Presentaciones de Black Hat y DEFCON 2017

Black Hat USA 2017
Ya están disponible las presentaciones de Black Hat USA 2017:- Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
- ‘Ghost Telephonist’ Link Hijack Exploitations in 4G LTE CS Fallback
- (in)Security in Building Automation: How to Create Dark Buildings with Light Speed
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
- Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
- Adventures in Attacking Wind Farm Control Networks
- All Your SMS & Contacts Belong to ADUPS & Others
- An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
- And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
- Attacking Encrypted USB Keys the Hard(ware) Way
- Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
- Automated Testing of Crypto Software Using Differential Fuzzing
- AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
- Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC
- Betraying the BIOS: Where the Guardians of the BIOS are Failing
- Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
- Blue Pill for Your Phone
- Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
- Bot vs. Bot for Evading Machine Learning Malware Detection
- Break
- Breakfast (Sponsored by FireEye McAfee Qualys & Tenable Network Security)
- Breaking Electronic Door Locks Like You’re on CSI: Cyber
- Breaking the Laws of Robotics: Attacking Industrial Robots
- Breaking the x86 Instruction Set
- Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets
- Bug Collisions Meet Government Vulnerability Disclosure
- Business Hall Welcome Reception (Sponsored by Forcepoint McAfee LogRhythm & Tenable Network Security)
- Challenges of Cooperation Across Cyberspace
- Champagne Toast (Sponsored by ESET North America Fidelis Cybersecurity Fortinet Leidos Palo Alto Networks Raytheon & Symantec)
- Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
- Coffee Service
- Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface
- Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
- Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale
- Defeating Samsung KNOX with Zero Privilege
- Delivering Javascript to World+Dog
- Developing Trust and Gitting Betrayed
- Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
- Don’t Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
- Electronegativity - A Study of Electron Security
- Escalating Insider Threats Using VMware’s API
- Evading Microsoft ATA for Active Directory Domination
- Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
- Evilsploit – A Universal Hardware Hacking Toolkit
- Evolutionary Kernel Fuzzing
- Exploit Kit Cornucopia
- Exploiting Network Printers
- Fad or Future? Getting Past the Bug Bounty Hype
- Fighting Targeted Malware in the Mobile Ecosystem
- Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
- Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
- FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
- Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
- Free-Fall: Hacking Tesla from Wireless to CAN Bus
- Friday the 13th: JSON Attacks
- Game of Chromes: Owning the Web with Zombie Chrome Extensions
- Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data
- Go Nuclear: Breaking Radiation Monitoring Devices
- Go to Hunt Then Sleep
- Hacking Hardware with a $10 SD Card Reader
- Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More
- Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening
- How We Created the First SHA-1 Collision and What it Means for Hash Security
- Hunting GPS Jammers
- Ice Cream Social (Sponsored by Code42 Software Core Security Cybereason Darktrace F5 Networks iboss Malwarebytes & Optiv Security)
- Ichthyology: Phishing as a Science
- Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid
- Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
- Influencing the Market to Improve Security
- Intel AMT Stealth Breakthrough
- Intel SGX Remote Attestation is Not Sufficient
- Intercepting iCloud Keychain
- IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
- kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
- Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
- Lunch Break (Sponsored by Cisco Forcepoint LogRhythm & RSA)
- Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
- Mimosa Bar (Sponsored by AlienVault Arbor Networks Carbon Black CrowdStrike Cylance DarkMatter Digital Guardian & IBM)
- Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network
- New Adventures in Spying 3G and 4G Users: Locate Track & Monitor
- Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
- Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
- OpenCrypto: Unchaining the JavaCard Ecosystem
- Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software
- PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond
- Practical Tips for Defending Web Applications in the Age of DevOps
- Protecting Pentests: Recommendations for Performing More Secure Tests
- Protecting Visual Assets: Digital Image Counter-Forensics
- Pwnie Awards
- Quantifying Risk in Consumer Software at Scale - Consumer Reports’ Digital Standard
- RBN Reloaded - Amplifying Signals from the Underground
- Real Humans Simulated Attacks: Usability Testing with Attack Scenarios
- Redesigning PKI to Solve Revocation Expiration and Rotation Problems
- Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
- rVMI: A New Paradigm for Full System Analysis
- ShieldFS: The Last Word in Ransomware Resilient File Systems
- Skype & Type: Keystroke Leakage over VoIP
- Smoothie Social (Sponsored by Bromium Proofpoint Inc. Rapid7 SentinelOne Trend Micro Webroot StackPath & Tanium)
- So You Want to Market Your Security Product…
- Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
- Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
- SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers’ Lives Much Harder on Mobile Networks
- Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller
- Taking Over the World Through MQTT - Aftermath
- Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update
- The Active Directory Botnet
- The Adventures of AV and the Leaky Sandbox
- The Art of Securing 100 Products
- The Avalanche Takedown: Landslide for Law Enforcement
- The Epocholypse 2038: What’s in Store for the Next 20 Years
- The Future of ApplePwn - How to Save Your Money
- The Industrial Revolution of Lateral Movement
- The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
- The Shadow Brokers – Cyber Fear Game-Changers
- They’re Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
- Tracking Ransomware End to End
- Web Cache Deception Attack
- Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
- What They’re Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs
- What’s on the Wireless? Automating RF Signal Identification
- When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
- White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data
- Why Most Cyber Security Training Fails and What We Can Do About it
- WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
- Wire Me Through Machine Learning
- WSUSpendu: How to Hang WSUS Clients
- Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
DEFCON 25
La Edición 25 de DEFCON se acaba de celebrar y ya tienes también acceso a las presentaciones:- 5A1F/
- Cheng Lei/
- Denton Gentry/
- Dimitry Snezhkov/
- Dor Azouri/
- Duncan Woodbury and Nicholas Haltmeyer/
- Itzik Kotler and Amit Klein/
- Josh Pitts/
- Mark Newlin Logan Lamb and Christopher Grayson/
- Matt Knight and Marc Newlin/
- Matt Suiche/
- Morten Schenk/
- Phillip Tully and Michael Raggo/
- Romain Coltel and Yves Le Provost/
- Steinthor Bjarnason and Jason Jones/
- Tomer Cohen/
- 0ctane-Untrustworthy-Hardware.pdf
- Alvaro-Munoz-JSON-attacks.pdf
- Andrew-Robbins-and-Will-Schroeder-An-Ace-Up-The-Sleeve.pdf
- Artem-Kondratenko-Cisco-Catalyst-Exploitation.pdf
- Ayoul3-Dealing-the-Perfect-Hand-Shuffling-memory-blocks-on-zOS.pdf
- Caleb-Madrigal-IOT-Hacking-With-SDR.pdf
- Chris-Thompson-MS-Just-Gave-The-Blue-Teams-Tactical-Nukes.pdf
- Christopher-Domas-Breaking-The-x86-ISA.pdf
- Cincvolflt-Inside-The-Meet-Desai-Attack.pdf
- Damien-Cauquil-Weaponizing-the-BBC-MicroBit.pdf
- Daniel-Bohannon-and-Lee-Holmes-Revoke-Obfuscation.pdf
- Datko-and-Quartier-Breaking-Bitcoin-Hardware-Wallets.pdf
- Dhia-Mahjoub-and-Thomas-Mathew-Malicious-CDNs-Identifying-Zbot-Domains-en-Masse.pdf
- Foofus-Secret-Tools-Learning-About-Gov-Surveillance-Software.pdf
- Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks-Course-Guide.pdf
- Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks-Lab-Setup-Guide.pdf
- Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks.pdf
- Gerald-Steere-and-Sean-Metcalf-Hacking-the-Cloud.pdf
- Gil-Cohen-Call-The-Plumber-You-Have-A-Leak-In-Your-(named)-Pipe.pdf
- Gus-Frischie-and-Evan-Teitelman-Backdooring-the-Lottery.pdf
- Hanno-Boeck-Abusing-Certificate-Transparency-Logs.pdf
- Haoqi-Shan-and-Jian-Yuan-Man-in-the-NFC.pdf
- Hernandez-Richards-MacDonald-Evoy-Tracking-Spies-in-the-Skies.pdf
- Hyrum-Anderson-Evading-Next-Gen-AV-Using-AI.pdf
- Ilja-van-Sprundel-BSD-Kern-Vulns.pdf
- Inbar-and-Eden-Story-of-Early-Israeli-Hacking-Community.pdf
- Jason-Staggs-Breaking-Wind-Hacking-Wind-Farm-Control-Networks.pdf
- Jesse-Michael-and-Mickey-Shkatov-Driving-Down-the-Rabbit-Hole.pdf
- Jhaddix-HUNT-Data-Driven-Web-Hacking-and-Manual-Testing.pdf
- Jim-Nitterauer-DNS-Devious-Name-Services-Destroying-Privacy-Anonymity-Without-Your-Consent.pdf
- Joe-Rozner-Wiping-Out-CSRF.pdf
- Karit-ZX-Security-Using-GPS-Spoofing-To-Control-Time.pdf
- Konstantinos-Karagiannis-Hacking-Smart-Contracts.pdf
- Lee-Holmes-Attacking-Battle-Hardened-Windows-Server.pdf
- Marina-Simakov-and-Igal-Gofman-Here-to-stay-Gaining-persistence-by-abusing-auth-mechanisms.pdf
- Matt-Wixey-See-No-Evil-Hear-No-Evil.pdf
- Max-Bazaliy-Jailbreaking-Apple-Watch.pdf
- Mikhail-Sosonkin-Hacking-Travel-Routers-Like-1999.pdf
- Min-Spark-Zheng-macOS-iOS-Kernel-Debugging.pdf
- Nathan-Seidle-Open-Source-Safe-Cracking-Robots.pdf
- Omar-Eissa-Attacking-Autonomic-Networks.pdf
- Orange-Tsai-A-New-Era-of-SSRF-Exploiting-URL-Parser-in-Trending-Programming-Languages.pdf
- Owen-Snide-Phone-System-Testing-and-other-fun-tricks.pdf
- Patrick-DeSantis-From-Box-to-Backdoor-Using-Old-School-Tools.pdf
- Patrick-Wardle-Offensive-Malware-Analysis-Fruit-Fly.pdf
- Plore-Popping-a-Smart-Gun.pdf
- Professor-Plum-Digital Vengeance-Exploiting-Notorious-Toolkits.pdf
- Roger-Dingledine-Next-Generation-Tor-Onion-Services.pdf
- Ryan-Baxendale-Microservices-and-FaaS-for-Offensive-Security.pdf
- Salvador-Mendoza-Exploiting-0ld-Magstripe-Info-with-New-Technology.pdf
- Scott-Behrens-and-Jeremy-Heffner-Starting-The-Avalanche-Application-DoS-In-Microservice-Architectures.pdf
- Slava-Makkaveev-and-Avi-Bashan-Unboxing-Android.pdf
- Stephan-Huber-and-Seigfried-Rasthofer-Password-Manager-Investigation.pdf
- Suggy-Sumner-Rage-Against-The-Weaponized-AI-Propaganda-Machine.pdf
- Svea-Eckert-Andreas-Dewes-Dark-Data.pdf
- Tess-Schrodinger-Total-Recall.pdf
- Tomer-Cohen-Game-Of-Chromes-Owning-The-Web-With-Zombie-Chrome-Extensions-WP.pdf
- Tomer-Cohen-Game-Of-Chromes-Owning-The-Web-With-Zombie-Chrome-Extensions.pdf
- Vasillios-Mavroudis-Trojan-Tolerant-Hardware.pdf
- Weston-Hecker-Opt-Out-or-Deauth-Trying.pdf
- Whitney-Merrill-and-Terrell-McSweeny-Tick-Tick-Boom-Tech-and-the-FTC.pdf
- William-Knowles-Persisting-With-Microsoft-Office.pdf
- XlogicX-Assembly-Language-Is-Too-High-Level.pdf
- Yuwei-Zheng-UnicornTeam-Ghost-Telephonist.pdf
- chaosdata-Ghost-in-the-Droid-ParaSpectre.pdf
- r00killah-and-securelyfitz-Secure-Tokin-and-Doobiekeys.pdf
- skud-and-Sky-If-You-Give-A-Mouse-A-Microchip.pdf
- spaceB0x-Exploiting-Continuous-Integration.pdf
- zerosum0x0-alephnaught-Koadic-C3.pdf
0 Comments:
Publicar un comentario
Gracias por dejar un comentario en Segu-Info.
Gracias por comentar!