51
51
Apr 23, 2019
04/19
by
Black Hat
movies
eye 51
favorite 0
comment 0
The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons they are developing are different from any other kind of weapon we've ever seen, and we are now seeing the very beginning of the next arms race. By Mikko Hypponen Source: https://www.youtube.com/watch?v=l2rIVdpMToM Uploader: Black Hat
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
201
201
Apr 29, 2019
04/19
by
Black Hat
movies
eye 201
favorite 0
comment 0
CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! By Paula Januszkiewicz, Adrian Denkiewicz & Mike Jankowski-Lorek Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/briefings/schedule/#cqtools-the-new-ultimate-hacking-toolkit-14425 Source:...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
79
79
Apr 29, 2019
04/19
by
Black Hat
movies
eye 79
favorite 0
comment 0
This presentation mainly focuses on the practical concept of memory forensics and shows how to use memory forensics to detect, investigate and understand the capabilities of malicious software. In addition to that, with the help of various demonstrations, the presentation also covers various tricks and techniques used by the malware including some of the stealth and evasive capabilities. By Monnappa K A Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
49
49
Apr 29, 2019
04/19
by
Black Hat
movies
eye 49
favorite 0
comment 0
This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. By Diego F. Aranha Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/briefings/schedule/#return-of-the-insecure-brazilian-voting-machines-13891 Source:...
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
50
50
Oct 3, 2017
10/17
by
Black Hat
movies
eye 50
favorite 0
comment 0
Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone by Alex Stamos, Facebook CSO Since the first Black Hat conference 20 years ago, the security community, industry and the world have changed to the point that it’s time to re-examine whether we’re living up to our responsibilities and potential. Long gone are the days when “hacking” conjured up a sense of mischief and light-heartedness, with limited risks and harm. The harsh reality...
Topics: Youtube, video, Travel & Events, Black Hat USA, Black Hat USA 2017, Alex Stamos, Black Hat...
1
1.0
web
eye 1
favorite 0
comment 0
Black Hat Incorporated Wiki dumped with WikiTeam tools.
Topics: wiki, wikiteam, MediaWiki, Black Hat Incorporated Wiki, black_hat_incorporatedfandomcom
28
28
Oct 17, 2017
10/17
by
Black Hat
movies
eye 28
favorite 0
comment 0
By Rafal Wojtczuk "Hypervisors have become a key element of both cloud and client computing. It is without doubt that hypervisors are going to be commonplace in future devices, and play an important role in the security industry. In this presentation, we discuss in detail the various lessons learnt whilst building and breaking various common hypervisors. In particular, we take a trip down memory lane and examine vulnerabilities found in all the popular hypervisors that have led to...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
58
58
Oct 17, 2017
10/17
by
Black Hat
movies
eye 58
favorite 0
comment 0
by Adam Kozy & Johannes Gilger Chinas Great Cannon (GC), the offensive standalone system that serves as a complement to its defensive Great Firewall (GFW), debuted with a bang in early 2015, carrying out massive attacks on anti-censorship site Greatfire.org and everyones favorite code-sharing resource, Github. Not cool, man... This talk aims to examine Chinas destructive new toy and its methods for turning both Chinese users and global visitors to Chinese sites into the worlds largest...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
13
13
Oct 17, 2017
10/17
by
Black Hat
movies
eye 13
favorite 0
comment 0
by Yunhai Zhang Control Flow Guard (CFG) is an exploit mitigation technique that Microsoft enabled in Windows 8.1 Update 3 and Windows 10 technical preview. CFG checks the target of indirect call and raises an exception if the target is invalid, thus preventing a vital step of many exploit techniques. This talk analyses the weak-point of CFG and presents a new technique that can be used to bypass CFG comprehensively and make the prevented exploit techniques exploitable again. Furthermore, this...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
28
28
Oct 17, 2017
10/17
by
Black Hat
movies
eye 28
favorite 0
comment 0
by James Forshaw One successful technique in social engineering is pretending to be someone or something you're not and hoping the security guard who's forgotten their reading glasses doesn't look too closely at your fake ID. Of course there's no hyperopic guard in the Windows OS, but we do have an ID card, the Access Token which proves our identity to the system and let's us access secured resources. The Windows kernel provides simple capabilities to identify fake Access Tokens, but sometimes...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
10
10.0
Oct 17, 2017
10/17
by
Black Hat
movies
eye 10
favorite 0
comment 0
by Kymberlee Price No More Free Bugs led to Bug Bounties, but some people believe that bug bounty hunters are low quality script kiddies and the most talented researchers aren't participating. The emergence of bug bounty programs is increasing the volume of vulnerability submissions, but how many of those can be found by running an automated scanning tool? Are any really critical bugs being found in the sea of clickjacking and weak password policy reports? How do you separate the signal from...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
30
30
Oct 17, 2017
10/17
by
Black Hat
movies
eye 30
favorite 0
comment 0
by Michael Ossmann Inspired by the contents of the leaked NSA ANT catalog, the NSA Playset project has produced an array of gadgets with capabilities similar to those employed by the spooks. I will review the entire collection since the start of the project. This includes new tools for USB, PCI Express, I2C, GSM, Bluetooth, and a family of RF retroreflectors for eavesdropping on a wide variety of electronic devices. Now you can play along with the NSA! Source:...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
25
25
Oct 17, 2017
10/17
by
Black Hat
movies
eye 25
favorite 0
comment 0
by Joshua Dalman & Valerie Hantke Research shows commercial spyware is becoming common place. These programs turn smartphones into effective spy tools and pose a threat to both smartphone users privacy and to corporate enterprises. Furthermore, the tools are sold and marketed as being completely undetectable to the users. We put that claim to the test. Source: https://www.youtube.com/watch?v=FNSjGsYsi-0 Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
37
37
Oct 17, 2017
10/17
by
Black Hat
movies
eye 37
favorite 0
comment 0
By Ross Anderson "The USA is starting to introduce EMV, the Europay-Mastercard-Visa system for making payments using chip cards instead of the old mag strip variety. EMV is already in wide use in Europe, and has started to appear in countries from Canada to India. In theory, smartcards should have reduced fraud by making bankcards much harder to copy and by enabling banks to authenticate users at the point of sale using PINs rather than signatures. The practice has been different. In...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
27
27
Oct 17, 2017
10/17
by
Black Hat
movies
eye 27
favorite 0
comment 0
by Leonard Bailey What would happen if Black Hat invited the Department of Justice (DOJ) to give us a better understanding of the Computer Fraud and Abuse Act (or "CFAA") and explain how federal prosecutors use it and the DOJ actually showed up? Attendees will hear directly from a Department of Justice's Computer Crime & Intellectual Property Section Prosecutor explaining the CFAA in plain English and breaking down the process for deciding whether to bring charges in federal...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
26
26
Oct 17, 2017
10/17
by
Black Hat
movies
eye 26
favorite 0
comment 0
by Alexandrea Mellen & John Moore & Artem Losev We consider the security of Square, Inc.'s mobile card-reading device, the Square Reader, across multiple models, as well as the associated Square Register app where relevant. In doing so, we identify a number of vulnerabilities in the device that allow both malicious merchants and third parties to initiate fraudulent transactions and, with minor device modification, skim credit card information of unsuspecting customers. We highlight that...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
22
22
Oct 17, 2017
10/17
by
Black Hat
movies
eye 22
favorite 0
comment 0
by Rodrigo Branco & Gabriel Negreira Barbosa & Eugene Rodionov & Alexander Matrosov Malware is acknowledged as an important threat and the number of new samples grows at an absurd pace. Additionally, targeted and so called advanced malware became the rule, not the exception. Analysts and companies use different degrees of automation to be able to handle the challenge, but there is always a gap. Reverse engineering is an even harder task due to the increased amount of work and the...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
26
26
Oct 17, 2017
10/17
by
Black Hat
movies
eye 26
favorite 0
comment 0
THIS IS DeepERENT: Tracking App Behaviors With (Nothing Changed) Phone For Evasive Android Malware by Yeongung Park & Jun Young Choi Malwares on Android platform are increasing every year by explosive growth over the years and it is a serious threat on Android platform. Many tools have been released in order to quickly analyze these malicious code. Depending on the appearance of analysis tools, Android Malwares have been applied to the anti-analysis techniques, such as packing, environment...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
26
26
Oct 17, 2017
10/17
by
Black Hat
movies
eye 26
favorite 0
comment 0
by Lei Long & Peng Xiao & Aimin Pan Fuzzing is the most common way of exploiting vulnerabilities, and IOKit is an ideal target in kernel extensions for fuzzing. The interfaces in IOKit use specific structures, such as IOExternalMethod, IOExternalMethodDispatch, to check the input parameters in various ways. Purely random inputs when fuzzing IOKit can hardly pass the interfaces' parameter checking, so that most of fuzzing data cannot reach the kernel IOUserClient subclass at all. Thus,...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
54
54
Oct 17, 2017
10/17
by
Black Hat
movies
eye 54
favorite 0
comment 0
By Dr. Stefan Lüders Since the 2010’s “Stuxnet” sabotage attempt, cyber-security of industrial control systems (ICS) or “SCADA” has become a buzzword in industry. The (cyber-)protection of the critical infrastructure became a focal point for governments. Vendors and manufacturers have pushed “Industrial Security” appliances onto the market, or claim that their products are now with “enhanced security”. A cacophony of standards have emerged, and certification schemes are...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
25
25
Oct 17, 2017
10/17
by
Black Hat
movies
eye 25
favorite 0
comment 0
By Anders Beitnes "OpenStack is an Open Source project that allows you to manage a cloud of VMs that has grown into a widely adopted platform. The issue with having a centralized Infrastructure As A Service (IAAS) is that if you compromise the management cluster you can attack everything it controls, which is a lot at Yahoo scale. How do you keep your OpenStack cluster safe? What do you do when a management system, hypervisor, or VM is compromised? This talk will discuss specific things...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
70
70
Oct 17, 2017
10/17
by
Black Hat
movies
eye 70
favorite 0
comment 0
by Tobias Zillner & Sebastian Strobl ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have, for example, a smart light bulb at home, the chance is very high that you are actually using ZigBee. Popular lighting applications, such as Philips Hue or Osram Lightify are based on this standard. Usually, IoT devices have very limited processing and energy resources, and therefore not capable of...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
44
44
Oct 17, 2017
10/17
by
Black Hat
movies
eye 44
favorite 0
comment 0
by Sofiane Talmat New generation Set Top Boxes (Satellite receivers) are embedded linux boxes offering all the features of any linux based machine, including wireless and network connectivities, this allowed hackers to crack most satellite DVB-CA encryption schemes promoting the apparition of a parallel black market for pay tv subscription at very low cost. In this engaging session, we will present a practical attack that will exploit human weakness, Satellite receivers design, used protocols...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
25
25
Oct 17, 2017
10/17
by
Black Hat
movies
eye 25
favorite 0
comment 0
By Rodrigo BSDaemon and Gabriel Negreira Barbosa "Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt attempts of disassembly, debugging or analyze in a...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
28
28
Oct 17, 2017
10/17
by
Black Hat
movies
eye 28
favorite 0
comment 0
By Lucas Zaichkowsky To most people, Point of Sale (POS) systems with integrated payment processing are a black box where magic happens. Financial criminals breach hundreds of merchants each year, displaying a better understanding of how these systems operate than the dealer technicians that install and maintain them. With an understanding of POS architecture, integrated payment processing, and weaknesses in the technology, security professionals can better protect local businesses, major...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
36
36
Oct 17, 2017
10/17
by
Black Hat
movies
eye 36
favorite 0
comment 0
by Suphannee Sivakorn & Jason Polakis The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2016, BlackHat
24
24
Oct 17, 2017
10/17
by
Black Hat
movies
eye 24
favorite 0
comment 0
by Bruce Potter & Sasha Wood As security and privacy concerns become an above the fold concern for the public at large and enterprises continue to grapple with targeted intrusions, cryptography is becoming a ubiquitous and necessary characteristic of modern IT systems. While the primitives and core algorithms are well understood, there are still numerous concerns regarding properly encrypting data that transcend decisions such as public vs. private key or key length. Underlying nearly every...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
14
14
Oct 17, 2017
10/17
by
Black Hat
movies
eye 14
favorite 0
comment 0
By Billy Rios Every day, millions of people go through airport security. While it is an inconvenience that could take a while, most are willing to follow the necessary procedures if it can guarantee their safety. Modern airport security checkpoints use sophisticated technology to help the security screeners identify potential threats and suspicious baggage. Have you ever wondered how these devices work? Have you ever wondered why an airport security checkpoint was set up in a particular...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
20
20
Oct 17, 2017
10/17
by
Black Hat
movies
eye 20
favorite 0
comment 0
by Zachary Hanif & Tamas Lengyel & George Webster Malicious file analysis is well beyond the days when the humble PE32 file was all researchers needed to contend with. The use of malicious PDF, Office, and other files present a far more diverse threat than our defensive tools were originally designed to handle. To make matters worse, the sheer volume of files over time to analyze presents a meaningful logistical problem which becomes increasingly complex as analytical methods move from...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
20
20
Oct 17, 2017
10/17
by
Black Hat
movies
eye 20
favorite 0
comment 0
by Andrea Barisani & Daniele Bianco Source: https://www.youtube.com/watch?v=lL6ZO7NL4YM Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
20
20
Oct 17, 2017
10/17
by
Black Hat
movies
eye 20
favorite 0
comment 0
By Stephen Breen "MDM solutions are ubiquitous in today's enterprise environment. They provide a way for security and IT departments to mitigate the risk of mobile malware and lost/stolen devices when personal devices are being used to access and store corporate resources. Like any other piece of software being deployed on a large scale, we need to ask the questions ""is it secure?"", ""what are the risks?""; because MDM is a security product itself,...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
69
69
Oct 17, 2017
10/17
by
Black Hat
movies
eye 69
favorite 0
comment 0
by Thomas Keenan Technology that identifies you by something you are is showing up in e-passports, laptop login screens, smart firearms and even consumer products, like the iPhone. Current generation systems generally use static biometric features, such as fingerprints, iris scans and facial recognition, either measured directly or mediated through a device, such as a smartphone. We are on the cusp of a revolution that will usher in dynamic (e.g. gestural, heart rhythm, gait analysis) and...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
28
28
Oct 17, 2017
10/17
by
Black Hat
movies
eye 28
favorite 0
comment 0
By Quynh Nguyen Anh "Disassembly framework is the fundamental component in all binary analysis, reversing, and exploit development. However, it is shameful that until the end of 2013, there was no single framework that can handle multi-architecture machine code with a friendly license. Especially, with the shift of the computer industry towards multi-platforms products, the lack of such a disassembly engine becomes serious and should be fixed as soon as possible. Unfortunately, at that...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, Black Hat, BlackHat
14
14
Oct 17, 2017
10/17
by
Black Hat
movies
eye 14
favorite 0
comment 0
By Dr. Igor Muttik and Alex Naishtut "Often a solution from one area helps solve problems in a completely different field. In this session, we will show you how Intel CPU improvements designed to speed up computations have boosted security by creating a flexible memory monitor capable of detecting and reversing unauthorized memory changes. Modern CPUs support the detection and resolution of memory conflicts between multiple threads that access the same data: This is called the...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
16
16
Oct 17, 2017
10/17
by
Black Hat
movies
eye 16
favorite 0
comment 0
By Matt Hathaway and Jeff Myers Compromised credentials are a key predatory weapon in the attackers arsenal, and this isn't changing in the foreseeable future. This talk will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. In closing, we will pick apart IoCs focused on Pass-the-Hash (PtH), while detailing more efficient detection techniques focused on misused, donated, or otherwise compromised credentials. Source:...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
30
30
Oct 17, 2017
10/17
by
Black Hat
movies
eye 30
favorite 0
comment 0
By Kymberlee Price and Jake Kouns Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
44
44
Oct 17, 2017
10/17
by
Black Hat
movies
eye 44
favorite 0
comment 0
By Rob Ragan and Oscar Salazar "What happens when computer criminals start using friendly cloud services for malicious activities? In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments. Oh! Also, we violate the hell out of some terms of service. We explore just how easy it is to generate massive amounts of unique email addresses; in order to register free trial accounts, deploy code, and...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
22
22
Oct 17, 2017
10/17
by
Black Hat
movies
eye 22
favorite 0
comment 0
by Collin Mulliner & Matthias Neugschwandtner Fighting off attacks based on memory corruption vulnerabilities is hard and a lot of research was and is conducted in this area. In our recent work we take a different approach and looked into breaking the payload of an attack. Current attacks assume that they have access to every piece of code and the entire platform API. In this talk, we present a novel defensive strategy that targets this assumption. We built a system that removes unused code...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
21
21
Oct 17, 2017
10/17
by
Black Hat
movies
eye 21
favorite 0
comment 0
By Alex Pinto "We could all have predicted this with our magical Big Data analytics platforms, but it seems that machine learning is the new hotness in Information Security. A great number of start-ups with 'cy' and 'threat' in their names that claim that their product will defend or detect more effectively than their neighbors' product ""because math."" And it should be easy to fool people without a PhD or two that math just works. Indeed, math is powerful and large...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
38
38
Oct 17, 2017
10/17
by
Black Hat
movies
eye 38
favorite 0
comment 0
by Peter Fillmore With all this talk about NFC payments (Apple Pay, Google Wallet, etc.), are there claims on your card that can't be cloned? What security mechanisms can prevent this? How can they be subverted to make fraudulent transactions? This talk answers these questions by taking you through how NFC payments work and how you can perform fraudulent transactions with just an off-the-shelf phone and a little bit of software. I'll take you through how you can clone common NFC payment cards;...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
49
49
Oct 17, 2017
10/17
by
Black Hat
movies
eye 49
favorite 0
comment 0
by Alexey Osipov & Alexander Zaitsev GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building....
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
17
17
Oct 17, 2017
10/17
by
Black Hat
movies
eye 17
favorite 0
comment 0
by Rob King Event correlation problems appear everywhere in information security and forensics: log analysis ("I'm seeing a lot of 404 errors from one range of IP addresses"), behavior detection ("That account may be compromised, he logged in twice from two different locations"), record linkage ("Is Jones, Robert the same as Bob Jones?"), and expert systems ("I have a system running Windows 7 Japanese Locale, with these hotfixes, what's my biggest security...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
16
16
Oct 17, 2017
10/17
by
Black Hat
movies
eye 16
favorite 0
comment 0
By Dan Rosenberg "TrustZone has emerged as a leading option for security-critical tasks on ARM devices. It has been billed as a ""100% secure solution"" for restricting access to sensitive device hardware components and securely storing highly privileged information. As a result, TrustZone is used on millions of mobile devices for diverse tasks including managing secure boot, storing DRM keys on behalf of digital content providers, supporting mobile payments, and...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
33
33
Oct 17, 2017
10/17
by
Black Hat
movies
eye 33
favorite 0
comment 0
by Sean Metcalf Kerberos "Golden Tickets" were unveiled by Alva "Skip" Duckwall & Benjamin Delpy in 2014 during their Black Hat USA presentation. Around this time, Active Directory (AD) admins all over the world felt a great disturbance in the Force. Golden Tickets are the ultimate method for persistent, forever AD admin rights to a network since they are valid Kerberos tickets and can't be detected, right? The news is filled with reports of breached companies and...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
14
14
Oct 17, 2017
10/17
by
Black Hat
movies
eye 14
favorite 0
comment 0
By Alaeddine Mesbahi and Arne Swinnen Lately, many popular anti-virus solutions claim to be the most effective against unknown and obfuscated malware. Most of these solutions are rather vague about how they supposedly achieve this goal, making it hard for end-users to evaluate and compare the effectiveness of the different products on the market. This presentation presents empirically discovered results on the various implementations of these methods per solution, which reveal that some...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
25
25
Oct 17, 2017
10/17
by
Black Hat
movies
eye 25
favorite 0
comment 0
by Daniel Mayer & Drew Suarez The number of mobile users has recently surpassed the number of desktop users, emphasizing the importance of mobile device security. In traditional browser-server applications, data tends to be stored on the server side where tight controls can be enforced. In contrast, many mobile applications cache data locally on the device thus exposing it to a number of new attack vectors. Moreover, locally stored data often includes authentication tokens that are,...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
26
26
Oct 17, 2017
10/17
by
Black Hat
movies
eye 26
favorite 0
comment 0
These Are Not Your Grand Daddy's CPU Performance Counters - CPU Hardware Performance Counters For Security by Nishad Herath & Anders Fogh CPU hardware performance counters allow us to do low latency performance measuring, without special runtime or compile time software instrumentation. It is said "advanced users often rely on those counters to conduct low-level performance analysis or tuning" according to Wikipedia. But is this all we can do? Maybe it is all that they were meant...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
27
27
Oct 17, 2017
10/17
by
Black Hat
movies
eye 27
favorite 0
comment 0
by Alejandro Mayorkas Deputy Secretary of the Department of Homeland Security, Alejandro Mayorkas, will discuss the challenges of information access in today's world. He will also describe the information sharing vision of DHS: is a future where cybersecurity information, such as indicators of specific cyber threats, is shared widely across the public and private sectors at machine-speed and in formats that can be immediately used for network defense. To achieve this goal, cyber threat...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
68
68
Oct 17, 2017
10/17
by
Black Hat
movies
eye 68
favorite 0
comment 0
by Christopher Kruegel & Yan Shoshitaishvili Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing amount of the things with which we interact every day have been replaced with embedded devices. These include previously non-electronic devices, such as locks, light switches, and utility meters (such as electric meters and water meters), as well as increasingly more complex and ubiquitous devices, such as network routers and...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat, Black Hat USA 2015
26
26
Oct 17, 2017
10/17
by
Black Hat
movies
eye 26
favorite 0
comment 0
By Mark Mateski and Matt Devost While it might be convenient to think of cyberadversaries as ones and zeros, the reality is that systems are attacked and defended by human beings. As a result, it is important to understand the role deception plays in network operations. This presentation draws upon traditional and emerging research on deception and associated game theories to help the audience understand how attackers might deceive them, how to recognize that deception, and how defenders can...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
