1. Events
  2. Black Hat USA 2018
Star 0

Talks

Title Humans
Playback: A TLS 1.3 Story Alejo Murillo Moya , Alfonso Garcia Alguacil , Cisco Systems
Remotely Attacking System Firmware Jesse Michael , Mickey Shkatov , Oleksandr Bazhaniuk , Eclypsium
Decompiler Internals: Microcode Ilfak Guilfanov , Hex-Rays SA
New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers Samuel Groß
Kernel Mode Threats and Practical Defenses Gabriel Landau , Joe Desimone , Endgame
Deep Dive into an ICS Firewall, Looking for the Fire Hole Benoit Camredon , Julien Lenoir , Airbus Group Innovations
ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? David Weston , Microsoft Corporation
SDL That Won't Break the Bank Steve Lipner , SAFECode
An Attacker Looks at Docker: Approaching Multi-Container Applications Wesley McGrew , HORNE Cyber
Stop that Release, There's a Vulnerability! Christine Gadsby , BlackBerry
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure Kevin Perlow
WebAssembly: A New World of Native Exploits on the Browser Justin Engler , Tyler Lukasiewicz , NCC GROUP
Lowering the Bar: Deep Learning for Side Channel Analysis Baris Ege , Guilherme Perin , Jasper van Woudenberg , Riscure
The Unbearable Lightness of BMC's Matias Sebastian Soler , Nico Waisman , Immunity, Inc.
Automated Discovery of Deserialization Gadget Chains Ian Haken , Netflix
Holding on for Tonight: Addiction in InfoSec Jamie Tomasello , Duo Security
From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it Sean Metcalf , Trimarc
For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems Leigh-Anne Galloway , Tim Yunusov , Positive Technologies
Hardening Hyper-V through Offensive Security Research Jordan Rabet , Microsoft Corporation
Detecting Credential Compromise in AWS William Bengtson , Netflix
A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme Ethan Heilman , Neha Narula , Boston University , Digital Currency Initiative
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous Liang Chen , Tencent Keen Security Lab
Mainframe [z/OS] Reverse Engineering and Exploit Development Chad Rikansrud , RSM Partners
Reversing a Japanese Wireless SD Card - From Zero to Code Execution Guillaume Valadon
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware Felipe Ducau , Richard Harang , Sophos
WireGuard: Next Generation Secure Network Tunnel Jason Donenfeld
Finding Xori: Malware Analysis Triage with Automated Disassembly Amanda Rousseau , Richard Seymour , Endgame, Inc.
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities Brad Geesaman
Legal Landmines: How Law and Policy are Rapidly Shaping Information Security Allison Bender , Amit Elazari , Jennifer Granick , Joseph Menn , Leonard Bailey , Paul Rosen , ZwillGen PLLC , UC Berkeley School of Law, Center for Long-Term Cybersecurity, UC Berkeley School of Information , American Civil Liberties Union , Thomson Reuters , U.S. Department of Justice , Crowell & Moring LLP
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina Bhargava Shastry , Dominik Maier , Vincent Ulitzsch , TU Berlin
Identity Theft: Attacks on SSO Systems Kelby Ludwig , Duo Security
Software Attacks on Hardware Wallets Alyssa Milburn , Sergei Volokitin , Riscure
A Deep Dive into macOS MDM (and How it can be Compromised) Jesse Endahl , Max Bélanger , Fleetsmith , Dropbox
Understanding and Exploiting Implanted Medical Devices Billy Rios , Jonathan Butts , Whitescope , QED
The Science of Hiring and Retaining Female Cybersecurity Engineers Ashley Holtz , CrowdStrike, Inc.
Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities Anders Fogh , Christopher Ertl , Matt Miller , G DATA Advanced Analytics , Microsoft Corporation
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies Alejandro Hernandez , IOActive, Inc.
None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service Wang Kang , Yi-Qun Hui , Alibaba Group Holding Limited , Tsinghua University
Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops Celeste Paul , Josiah Dykstra , National Security Agency
Black Box is Dead. Long Live Black Box! Aleksei Stennikov , Vladimir Kononovich , Positive Technologies
Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines Carsten Schuermann , IT University of Copenhagen
Stealth Mango and the Prevalence of Mobile Surveillanceware Andrew Blaich , Michael Flossman , Lookout
Real Eyes, Realize, Real Lies: Beating Deception Technologies Matan Hart , Cymptom
Open Sesame: Picking Locks with Cortana Amichai Shulman , Ron Marcovich , Tal Be'ery , Yuval Ron , Technion, Israel Institute of Technology , KZen Networks
The Finest Penetration Testing Framework for Software-Defined Networks Jinwoo Kim , Seungsoo Lee , Seungwon Shin , Seungwon Woo , KAIST
Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community Christian Dameff , Jay Radcliffe , University of California San Diego , Boston Scientific
A Dive in to Hyper-V Architecture & Vulnerabilities Joe Bialek , Nicolas Joly , Microsoft Corporation
The Finest Penetration Testing Framework for Software-Defined Networks Jinwoo Kim , Seungsoo Lee , Seungwon Shin , Seungwon Woo , KAIST
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre Art Manion , Christopher Robinson , Eric Doerr , Matt Linton , CERT/CC , Red Hat , Microsoft Corporation , Google Inc.
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies Andrei Costin , Jonas Zaddach , Firmware.RE , Cisco Talos Group
TLBleed: When Protecting Your CPU Caches is Not Enough Ben Gras , VU University
Last Call for SATCOM Security Ruben Santamarta , IOActive, Inc.
A Brief History of Mitigation: The Path to EL1 in iOS 11 Ian Beer , Google Inc.
AI & ML in Cyber Security - Why Algorithms are Dangerous Raffael Marty , Forcepoint
DeepLocker - Concealing Targeted Attacks with AI Locksmithing Dhilung Kirat , Jiyong Jang , Marc Ph. Stoecklin , IBM Research
The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet Alex Ionescu , Gabrielle Viala , Winsider Seminars & Solutions, Inc. , Quarkslab
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities Jimmy Su , Wei Wu , Xinyu Xing , JD security research center in Silicon Valley , Pennsylvania State University
Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims Cathal Smyth , Clare Gollnick , Royal Bank of Canada , Terbium Labs
Lessons and Lulz: The 4th Annual Black Hat USA NOC Report Bart Stump , Neil Wyler , Red Sky Solutions, LLC , RSA
SirenJack: Cracking a 'Secure' Emergency Warning Siren System Balint Seeber , Bastille
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking Louis Dion-Marcil , GoSecure
Don't @ Me: Hunting Twitter Bots at Scale Jordan Wright , Olabode Anise , Duo Security
How can Communities Move Forward After Incidents of Sexual Harassment or Assault? Makenzie Peterson , Hampshire College
Meltdown: Basics, Details, Consequences Daniel Gruss , Michael Schwarz , Moritz Lipp , Graz University of Technology
ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware Oliver Schranz , CISPA Helmholtz-Zentrum I.G.
Dissecting Non-Malicious Artifacts: One IP at a Time Dani Goland , Ido Naor , VirusBay , Kaspersky Lab
Compression Oracle Attacks on VPN Networks Ahamed Nafeez
CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment Aleksandr Timorin , Sergey Gordeychik , DarkMatter
Squeezing a Key through a Carry Bit Filippo Valsorda , Google Inc.
The Problems and Promise of WebAssembly Natalie Silvanovich , Google Inc.
Why so Spurious? How a Highly Error-Prone x86/x64 CPU "Feature" can be Abused to Achieve Local Privilege Escalation on Many Operating Systems Nemanja Mulasmajic , Nicolas Peterson
Applied Self-Driving Car Security Charlie Miller , Chris Valasek , Cruise Automation
How can Someone with Autism Specifically Enhance the Cyber Security Workforce? Casey Hurt , Dr. Stacy Thayer , Rhett Greenhagen , Department of Defense , McAfee
Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time Ian Harris , Marcel Carlsson , University of California, Irvine , Lootcore
So I became a Domain Controller Benjamin Delpy , Vincent Le Toux , ENGIE
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks Holly Stewart , Jugal Parikh , Randy Treit , Microsoft Corporation
Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots Hiroshi Suzuki , Minoru Kobayashi , Internet Initiative Japan Inc.
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! Orange Tsai , DEVCORE
Is the Mafia Taking Over Cybercrime? Jonathan Lusthaus , University of Oxford
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology Lee Christensen , Matt Graeber , SpecterOps
Outsmarting the Smart City Daniel Crowley , Jennifer Savage , Mauro Paredes , IBM X-Force Red , Threatcare
Another Flip in the Row Daniel Gruss , Michael Schwarz , Moritz Lipp , Graz University of Technology
AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries Kang Li , University of Georgia
Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives Christian Dameff , Jeffrey Tully , Maxwell Bland , University of California San Diego , University of California, San Diego
Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library Maddie Stone , Google Inc.
Fire & Ice: Making and Breaking macOS Firewalls Patrick Wardle , Digita Security
Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection Kingkane Malmquist , Mayo Clinic
Exploitation of a Modern Smartphone Baseband Marco Grassi , Muqing Liu , Tianyi Xie , Tencent Keen Security Lab
Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key Gianpaolo Russo , L Jean Camp , Sanchari Das , MITRE Corporation , Indiana University , Indiana University Bloomington
How I Learned to Stop Worrying and Love the SBOM Allan Friedman , NTIA / US Department of Commerce
There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently Alyssa Milburn , Marc Witteman , Niek Timmers , Nils Wiersma , Ramiro Pareja Veredas , Santiago Cordoba Pellicer , Riscure
Threat Modeling in 2018: Attacks, Impacts and Other Updates Adam Shostack , Shostack & Associates
Your Voice is My Passport Azeem Aqil , John Seymour , Salesforce
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever Andrea Carcano , Marina Krotofil , Younes Dragoni , Nozomi Networks
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Christian Dresen , Jens Müller , FH Münster , Ruhr University Bochum
The Air-Gap Jumpers Mordechai Guri , Ben-Gurion University of the Negev,
Snooping on Cellular Gateways and Their Critical Role in ICS Justin Shattuck , F5 Networks, Inc.
From Bot to Robot: How Abilities and Law Change with Physicality Brittany Postnikoff , Sara-Jayne Terp , Wendy Knox Everette , University of Waterloo , AppNexus , Leviathan Security Group
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers Aurélien Francillon , Giovanni Camurati , Marius Muench , Sebastian Poeplau , Tom Hayes , EURECOM
Demystifying PTSD in the Cybersecurity Environment Joe Slowik , Dragos, Inc.
Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering Matt Wixey , PwC
Practical Web Cache Poisoning: Redefining 'Unexploitable' James Kettle , PortSwigger Web Security
Back to the Future: A Radical Insecure Design of KVM on ARM Baibhav Singh , Rahul Kashyap , Samsung Research America , Cylance Inc
I, for One, Welcome Our New Power Analysis Overlords Colin O'Flynn , NewAE Technology, Inc.
Legal Liability for IOT Cybersecurity Vulnerabilities IJay Palansky , Armstrong Teasdale LLP
No Royal Road … Notes on Dangerous Game Mara Tam , River Loop Security
Breaking the IIoT: Hacking industrial Control Gateways Thomas Roth , leveldown security
Return of Bleichenbacher's Oracle Threat (ROBOT) Craig Young , Hanno Böck , Tripwire VERT
Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars Ling Liu , Sen Nie , Wenkai Zhang , Yuefeng Du , Tencent Keen Security Lab
InfoSec Philosophies for the Corrupt Economy Lawrence Munro , Trustwave SpiderLabs
Miasm: Reverse Engineering Framework Camille Mougey , Fabrice Desclaux , CEA
GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs Christopher Domas , Finite State
LTE Network Automation Under Threat Altaf Shaik , Ravishankar Borgaonkar , Technical University of Berlin and Kaitiaki Labs , Sintef Digital and Kaitiaki Labs
Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools Joshua Saxe , Sophos
Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths Jay Little , Trail of Bits
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator Alexei Bulazel , ForAllSecure
It's a PHP Unserialization Vulnerability Jim, but Not as We Know It Sam Thomas , Secarma Ltd
New Norms and Policies in Cyber-Diplomacy Christopher Painter , James Andrew Lewis , Jane Holl Lute , Jeff Moss , Global Commission on the Stability of Cyberspace
Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes Parisa Tabriz , Google Inc.