuhT02Q Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 22

favorite 0

comment 0

In this talk, we'll help you extract more value out of your threat intel program, giving you an easy win to level up not just your team, but the other teams in your security department... By: Xena Olsen Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#adversary-detection-pipelines-finally-making-your-threat-intel-useful-18346 Source: https://www.youtube.com/watch?v=D9R0E_CfSQ4 Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 49

favorite 0

comment 0

In recent years, Machine Learning (ML) techniques have been extensively deployed for computer vision tasks, particularly visual classification problems, where new algorithms reported to achieve or even surpass the human performance... By: Dou Goodman, Yang Wang & Hao Xin Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#attacking-and-defending-machine-learning-applications-of-public-cloud-18725 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 16

favorite 0

comment 0

Intruders are attacking mobile networks from all possible angles, in part by leveraging multiple protocols in combined attacks. In this presentation, I will describe how an attacker can take advantage of vulnerabilities in different generations of signaling protocols... By: Sergey Puzankov Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#back-to-the-future-cross-protocol-attacks-in-the-era-of-g-18586 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 11

favorite 0

comment 0

In this talk, we will explore the various types of biometric data, their uses by both government and private organizations, and whether the collection and use of such data is covered by the privacy legislation in the APAC region in particular, but more broadly around the world... By: Melissa Wingard Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#biometrics--privacy-time-to-faceoff-or-is-that-faceapp-18743 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 34

favorite 0

comment 0

Trusted Platform Module (TPM) is a tamper-resistant security module. It has been widely deployed in commercial devices to protect secret data and ensure the trustworthiness of a system... By: Seunghun Han Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#bitleaker-subverting-bitlocker-with-one-vulnerability-19413 Source: https://www.youtube.com/watch?v=EXyDAWWHeYY Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 14

favorite 0

comment 0

The attack surface exposed by proprietary layer 2 protocols contains hidden bugs that have severe implications to the security of the devices that use them, as well as the networks they belong to. We discovered 5 such zero-day vulnerabilities.... By: Barak Hadad & Ben Seri Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#cdpwn-taking-over-millions-of-enterprise-things-with-layer--zero-days-18806 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 32

favorite 0

comment 0

In the past decade, we have seen an increasing number of software-based attacks on increasingly complex hardware. Why don't you just check the hardware documentation? The hardware documentation we would need here is usually not available to us but only to a small set of employees of the corresponding hardware manufacturer..... By: Daniel Gruss Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#complexity-killed-security-21681 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 21

favorite 0

comment 0

In this talk, we will demystify the techniques armed by binary disassembling through a presentation on our study with 8 open-released tools (Ghidra, Angr, McSema, Dyninst, Radare2, Jakstab, Uroboros, and Objdump).... By: Eric Koskinen, Chengbin Pang & Jun Xu Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#demystify-todays-binary-disassembling-and-how-modern-abi-makes-it-easier-18415 Source: https://www.youtube.com/watch?v=LYCufH9KQxE...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 27

favorite 0

comment 1

Android applications are becoming more and more obfuscated to prevent reverse engineering. The purpose of this talk is to present dynamic binary instrumentation techniques that can help reverse engineers to deal with obfuscated codes... By: Romain Thomas Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#dynamic-binary-instrumentation-techniques-to-address-native-code-obfuscation-18309 Source: https://www.youtube.com/watch?v=MRku-2fW42w Uploader:...
favoritefavoritefavoritefavoritefavorite ( 1 reviews )
Topics: Youtube, video, Travel & Events
Defending a country is different from a corporate network. Singapore wants to be a Smart Nation and wants to shift the paradigm of cybersecurity in order to achieve that. Doing so will require us to challenge some mental models... By: Gaurav Keerthi Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#engineering-cybersecurity-for-a-nation-what-singapore-is-learning-from-cars-and-sanitation-21680 Source: https://www.youtube.com/watch?v=p68JbKkmY7Q...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 19

favorite 0

comment 0

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host.... By: Yuval Avrahami Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#escaping-virtualized-containers-21671 Source: https://www.youtube.com/watch?v=0hrv0qyOEd0 Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 19

favorite 0

comment 0

Designing realistic ICS honeypot requires substantial time and resource investment, as well as in-depth knowledge not only of the technical aspects, but of industrial automation process... By: Charles Perine Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#faking-a-factory-creating-and-operating-a-realistic-honeypot-19362 Source: https://www.youtube.com/watch?v=4y7JJoZd0ic Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 15

favorite 0

comment 0

Introduced in 2007, contactless (NFC) payments have been used widely for a decade. Contactless payments are fast replacing cash and CHIP. Yet, contactless makes use of protocols much older than the technology itself... By: Leigh-Anne Galloway & Tim Yunusov Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#first-contact---vulnerabilities-in-contactless-payments-19359 Source: https://www.youtube.com/watch?v=YmJ4ULncNwg Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Industrial Controllers are the basic building blocks for any automated factory. Our talk will demonstrate how an attacker can take over an entire factory by transmitting a single packet that will exploit one of the URGENT/11 vulnerabilities we've recently discovered.... By: Barak Hadad & Dor Zusman Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#from-an-urgent-vulnerability-to-a-full-take-down-of-a-factory-using-a-single-packet-18490 Source:...
Topics: Youtube, video, Travel & Events
This talk is based on research that was recently conducted and resulted in serious security findings and 0-day vulnerabilities in Android-based smartphones. Our team found a way of manipulating specific actions and intents, making it possible for any application, without specific permissions, to control the camera app... By: Erez Yalon Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 59

favorite 0

comment 0

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. Recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure... By: Andrea Continella & Nilo Redini Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#identifying-multi-binary-vulnerabilities-in-embedded-firmware-at-scale-18681 Source: https://www.youtube.com/watch?v=luSXhwcViDc Uploader: Black...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 27

favorite 1

comment 0

We have identified serious security weaknesses in chipsets used by a significant number of Wi-Fi capable devices. Specifically, we discovered that FullMAC Wi-Fi chipsets by Broadcom/Cypress – and possibly other manufacturers – are vulnerable to encrypting packets in a WPA2-protected network with an all-zero encryption key... By: Robert Lipovsky & Stefan Svorencik Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 17

favorite 0

comment 0

Join Black Hat Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community... By: Ryan Flores, Lidia Giuliano, Ty Miller & Ashley Shen Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--19431 Source: https://www.youtube.com/watch?v=JNAIYRjaQ-4 Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 16

favorite 0

comment 0

Join Black Hat Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community... By: Mika Devonshire, Seungjoo Kim, Asuka Nakajima & Neil Wyler Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--21641 Source: https://www.youtube.com/watch?v=w4JSc58kcfg Uploader: Black Hat
Topics: Youtube, video, Travel & Events
The talk is about the journey of InfoSecGirls community which started in India with the goal of bringing more women into the cyber security workforce and integrating them with the larger community and is now reaching a global audience... By: Vandana Verma Sehgal Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#making-an-impact-from-india-to-the-rest-of-the-world-by-building-and-nurturing-women-infosec-community-18483 Source:...
Topics: Youtube, video, Travel & Events
Although TrustZone has been used as a key enabling technology to implement trusted execution environments (TEEs), over the past years, TrustZone-assisted TEEs have been successfully attacked hundreds of times, causing highly damaging consequences across different sectors and platforms... By: Daniel Oliveira & Sandro Pinto Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 39

favorite 0

comment 0

Our precious Internet traffic relies significantly on DNS to work, now that IPv6 traffic starts to grow we will need it even more. Yet still an ancient protocol has been attacked for 4 decades already.... By: Emilio Couto Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#misuse-of-dns-the-second-most-used-protocol-19363 Source: https://www.youtube.com/watch?v=K0zH8lHNnAI Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 11

favorite 0

comment 0

In this talk, we briefly overview the state of the art of microarchitectural attacks and defenses. We then assume that we have a futuristic CPU which magically hides all microarchitectural side effects, rendering all known attacks useless... By: Daniel Gruss, Erik Kraft, Michael Schwarz & Trishita Tiwari Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#page-cache-attacks-microarchitectural-attacks-on-flawless-hardware-18564 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 16

favorite 0

comment 0

In this digital age, we live in a world of applications that enable us to conduct digital transactions ranging from everyday tasks to storage of sensitive data. But how secure are these applications? By: Max Chee & Hui Yi Loke Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#patching-loopholes-finding-backdoors-in-applications-19551 Source: https://www.youtube.com/watch?v=KY3ESomgmtI Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 21

favorite 1

comment 0

Voltage glitching is a developing technique in hardware hacking that has shown much promise, allowing bypass of security mechanisms and disclosure of firmware and secrets at the physical layer.... By: Adam Laurie & Grzegorz Wypych Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#raiden-glitching-framework-19361 Source: https://www.youtube.com/watch?v=eie6Rb8iFYs Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 31

favorite 0

comment 0

Static binary injection is a technique to permanently insert external code to an executable file, in order to observe or modify target behavior at run-time. Unfortunately, good injection tools are seriously lacking... By: Minh Tuan Do Do & Anh Quynh Nguyen Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#redback-advanced-static-binary-injection-18660 Source: https://www.youtube.com/watch?v=F_lj7dXn2Do Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 14

favorite 0

comment 0

QUIC is a new always-encrypted general-purpose transport protocol being standardized at the IETF designed for multiplexing multiple streams of data on a single connection. HTTP/3 runs over QUIC and roughly replaces... By: Nick Harper Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#securing-the-next-version-of-http-how-quic-and-http-compare-to-http-19364 Source: https://www.youtube.com/watch?v=J4fR5aztSwQ Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 10

favorite 0

comment 0

We have seen many different attacks that allowed an attacker to leak data. One of these attacks is Meltdown, allowing an attacker to leak kernel memory. After it was fixed, everyone thought that the problem was solved... By: Claudio Canella, Lukas Giner & Michael Schwarz Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#store-to-leak-forwarding-there-and-back-again-18610 Source: https://www.youtube.com/watch?v=Yc1AXkCu2AA Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 19

favorite 0

comment 0

Come see how the NOC has been adjusted, adapted, and reinvented as the industry, and the potential threats have changed over the years... By: Bart Stump & Neil Wyler (Grifter) Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#the-black-hat-noc-greatest-hits-and-holycows-21675 Source: https://www.youtube.com/watch?v=RQj0Eyb71HU Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 16

favorite 1

comment 0

The HTTP Alternative Services header (Alt-Svc, RFC 7838) was introduced in 2013 by seasoned developers with good intentions in a bid to streamline load balancing, protocol optimizations, and client segmentation... By: David Starobinski, Trishita Tiwari & Ari Trachtenberg Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#the-evil-alt-ego-abusing-http-alternative-services-18822 Source: https://www.youtube.com/watch?v=u-PVpQ2xr-I Uploader: Black...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 77

favorite 1

comment 0

Spy-cams have increased. In this talk, we will introduce the structure and work principle of spy cameras, and several effective ways to find all the cameras... By: Shupeng Gao & Ye Zhang Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#the-evil-of-spy-camera-18821 Source: https://www.youtube.com/watch?v=hF1u2YYVSII Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 19

favorite 0

comment 0

Instant apps have many advantages over normal apps, such as click-to-play and concise design, and they are becoming more and more popular. In this talk, we will dive into a common architecture of instant app framework, and demonstrate attack models for it... By: Hao Xing Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#the-inside-story-there-are-apps-in-apps-and-here-is-how-to-break-them-18380 Source: https://www.youtube.com/watch?v=-UndfqVJMf8...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 22

favorite 0

comment 0

To protect personal reputation, the company's brand, and the stability of the stock market against public opinion attacks, it's so necessary to track fake news. We propose a unified method for authorship analysis based on deep learning... By: Dou Goodman, Wang Wenhua & Lv Zhonghou Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#tracking-the-criminal-of-fake-news-based-on-a-unified-embedding-18388 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 43

favorite 0

comment 0

In this talk, we focus on the vulnerability of Wi-Fi drivers before password authentication, as well as the security issues caused by these Wi-Fi layer vulnerabilities... By: Ying Wan, Haikuo Xie & Ye Zhang Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#wifi-important-remote-attack-surface-threat-is-expanding-18784 Source: https://www.youtube.com/watch?v=ySUxQ8hktAw Uploader: Black Hat
Topics: Youtube, video, Travel & Events
In larger enterprise environments multiple Active Directory forests are often in use to separate different environments. To enable integration between the different environments, forest trusts are set up. This research introduces a vulnerability in Kerberos and forest trusts that allows attackers to break the trust... By: Dirk-jan Mollema Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 24

favorite 0

comment 0

Detecting adversaries in your environment is a challenging task: Most organizations need at least several months to detect them... IF they detect them at all.Many companies have started to investigate Windows Event Log... By: Miriam Wiesner Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#what-the-log-so-many-events-so-little-time-19400 Source: https://www.youtube.com/watch?v=3x5-nZ2bfbo Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 37

favorite 0

comment 0

The common perception of 802.1X WiFi networks using tunneled authentication methods such as PEAP, are that they offer good enough security. However, what if you didn't need to crack the password at all, but simply relayed the challenge and response.... By: Michael Kruger Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#wi-fi-brokering-18260 Source: https://www.youtube.com/watch?v=XYgBw8mx9Jw Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 22

favorite 0

comment 0

This talk shows the technical details of how we capture 0-day attack payloads automatically without knowing any vulnerability details beforehand. We will walk through real cases to show model performance and give results of 0-day monitoring... By: Xiaokun Huang & Yue Xu Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#win-the--day-racing-game-against-botnet-in-public-cloud-18400 Source: https://www.youtube.com/watch?v=pxL0vgIi_oI Uploader:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 12

favorite 0

comment 0

The publication of Meltdown in January 2018 was the first instance of a hardware vulnerability which broke the security guarantees of modern CPUs. Meltdown allowed attackers to leak arbitrary memory by exploiting that Intel CPUs use lazy fault handling and continue transient execution with data originating from faulting loads... By: Moritz Lipp & Michael Schwarz Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events