Лучшие доклады Black Hat USA 2016

Black Hat USA 2016 — конференция, собирающая вместе лучшие умы в области безопасности (хакеров и ЦРУшников), чтобы определить, в каком будущем мы будем жить. Что было в Вегасе, то остается в Вегасе. Но все же до нас дошли видеозаписи 120 докладов.

Я немного подсуетился и выбрал личный список топ-18 самых интересных докладов, которые, возможно, стоит перевести на русский и опубликовать на Хабре.

Социальная инженерия, DDoS, лингвистические особенности телефонных мошенников, страхование в области ИБ, Dragons&Dungeons для кибербезопасности, атаки по сторонним каналам, много (черного) юмора, дроны.
Предлагайте свои варианты, какой доклад самый интересный, может я что-то упустил.

Список от DARKreading 10 Hottest Talks at Black Hat USA 2016

• Advanced CAN Injection Techniques for Vehicle Networks
• Breaking FIDO: Are Exploits In There?
• Design Approaches for Security Automation
• Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks
• Windows 10 Mitigation Improvements
• The Linux Kernel Hidden Inside Windows 10
• 1000 Ways to Die in Mobile OAuth
• GATTacking Bluetooth Smart Devices—Introducing a New BLE Proxy Tool
• Into The Core—An In-Depth Exploration of the Windows 10 IoT Core
• A Lightbulb Worm?

How to Make People Click on a Dangerous Link Despite Their Security Awareness

слайды

Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud

слайды PDF

Drone Attacks on Industrial Wireless: A New Front in Cyber Security

слайды

Using Undocumented CPU Behavior to See Into Kernel Mode and Break Kaslr in the Process

слайды

Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools

слайды

1000 Ways to Die in Mobile Oauth

слайды

An Insider's Guide to Cyber-Insurance and Security Guarantees

слайды

Investigating DDOS — Architecture Actors and Attribution

Language Properties of Phone Scammers: Cyberdefense At the Level of the Human

слайды

The Tao of Hardware the Te of Implants

слайды

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter

слайды

Cyber War in Perspective: Analysis From the Crisis in Ukraine

слайды

Security Through Design — Making Security Better By Designing for People

слайды

Side-Channel Attacks on Everyday Applications

слайды

Dungeons Dragons and Security

слайды

VoIP Wars: the Phreakers Awaken

слайды

Defense At Hyperscale: Technologies and Policies for a Defensible Cyberspace

слайды

Brute-Forcing Lockdown Harddrive Pin Codes

слайды

Список всех докладов

Плейлист тут: Black Hat USA 2016 PlayList

1. Why This Internet Worked How We Could Lose It and the Role Hackers Play
2. A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land
3. The Art of Defense — How Vulnerabilities Help Shape Security Features and Mitigations in Android
4. Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud
5. Applied Machine Learning for Data Exfil and Other Fun Topics
6. Canspy: A Platform for Auditing Can Devices
7. Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization
8. Over the Edge: Silently Owning Windows 10's Secure Browser
9. How to Make People Click on a Dangerous Link Despite Their Security Awareness
10. Certificate Bypass: Hiding and Executing Malware From a Digitally Signed Executable
11. Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network
12. Drone Attacks on Industrial Wireless: A New Front in Cyber Security
13. Hackproofing Oracle Ebusiness Suite
14. Using Undocumented CPU Behavior to See Into Kernel Mode and Break Kaslr in the Process
15. Gattacking Bluetooth Smart Devices — Introducing a New BLE Proxy Tool
16. Measuring Adversary Costs to Exploit Commercial Software
17. Removing Roadblocks to Diversity
18. HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows
19. Memory Forensics Using Virtual Machine Introspection for Cloud Computing
20. Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
21. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
22. Towards a Holistic Approach in Building Intelligence to Fight Crimeware
23. Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root
24. The Remote Malicious Butler Did It!
25. Xenpwn: Breaking Paravirtualized Devices
26. PWNIE
27. An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits
28. Understanding HL7 2.X Standards, Pen Testing, and Defending HL7 2.X Messages
29. 1000 Ways to Die in Mobile Oauth
30. A Retrospective on the Use of Export Cryptography
31. Windows 10 Segment Heap Internals
32. Abusing Bleeding Edge Web Standards for Appsec Glory
33. AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
34. Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
35. Augmenting Static Analysis Using Pintool: Ablation
36. An Insider's Guide to Cyber-Insurance and Security Guarantees
37. Cunning With Cng: Soliciting Secrets From Schannel
38. Beyond the Mcse: Active Directory for the Security Professional
39. Does Dropping Usb Drives in Parking Lots and Other Places Really Work?
40. Demystifying the Secure Enclave Processor
41. I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
42. Breaking Payment Points of Interaction (POI)
43. Into the Core: In-Depth Exploration of Windows 10 IoT Core
44. Hacking Next-Gen Atms: From Capture to Cashout
45. Can You Trust Me Now? An Exploration Into the Mobile Threat Landscape
46. Investigating DDOS — Architecture Actors and Attribution
47. Intra-Process Memory Protection for Applications on ARM and X86: Leveraging the ELF ABI
48. Capturing 0Day Exploits With Perfectly Placed Hardware Traps
49. Next-Generation of Exploit Kit Detection By Building Simulated Obfuscators
50. HTTP/2 & Quic — Teaching Good Protocols to Do Bad Things
51. Pwning Your Java Messaging With Deserialization Vulnerabilities
52. Language Properties of Phone Scammers: Cyberdefense At the Level of the Human
53. Recover a RSA Private Key From a TLS Session With Perfect Forward Secrecy
54. The Linux Kernel Hidden Inside Windows 10
55. O-Checker: Detection of Malicious Documents Through Deviation From File Format Specifications
56. The Tao of Hardware the Te of Implants
57. Access Keys Will Kill You Before You Kill the Password
58. Hell on Earth: From Browser to System Compromise
59. Discovering and Exploiting Novel Security Vulnerabilities in Apple Zeroconf
60. BadWPAD
61. Breaking Kernel Address Space Layout Randomization (Kaslr) With Intel TSX
62. Airbnbeware: Short Term Rentals Long Term Pwnage
63. Account Jumping Post Infection Persistency & Lateral Movement in AWS
64. Captain Hook: Pirating Avs to Bypass Exploit Mitigations
65. Hardening AWS Environments and Automating Incident Response for AWS Compromises
66. Crippling HTTPs With Unholy PAC
67. Horse Pill: A New Type of Linux Rootkit
68. Design Approaches for Security Automation
69. Greatfet: Making Goodfet Great Again
70. SGX Secure Enclaves in Practice: Security and Crypto Review
71. Using EMET to Disable EMET
72. Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter
73. Viral Video — Exploiting Ssrf in Video Converters
74. AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
75. Windows 10 Mitigation Improvements
76. Brute-Forcing Lockdown Harddrive Pin Codes
77. Building a Product Security Incident Response Team: Learnings From the Hivemind
78. Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
79. Cyber War in Perspective: Analysis From the Crisis in Ukraine
80. Breaking Fido: Are Exploits in There?
81. Security Through Design — Making Security Better By Designing for People
82. Iran's Soft-War for Internet Dominance
83. Side-Channel Attacks on Everyday Applications
84. The Risk From Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack
85. Unleash the Infection Monkey: A Modern Alternative to Pen-Tests
86. OSS Security Maturity: Time to Put on Your Big Boy Pants!
87. Watching Commodity Malware Get Sold to a Targeted Actor
88. PanGu 9 Internals
89. A Lightbulb Worm?
90. BadTunnel: How Do I Get Big Brother Power?
91. PLC-Blaster: A Worm Living Solely in the PLC
92. A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges
93. Dungeons Dragons and Security
94. The Year in Flash
95. Dark Side of the DNS Force
96. VoIP Wars: the Phreakers Awaken
97. Keystone Engine: Next Generation Assembler Framework
98. Pindemonium: A DBI-Based Generic Unpacker for Windows Executable
99. Web Application Firewalls: Analysis of Detection Logic
100. Defense At Hyperscale: Technologies and Policies for a Defensible Cyberspace
101. Crumbling the Supercookie and Other Ways the Fcc Protects Your Internet Traffic
102. Advanced Can Injection Techniques for Vehicle Networks
103. What's the DFIRence for ICS?
104. Samsung Pay: Tokenized Numbers Flaws and Issues
105. Breaking Hardware-Enforced Security With Hypervisors
106. Behind the Scenes of iOS Security
107. HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
108. Ouroboros: Tearing Xen Hypervisor With the Snake
109. Dptrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes
110. TCP Injection Attacks in the Wild — a Large Scale Study
111. The Art of Reverse Engineering Flash Exploits
112. Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks
113. Using An Expanded Cyber Kill Chain Model to Increase Attack Resiliency
114. When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists
115. An Ai Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network
116. User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
117. Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?
118. Building Trust & Enabling Innovation for Voice Enabled IoT
119. The Beast Within — Evading Dynamic Malware Analysis Using Microsoft.com
120. Handling Technical Assistance Demands From Law Enforcement

Статьи «по мотивам» выступлений на русском

Вы нашли флешку. Стоит ли ее использовать?
Does Dropping Usb Drives in Parking Lots and Other Places Really Work?
слайды

Исследователь нашел бреши в платежной системе Samsung Pay, но Samsung все отрицает
Samsung Pay: Tokenized Numbers, Flaws and Issues
слайды

---

Поддержка публикации — компания Edison, которая разрабатывает приложение для проектирования быстровозводимых домов, а так же пишет софт для диспетчеризации большегрузного транспорта на угольном разрезе.

Автор: Edison

Источник