How to Rob a Bank Over the Phone - Lessons Learned and Real Audio from an Actual Social Engineering Engagement
|
Joshua Crumbaugh
,
PeopleSec
|
I Trust My Zombies: A Trust-Enabled Botnet
|
Emmanouil Vasilomanolakis
,
Max Mühlhäuser
,
Jan Helge Wolf
,
Leon Böck
,
Shankar Karuppayah
,
Technische Universität Darmstadt
,
Universiti Sains Malaysia
|
Locknote: Conclusions and Key Takeaways from Black Hat Europe 2017
|
Jeff Moss
,
Sharon Conheady
,
Andreas Lindh
,
Shawn Moyer
,
Global Commission on the Stability of Cyberspace
,
First Defence Information Security
,
Recurity Labs GmbH
,
Atredis Partners
|
Breaking Bad: Stealing Patient Data Through Medical Devices
|
Saurabh Harit
,
Spirent Communications
|
A Universal Controller to Take Over a Z-Wave Network
|
Loïc Rouch
,
Inria
|
Diplomacy and Combating Evolving International Cyber Threats
|
Chris Painter
|
Becoming You: A Glimpse into Credential Abuse
|
Sonia Burney
,
Brent Maynard
,
Akamai
|
The Apple of Your EFI: An Updated Analysis of the State of Apple's EFI Security Support
|
Rich Smith
,
Pepijn Bruienne
,
Duo Security
|
Heap Layout Optimisation for Exploitation
|
Sean Heelan
,
Vertex RE / University of Oxford
|
Ro(o)tten Apples: Vulnerability Heaven in the iOS Sandbox
|
Adam Donenfeld
,
Zimperium
|
Red Team Techniques for Evading Bypassing and Disabling MS Advanced Threat Protection and Advanced Threat Analytics
|
Chris Thompson
,
IBM X-Force Red
|
Security Through Distrusting
|
Joanna Rutkowska
,
Invisible Things Lab
|
Enraptured Minds: Strategic Gaming of Cognitive Mindhacks
|
Vladimir Kropotov
,
Fyodor Yarochkin
,
Lion Gu
,
Trend Micro, Inc.
|
Attacks Against GSMA's M2M Remote Provisioning
|
Maxime Meyer
,
Vade Secure
|
Inside Android's SafetyNet Attestation
|
Collin Mulliner
,
John Kozyrakis
,
MUlliNER.ORG
,
Synopsys
|
GDPR and Third Party JS - Can it be Done?
|
Avital Grushcovski
,
Source Defense
|
CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
|
Adrian Tang
,
Simha Sethumadhavan
,
Salvatore Stolfo
,
Columbia University
|
How to Hack a Turned-Off Computer or Running Unsigned Code in Intel Management Engine
|
Maxim Goryachy
,
Mark Ermolov
,
Positive Technologies
|
Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
|
Lillian Ablon
,
RAND Corporation
|
Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS
|
Ayoub Elaassal
,
PwC
|
CALDERA: Automating Adversary Emulation
|
Douglas Miller
,
Andy Applebaum
,
The MITRE Corporation
|
Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
|
Fernando Arnaboldi
,
IOActive, Inc.
|
Lost in Transaction: Process Doppelgänging
|
Tal Liberman
,
Eugene Kogan
,
enSilo Inc
|
Nation-State Moneymule's Hunting Season – APT Attacks Targeting Financial Institutions
|
Chi-en (Ashley) Shen
,
Kyoung-ju Kwak
,
Min-Chang Jang
,
Korea Financial Security Institute
,
KFSI (Korea Financial Security Institute) and Korea University
|
DIFUZZing Android Kernel Drivers
|
Aravind Machiry
,
Chris Salls
,
Yan Shoshitaishvili
,
Shuang Hao
,
Jake Corina
,
University of California, Santa Barbara
,
Arizona State University
,
University of Texas, Dalls
|
How Samsung Secures Your Wallet and How to Break It
|
HC MA
,
Tencent Security Xuanwu Lab
|
Intel ME: Flash File System Explained
|
Dmitry Sklyarov
,
Positive Technologies
|
Hiding Pin's Artifacts to Defeat Evasive Malware
|
Mario Polino
,
Andrea Continella
,
Sebastiano Mariani
,
Lorenzo Fontana
,
Stefano D'Alessio
,
Fabio Gritti
,
Stefano Zanero
,
Politecnico di Milano
|
Breaking Out HSTS (and HPKP) on Firefox IE/Edge and (Possibly) Chrome
|
Sheila Berta
,
Sergio De Los Santos
,
Eleven Paths
|
By-design Backdooring of Encryption System - Can We Trust Foreign Encryption Algorithms
|
Eric Filiol
,
Arnaud Bannier
,
ESIEA - Operational Cryptology and Virology Lab
|
Wi-Fi Direct to Hell: Attacking Wi-Fi Direct Protocol Implementations
|
Andrés Blanco
|
Passive Fingerprinting of HTTP/2 Clients
|
Elad Shuster
,
Ory Segal
,
Akamai Technologies
|
Key Reinstallation Attacks: Breaking the WPA2 Protocol
|
Mathy Vanhoef
,
imec-DistriNet, KU Leuven
|
Jailbreaking Apple Watch
|
Max Bazaliy
,
Lookout
|
The Spear to Break the Security Wall of S7CommPlus
|
Lei Cheng
,
NSFOCUS
|
Fed Up Getting Shattered and Log Jammed? A New Generation of Crypto is Coming
|
David Wong
,
NCC Group
|
Attacking NextGen Roaming Networks
|
Hendrik Schmidt
,
Daniel Mende
,
ERNW GmbH
|
Self-Verifying Authentication – A Framework for Safer Integrations of Single-Sign-On Services
|
Shuo Chen
,
Shaz Qadeer
,
Matt McCutchen
,
Phuong Cao
,
Ravishankar Iyer
,
Microsoft Research
,
Microsoft Corporation
,
Massachusetts Institute of Technology
,
University of Illinois at Urbana-Champaign
|
A Process is No One: Hunting for Token Manipulation
|
Jared Atkinson
,
Robby Winchester
,
SpecterOps
|
Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks
|
David Atch
,
George Lashenko
,
CyberX
,
CyberX Israel Ltd
|
BlueBorne - A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device
|
Ben Seri
,
Gregory Vishnepolsky
,
Armis
|
The Great Escapes of VMWare: A Retrospective Case Study of VMWare G2H Escape Vulnerabilities
|
Debasish Mandal
,
Yakun Zhang
,
McAfee
|
Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing
|
Antti Levomäki
,
Olli-Pekka Niemi
,
Forcepoint
|