Skip to main content

Black Hat Conference



rss RSS

508
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
By Mark Jaycox ""'We failed to connect the dots. And so, we had to come up with a way of helping to stop attacks.'" - General Keith B. Alexander, Former Director of NSA, at Black Hat USA 2013. There's been lot of hyperbole and misinformation about the NSA's collection of Americans' phone calls, emails, address books, buddy lists, calling records, online video game chats, financial documents, browsing history, video chats, text messages, and calendar data. Currently, a debate...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Black Hat Conference
movies

eye 31

favorite 0

comment 0

by Matt Molinyawe & Jasiel Spelman & Abdul-Aziz Hariri & Joshua Smith The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state of the art in software exploitation. Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plugin. In most cases, these privileges were attained by exploiting the Microsoft Windows or Apple OS X kernel. Kernel exploitation using the browser as an initial...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
by Black Hat
movies

eye 480

favorite 0

comment 0

by Yuan Tian & Eric Chen & Shuo Chen & Yutong Pei & Robert Kotcher & Patrick Tague OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. However, the protocol has been significantly repurposed and re-targeted over the years: (1) all major identity providers, e.g., Facebook, Google and Microsoft, have re-purposed OAuth for user...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 72

favorite 0

comment 0

By Thomas Ptacek and Big Ol Al "Over the past year, more than 10,000 people participated in the Matasano crypto challenges, a staged learning exercise where participants implemented 48 different attacks against realistic cryptographic constructions. In the process, we collected crypto exploit code in dozens of different languages, ranging from X86 assembly to Haskell. With the permission of the participants, we've built a ""Rosetta Code"" site with per-language...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
by Black Hat
movies

eye 27

favorite 0

comment 0

By Brad Antoniewicz IEEE 802.1x has been leveraged for a long time for authentication purposes. Up until this point, little has been done to help researchers expose vulnerabilities within the systems that implement the protocol. In this talk, we'll dissect IEEE 802.1x, its surrounding protocols (RADIUS/EAP), provide testing tools, and detail a number of vulnerabilities identified in popular supporting systems. We'll wrap up demonstrating a vulnerability within a RADIUS server that allows for...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2014, Black Hat
Black Hat Conference
movies

eye 47

favorite 2

comment 0

by Alvaro Munoz & Oleksandr Mirosh JNDI (Java Naming and Directory Interface) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services such as RMI, CORBA, LDAP, or DNS. This talk will present a new type of vulnerability named "JNDI Reference Injection" found on malware samples attacking Java Applets (CVE-2015-4902). The same principles can be applied to attack web applications...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
by Black Hat
movies

eye 15

favorite 0

comment 0

By Nir Valtman Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer's and software-vendor's perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done in order to minimize this threat. During this...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
by Black Hat
movies

eye 32

favorite 0

comment 0

by Colin O'Flynn Could a worm spread through a smart light network? This talk explores the idea, and in particular dives into the internals of the Philips Hue smart light system, and details what security has been deployed to prevent this. Examples of hacking various aspects of the system are presented, including how to bypass encrypted bootloaders to read sensitive information. Details on the firmware in multiple versions of the Philips Hue smart lamps and bridges are discussed. This talk...
Topics: Youtube, video, People & Blogs, Black Hat USA 2016, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 37

favorite 0

comment 0

By Daniel Brodie and Michael Shaulov "The secure BYOD hype is growing and Virtual Desktop Infrastructure (VDI) is considered the alternative solution for secure containers. In a nutshell, VDI solutions provide a remote workstation offering so that no data is stored locally. We decided to examine the architecture and see for ourselves whether VDI delivers on its security promise. In this engaging session, we demonstrate a proof-of-concept attack where a malicious app leverages screen...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, Black Hat, BlackHat
Black Hat Conference
movies

eye 29

favorite 0

comment 0

by David Adrian TLS has experienced three major vulnerabilities stemming from "export-grade" cryptography in the last year---FREAK, Logajm, and Drown. Although regulations limiting the strength of cryptography that could be exported from the United States were lifted in 1999, and export ciphers were subsequently deprecated in TLS 1.1, Internet-wide scanning showed that support for various forms of export cryptography remained widespread, and that attacks exploiting export-grade...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
By Josh Saxe "The millions of unique malicious binaries gathered in today's white-hat malware repositories are connected through a dense web of hidden code-sharing relationships. If we could recover this shared-code network, we could provide much needed context for and insight into newly observed malware. For example, our analysis could leverage previous reverse engineering work performed on a new malware sample's older ""relatives,"" giving important context and...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 33

favorite 0

comment 0

By Charlie Miller and Chris Valasek Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes. Unfortunately, research has only been presented on three or four particular vehicles. Each manufacturer designs...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 40

favorite 0

comment 0

by Nikhil Mittal In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI) which is designed to target script-based attacks and malware. Script-based attacks have been lethal for enterprise security and with advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written in PowerShell, VBScript, JScript etc. and drastically improves detection and blocking rate of malicious scripts. When a piece of code is submitted for execution to the...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 28

favorite 0

comment 0

By Frankie Li Advanced Persistent Threat (APT) attacks are highly organized and are launched for prolonged periods. APT attacks exhibit discernible attributes or patterns. In order to maintain the command and control (c2) network redundant, APT attacks are generally embedded with multiple DNS names. An intuitive view is that APT attackers keep and control a high number of DNS-IP address pairs. Most of existing malware attribution works placed great emphasis on grouping the technological or...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 48

favorite 0

comment 0

by Alexei Bulazel AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract fingerprints from AV emulators that may be used by malware to detect that it is being analyzed and subsequently evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, process introspection, and CPU emulator "red pills." Emulator fingerprints may be...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
by Black Hat
movies

eye 24

favorite 0

comment 0

By Jonathan Spring, Paul Vixie, and Christopher Hallenbeck "Consumer Premise Equipment (CPE) has become common, nearly ubiquitous, home and small office attire. Many homes have a router/modem device that mediates access between home devices and the ISP. Abuse of these devices is particularly problematic both because the owner has difficulty interfacing with (and fixing) the device and because the static code provided by the vendor is generally rotted (and vulnerable) by the time the...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 16

favorite 0

comment 0

by Bryant Zadegan & Ryan Lester Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 70

favorite 0

comment 0

By Alva Duckwall and Benjamin Delpy "Microsoft Active Directory uses Kerberos to handle authentication requests by default. However, if the domain is compromised, how bad can it really be? With the loss of the right hash, Kerberos can be completely compromised for years after the attacker gained access. Yes, it really is that bad. In this presentation Skip Duckwall, @passingthehash on twitter and Benjamin Delpy, @gentilkiwi on twitter and the author of Mimikatz, will demonstrate just how...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 23

favorite 0

comment 0

By Byoungyoung Lee, Yeongjin Jang, and Tielei Wang "The primary goal of ASLR is to effectively randomize a program's memory layout so that adversaries cannot easily infer such information. As ASLR is a critical defense against exploitation, there have been tremendous efforts to evaluate the mechanism's security. To date, previous attacks that bypass ASLR have focused mostly on exploiting memory leak vulnerabilities, or abusing non-randomized data structures. In this presentation, we...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2014
Black Hat Conference
movies

eye 23

favorite 0

comment 0

by Brian Gorenc & Abdul-Aziz Hariri & Simon Zuckerbraun In the Summer of 2014, Microsoft silently introduced two new exploit mitigations into Internet Explorer with the goal of disrupting the threat landscape. These mitigations increase the complexity of successfully exploiting a use-after-free vulnerability. June's patch (MS14-035) introduced a separate heap, called Isolated Heap, which handles most of the DOM and supporting objects. July's patch (MS14-037) introduced a new strategy...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Black Hat Conference
movies

eye 39

favorite 0

comment 0

by Matthew Graeber Imagine a technology that is built into every Windows operating system going back to Windows 95, runs as System, executes arbitrary code, persists across reboots, and does not drop a single file to disk. Such a thing does exist and it's called Windows Management Instrumentation (WMI). With increased scrutiny from anti-virus and 'next-gen' host endpoints, advanced red teams and attackers already know that the introduction of binaries into a high-security environment is subject...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
by Black Hat
movies

eye 31

favorite 0

comment 0

by Fernando Arnaboldi Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Black Hat Conference
movies

eye 24

favorite 0

comment 0

by Loic Simon AWS users, whether they are devops in a startup or system administrators tasked with migrating an enterprise service into the cloud, interact on a daily basis with the AWS APIs, using either the web console or tools such as the AWS CLI to manage their infrastructure. When working with the latter, authentication is done using long-lived access keys that are often stored in plaintext files, shared between developers, and sometimes publicly exposed. This creates a significant...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 33

favorite 0

comment 0

by Dan Amiga & Dor Knafo The widespread adoption of AWS as an enterprise platform for storage, computing and services makes it a lucrative opportunity for the development of AWS focused APTs. We will cover pre-infection, post-infection and advanced persistency techniques on AWS that allows an attacker to access staging and production environments, as well as read and write data and even reverse its way from the cloud to the the corporate datacenter. This session will cover several methods...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 33

favorite 0

comment 0

by Yulong Zhang & Tao Wei Although 0-day exploits are dangerous, we have to admit that the largest threat for Android users are kernel vulnerabilities that have been disclosed but remain unfixed. Having been in the spotlight for weeks or even months, these kernel vulnerabilities usually have clear and stable exploits; therefore, underground businesses commonly utilize them in malware and APTs. The reason for the long periods of remaining unfixed is complex, partly due to the time-consuming...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 54

favorite 0

comment 0

by Charlie Miller & Chris Valasek The end goal of a remote attack against a vehicle is physical control, usually by injecting CAN messages onto the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, she may not be able to disable the brakes or turn the steering wheel unless the car she is driving meets certain...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 46

favorite 1

comment 0

by Olivier Thomas Hardware attacks are often overlooked since they are generally considered to be complex and resource intensive. However certain industries, such as pay TV, are plagued by piracy and hardware counterfeits. The threat of piracy was so great that pay TV manufacturers were forced to create extensive countermeasures to protect their smartcards in the field. One of the most effective countermeasures is to implement parts or all of their proprietary algorithms in hardware. To analyze...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
movies

eye 61

favorite 0

comment 0

by Alexey Osipov & Alexander Zaitsev GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building....
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
by Black Hat
movies

eye 56

favorite 0

comment 0

by Wen Xu In recent months, we focus on bug hunting to achieve root on android devices. Our kernel fuzzing, leaded by @wushi, generated a lot of crashes and among them, we found a kernel Use-After-Free bug which lies in all versions of Linux kernel and we successfully take advantage of it to root most android devices on the market nowadays, even for the 64-bit ones. We leverage this bug to root whatever android devices of whatever brands. And also we are the first one in the world, as far as we...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Black Hat Conference
movies

eye 21

favorite 0

comment 0

by Jeremy Galloway What's scarier, letting HD Moore rent your house and use your home network for day or being the very next renter that uses that network? With the colossal growth of the vacation rental market over the last five years (AirBnb, HomeAway), travellers are now more vulnerable than ever to network based attacks targeted at stealing personal information or outright pwnage. In 2006, the security industry desperately warned of the dangers of using public Wi-Fi at coffee shops. In...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2016, BlackHat
by Konstantin Berlin In recent years, cyber defenders protecting enterprise networks have started incorporating malware code sharing identification tools into their workflows. These tools compare new malware samples to a large databases of known malware samples, in order to identify samples with shared code relationships. When unknown malware binaries are found to share code "fingerprints" with malware from known adversaries, they provides a key clue into which adversary is generating...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 21

favorite 0

comment 0

by Patrick Gage Kelley Many critical communications now take place digitally, but recent revelations demonstrate that these communications can often be intercepted. To achieve true message privacy, users need end-to-end message encryption, in which the communications service provider is not able to decrypt the content. Historically, end-to-end encryption has proven extremely difficult for people to use correctly, but recently tools like Apple's iMessage and Google's End-to-End have made it more...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 44

favorite 0

comment 0

by Jeremiah Grossman $75 billion. That's the amount of money businesses, governments, and individuals pay every year to security companies. While some security companies provide good value, the reality is the number of incidents are still getting worse and more frequent. Hundreds of millions of people have had their personal information stolen, businesses all over the world are losing intellectual property, and financial fraud is in the billions of dollars. These stories are constant, seemingly...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 31

favorite 0

comment 0

by Rafal Wojtczuk In Windows 10, Microsoft introduced virtualization-based security (VBS), the set of security solutions based on a hypervisor. In this presentation, we will talk about details of VBS implementation and assess the attack surface - it is very different from other virtualization solutions. We will focus on the potential issues resulting from the underlying platform complexity (UEFI firmware being a primary example). Besides a lot of theory, we will also demonstrate actual...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 43

favorite 0

comment 0

By Jeff Forristal "The team that discovered the Android MasterKey vulnerability in 2013 is here to present another new Android vulnerability with widespread impact: a flaw in Android application handling, allowing malicious applications to escape the normal application sandbox and get special security privileges without any user notification. This can lead to a malicious application having the ability to steal user data, recover passwords and secrets, or in certain cases, compromise the...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 16

favorite 0

comment 0

by Adrian Ludwig The world of security is riddled with assumptions and guesses. Using data collected from hundreds of millions of Android devices, we'll establish a baseline for the major factors driving security in the Android ecosystem. This will help provide direction for the issues that we think will benefit the most from security community attention and research contributions. Source: https://www.youtube.com/watch?v=aBWh7izacqg Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, BlackHat, Black Hat
Black Hat Conference
movies

eye 30

favorite 0

comment 0

by Matt Wolff & Brian Wallace & Xuan Zhao Machine learning techniques have been gaining significant traction in a variety of industries in recent years, and the security industry is no exception to it's influence. These techniques, when applied correctly, can help assist in many data driven tasks to provide interesting insights and decision recommendations to analyst. While these techniques can be powerful, for the researchers and analyst who are not well versed in machine learning,...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 26

favorite 0

comment 0

by Ralf-Philipp Weinmann The majority of deployed asymmetric cryptography implementations (RSA, DH, ECDH/ECDSA with GF(p) curves) need to perform calculations on integers that are larger than a single machine word. Just like every software package, implementations of multi-precision integer arithmetic sometimes have bugs. This talk investigates the implications of these bugs and shows how they can be used by attackers to exploit asymmetric cryptographic primitives. Isolating bug patterns and...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Black Hat Conference
by Black Hat
movies

eye 22

favorite 0

comment 0

by Natalie Silvanovich The dynamic nature of ECMAScript allows for functions and properties to be redefined in a variety of ways - even functions that are vital for internal functionality of the ECMAScript engine. This presentation explores the problems that can arise from ECMAScript redefinition. It goes through the various ways that functions and properties can be redefined in different ECMAScript implementations and describes several vulnerabilities we found as a result of these methods. It...
Topics: Youtube, video, People & Blogs, Black Hat USA 2015, Black Hat, BlackHat
Black Hat Conference
movies

eye 35

favorite 0

comment 0

by Yuriy Bulygin & Alexander Matrosov & Mikhail Gorobets & Oleksandr Bazhaniuk In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware, such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines. We...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
movies

eye 32

favorite 0

comment 0

By Andreas Lindh "While there has certainly been some interesting research into the security of mobile broadband modems, or ""dongles,"" in the past, it has almost exclusively focused on novel attacks such as buffer overflows over text message, attacks on the device's file system, and other advanced approaches. The level of skill and effort required to execute such an attack reduces the potential number of attackers, but there are easier ways to monetize from attacking...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Black Hat Conference
movies

eye 71

favorite 0

comment 0

by Changhoon Yoon & Seungsoo Lee Software-Defined Networking (SDN), by decoupling the control logic from the closed and proprietary implementations of traditional network devices, allows researchers and practitioners to design new innovative network functions/protocols in a much easier, more flexible, and powerful way. This technology has gained significant attentions from both industry and academia, and it is now at its adoption stage. When considering the adoption of SDN, the security...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 18

favorite 0

comment 0

by Paul Mehta Ablation is a tool built to extract information from a process as it executes. This information is then imported into the disassembly environment where it used to resolve virtual calls, highlight regions of code executed, or visually diff samples. The goal of Ablation is to augment static analysis with minimal overhead or user interaction. C++ binaries can be a real pain to audit sometimes due to virtual calls. Instead of having to reverse class, object, and inheritance...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 48

favorite 0

comment 0

by Laura Bell It will not be a surprise to you that of all the elements within our organisations and systems, the people are most likely to expose us to risk. In short we are a mess of emotional unpredictablity that threaten us all (and security professionals are the worst of the bunch). Many very clever people have spent a long time teaching us this. This is not news. So if this is the case, why in 20 years of modern information security have we done so little to actively protect them?...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat, Black Hat USA 2015
Black Hat Conference
by Black Hat
movies

eye 40

favorite 0

comment 0

by Dan Hubbard & Andree Toonk BGP is the fabric of routing on the Internet today. There are approximately half a million routes on the Internet originated by about 50,000 unique Autonomous Systems. On a typical day there are thousands of changes and although the vast majority of these are simply planned routing changes, configuration updates, and network additions there are signals in the noise that can be detected as nefarious. Throughout the last couple years there have been several large...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Black Hat Conference
movies

eye 24

favorite 0

comment 0

By Davi Oppenheimer We are meant to measure and manage data with more precision than ever before using Big Data. But companies are getting Hadoopy often with little or no consideration of security. Are we taking on too much risk too fast? This session explains how best to handle the looming Big Data risk in any environment. Better predictions and more intelligent decisions are expected from our biggest data sets, yet do we really trust systems we secure the least? And do we really know why...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 29

favorite 0

comment 0

by James Denaro & Matthew Green Governments are demanding backdoor access to encrypted data - particularly on mobile devices and in the cloud - as strong encryption becomes commonplace. Governments fear going dark with encryption hindering criminal and national security investigations. Privacy advocates have opposed backdoors since the 1990s and the battle is heating up again, this time on a global scale. Backdoors have also been criticized as making systems inherently less secure. Current...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
movies

eye 31

favorite 0

comment 0

by Vincent Tan The global market for Bring Your Own Device (BYOD) and enterprise mobility is expected to quadruple in size over the next four years, hitting $284 billion by 2019. BYOD software is used by some of the largest organizations and governments around the world. Barclays, Walmart, AT&T, Vodafone, United States Department of Homeland Security, United States Army, Australian Department of Environment and numerous other organizations, big and small, all over the world. Enterprise...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
by Black Hat
movies

eye 31

favorite 0

comment 0

by Yang Yu This presentation will introduce a new threat model. Based on this threat model, we found a flaw in the Windows system. It affects all Windows released in the last two decades, including Windows 10. It also has a very wide range of attacks surface. The attack can be performed on all versions of Internet Explorer, Edge, Microsoft Office, many third-party software, USB flash drives, and even Web server. When this flaw is triggered, YOU ARE BEING WATCHED. We will also show you how to...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 65

favorite 0

comment 0

USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe - until now. This talk introduces a new form of malware that operates from controller chips inside USB devices. USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user. We demonstrate a full system compromise from...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
by Black Hat
movies

eye 34

favorite 0

comment 0

by Maxim Goncharov WPAD (Web Proxy Auto Discovery) is a protocol that allows computers to automatically discover Web proxy configurations. It is primarily used in networks where clients are only allowed to communicate to the outside through a proxy. The WPAD protocol has been around for almost 20 years (RFC draft 1999-07-28), but has well-known risks to it that have been largely ignored by the security community. This session will present the results of several experiments highlighting the...
Topics: Youtube, video, People & Blogs, Black Hat, BlackHat
Black Hat Conference
movies

eye 19

favorite 0

comment 0

By Edmond Rogers, Will Rogers, and Gabe Weaver The recently open sourced Cyber Physical Topology Language (CPTL) has allowed cyber defenders the capability of building tools to provide metrics for estimation of a security state. This provides a metric that can be used to assess the ongoing security status of data network. Using CPTL's framework, monitoring data from any arbitrary tool can be imported through standard data gathering methods such as syslog and SNMP queries. The toolkit...
Topics: Youtube, video, People & Blogs, Black Hat USA 2014, BlackHat, Black Hat
Black Hat Conference
movies

eye 21

favorite 0

comment 0

by Alex Ionescu In Windows 10, Microsoft is introducing a radical new concept to the underlying OS architecture, and likely the biggest change to the NT design since the decision to move the GUI in kernel-mode. In this new model, the Viridian Hypervisor Kernel now becomes a core part of the operating system and implements Virtual Secure Machines (VSMs) by loading a true microkernel - a compact (200kb) NT look-alike with its own drivers called the Secure Kernel Mode (SKM) environment, which then...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
movies

eye 46

favorite 0

comment 0

Behind The Mask: The Agenda, Tricks, And Tactics Of The Federal Trade Commission As They Regulate Cybersecurity by Michael Daugherty While the FTC, FCC and Homeland Security joust over who is going to regulate the internet, Michael J. Daugherty will rivet you about his blood in the water battle with the Federal Trade Commission over their relentless investigation into LabMD's data security practices showing you what they do to those who dare not "go along to get along." This is an...
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2015, BlackHat
Black Hat Conference
by Black Hat
movies

eye 44

favorite 1

comment 0

by Ivan Krstic With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10. HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data –...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2016, Black Hat
Black Hat Conference
movies

eye 179

favorite 0

comment 0

by Sean Metcalf Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities. This means that both Red and Blue teams need to have a better understanding of Active Directory, it's security, how it's attacked, and how best to align defenses. This presentation covers key Active Directory components which are critical for security professionals to know in order to defend AD. Properly securing the enterprise means identifying...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat
Black Hat Conference
movies

eye 30

favorite 0

comment 0

by Morgan Marquis-Boire, Marion Marschalek, Claudio Guarnieri The security industry focus on state-sponsored espionage is a relatively recent phenomenon. Since the Aurora Incident brought nation-state hacking into the spotlight, there's been high profile reports on targeted hacking by China, Russia, U.S.A, Israel, to name a few. This has lead to the rise of a lucrative Threat intelligence business, propelling marketing and media campaigns and fueling political debate. This talk will cover the...
Topics: Youtube, video, People & Blogs, BlackHat, Black Hat USA 2015, Black Hat
Black Hat Conference
movies

eye 40

favorite 0

comment 0

By Daniel Chechik, Ben Hayak, and Orit Kravitz Chechik A mysterious vulnerability from 2011 almost made the Bitcoin network collapse. Silk Road, MTGox, and potentially many more trading websites claim to be prone to "Transaction Malleability." We will shed some light and show in practice how to exploit this vulnerability. Source: https://www.youtube.com/watch?v=bmxu3r_CUKE Uploader: Black Hat
Topics: Youtube, video, People & Blogs, Black Hat, Black Hat USA 2014, BlackHat
Black Hat Conference
movies

eye 61

favorite 0

comment 0

The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons they are developing are different from any other kind of weapon we've ever seen, and we are now seeing the very beginning of the next arms race. By Mikko Hypponen Source: https://www.youtube.com/watch?v=l2rIVdpMToM Uploader: Black Hat
Topics: Youtube, video, Travel & Events, Black Hat, Black Hat Asia, Black Hat Asia 2019, Black Hat...
Black Hat Conference
by Black Hat
movies

eye 13

favorite 0

comment 0

Day 2 Keynote Source: https://www.youtube.com/watch?v=SyVN5r31EE4 Uploader: Black Hat Upload date: 2013-10-03
Topics: Youtube, video, Education, Black, Hat, Briefings
Black Hat Conference
by Black Hat
movies

eye 62

favorite 0

comment 0

Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone by Alex Stamos, Facebook CSO Since the first Black Hat conference 20 years ago, the security community, industry and the world have changed to the point that it’s time to re-examine whether we’re living up to our responsibilities and potential. Long gone are the days when “hacking” conjured up a sense of mischief and light-heartedness, with limited risks and harm. The harsh reality...
Topics: Youtube, video, Travel & Events, Black Hat USA, Black Hat USA 2017, Alex Stamos, Black Hat...
Black Hat Conference
by HackersSecurity
movies

eye 31

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=VXahve8yRbo Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 17

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=UwUz5I29hPY Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 25

favorite 1

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=EDBtJhQlr_0 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 74

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=r1eB-N8vFP0 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 22

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=Da-Myzf-tyI Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 35

favorite 2

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=Ri_siD84sig Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 34

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=spxRpatVqQ8 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 21

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=7buA1wtKT6w Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 18

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=x4FSIW3r_IU Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat 2012, blackhat hacking, blackhat, blackhat...
Black Hat Conference
by HackersSecurity
movies

eye 32

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=UMa9659DXXw Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 24

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=84jXy1XSK78 Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 37

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=RWcdjyMldtI Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 27

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=QFXmRsnt_Zo Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...
Black Hat Conference
by HackersSecurity
movies

eye 22

favorite 0

comment 0

Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ Source: https://www.youtube.com/watch?v=7UA1IYAKNJI Uploader: HackersSecurity
Topics: Youtube, video, Science & Technology, blackhat usa, blackhat 2012, blackhat hacking, blackhat,...