Black Hat USA es el evento de seguridad de la información más importante del mundo, proporcionando a los asistentes lo último en investigación, desarrollo y tendencias. Todos los años asistentes de todas partes y de cualquier rubro, viajan a la conferencia para aprender lo último en ciberseguridad y hacking.
Este es su año 21° y ya han liberado los vídeos de las presentaciones:
- Black Hat USA 2018 Keynote: Parisa Tabriz
- How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
- Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
- Fire & Ice: Making and Breaking macOS Firewalls
- Practical Web Cache Poisoning: Redefining ‘Unexploitable’
- An Attacker Looks at Docker: Approaching Multi-Container Applications
- SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
- Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
- GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
- Finding Xori: Malware Analysis Triage with Automated Disassembly
- Miasm: Reverse Engineering Framework
- Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
- DeepLocker - Concealing Targeted Attacks with AI Locksmithing
- It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It
- Day Zero: A Road Map to #BHUSA 2018
- Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
- Return of Bleichenbacher’s Oracle Threat (ROBOT)
- An Attacker Looks at Docker: Approaching Multi-Container Applications
- Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
- The Finest Penetration Testing Framework for Software-Defined Networks
- Understanding and Exploiting Implanted Medical Devices
- Mainframe [z/OS] Reverse Engineering and Exploit Development
- Lowering the Bar: Deep Learning for Side Channel Analysis
- Hardening Hyper-V through Offensive Security Research
- SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
- Practical Web Cache Poisoning: Redefining ‘Unexploitable’
- IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
- SDL the Wont Break the Bank
- For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
- Last Call for SATCOM Security
- Exploitation of a Modern Smartphone Baseband
- Automated Discovery of Deserialization Gadget Chains
- Legal Liability for IOT Cybersecurity Vulnerabilities
- Another Flip in the Row
- How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
- Catch me, Yes we can! - Pwning Social Engineers
- Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
- Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
- Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
- Playback: A TLS 1.3 Story
- An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
- TLBleed: When Protecting Your CPU Caches is Not Enough
- None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
- So I became a Domain Controller
- WebAssembly: A New World of Native Exploits on the Browser
- Outsmarting the Smart City
- Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
- AI & ML in Cyber Security - Why Algorithms are Dangerous
- Stealth Mango and the Prevalence of Mobile Surveillanceware
- Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
- A Deep Dive into macOS MDM (and How it can be Compromised)
- Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
- GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
- Decompiler Internals: Microcode
- Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
- Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
- Kernel Mode Threats and Practical Defenses
- New Norms and Policies in Cyber-Diplomacy
- Snooping on Cellular Gateways and Their Critical Role in ICS
- Your Voice is My Passport
- Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
- Identity Theft: Attacks on SSO Systems
- The Science of Hiring and Retaining Female Cybersecurity Engineers
- Black Box is Dead. Long Live Black Box!
- Fire & Ice: Making and Breaking macOS Firewalls
- Demystifying PTSD in the Cybersecurity Environment
- The Problems and Promise of WebAssembly
- Real Eyes, Realize, Real Lies: Beating Deception Technologies
- ARTist - An Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
- Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
- Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
- Stop that Release, There’s a Vulnerability!
- Pwnie Awards
- Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
- Applied Self-Driving Car Security
- Is the Mafia Taking Over Cybercrime?
- AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
- Back to the Future: A Radical Insecure Design of KVM on ARM
- I, for One, Welcome Our New Power Analysis Overlords
- How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
- The Air-Gap Jumpers
- Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
- InfoSec Philosophies for the Corrupt Economy
- ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
- Breaking the IIoT: Hacking industrial Control Gateways
- Holding on for Tonight: Addiction in InfoSec
- Dissecting Non-Malicious Artifacts: One IP at a Time
- How I Learned to Stop Worrying and Love the SBOM
- Why so Spurious? Achieving Local Privilege Escalation on Operating Systems
- Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
- A Brief History of Mitigation: The Path to EL1 in iOS 11
- Squeezing a Key through a Carry Bit
- Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
- LTE Network Automation Under Threat
- Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
- From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
- Don’t @ Me: Hunting Twitter Bots at Scale
- Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
- WireGuard: Next Generation Secure Network Tunnel
- The Unbearable Lightness of BMC’s
- Meltdown: Basics, Details, Consequences
- Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
- Threat Modeling in 2018: Attacks, Impacts and Other Updates
- Deep Dive into an ICS Firewall, Looking for the Fire Hole
- Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
- No Royal Road … Notes on Dangerous Game
- Reversing a Japanese Wireless SD Card - From Zero to Code Execution
- Compression Oracle Attacks on VPN Networks
- Remotely Attacking System Firmware
- There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
- Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
- Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
- Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
- How TRITON Disrupted Safety Systems & Changed the Threat Landscape of Industrial Control Systems
- A Dive in to Hyper-V Architecture & Vulnerabilities
- KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
- From Bot to Robot: How Abilities and Law Change with Physicality
- Attacking Client-Side JIT Compilers
- Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
- Finding Xori: Malware Analysis Triage with Automated Disassembly
- Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
- Qualitative Look at Autonomous Peer Communication’s Impact on Organizational Phishing Detection
- Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware
- Detecting Credential Compromise in AWS
- Keynote: Optimistic Dissatisfaction with the Status Quo
Fuente: https://www.cyberhades.com