- 2 607
- 12 823 380
Black Hat
Приєднався 31 лип 2013
Black Hat is the most technical and relevant information security event series in the world. For more than 25 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.
From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.
Відео
Startup Spotlight Competition at Black Hat
Переглядів 1,3 тис.Місяць тому
The Startup Spotlight Competition at Black Hat returns for 2024. Submit your 5-minute video pitch by June 12 to enter for the chance to exhibit in Startup City at Black Hat USA and present your product/service to Black Hat Judges and our live audience. Learn more here: www.blackhat.com/us-24/spotlight.html #cybersecurity #infosec #blackhat #bhusa #startup
Locknote: Conclusions and Key Takeaways from Day 2
Переглядів 9762 місяці тому
At the end of day two, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 2 of the conference and how these trends will impact future InfoSec strategies. By: Jeff Moss, Ali Abbasi , Jiska Classen , ...
Locknote: Conclusions and Key Takeaways from Day 1
Переглядів 5812 місяці тому
At the end of day one, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 1 of the conference and how these trends will impact future InfoSec strategies. By: Jeff Moss, Daniel Cuthbert , Meadow Elli...
Keynote: My Lessons from the Uber Case
Переглядів 2,8 тис.2 місяці тому
In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him.... Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine ...
Keynote: Industrialising Cyber Defence in an Asymmetric World
Переглядів 1,4 тис.2 місяці тому
In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the challenge and need before going on to discuss possible approaches and the research challenges which underpin them and continue to remain unanswered. By:...
The Black Hat Europe Network Operations Center (NOC) Report
Переглядів 1,1 тис.2 місяці тому
Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of...
My Invisible Adversary: Burnout
Переглядів 2,8 тис.2 місяці тому
It seems that lately, Burnout is an invisible member of every operational security team. Attackers grow more capable every year, the attacks faster and harder, and regulations even more strict about how quickly and completely your team must perform its mission. With the growing complexity of battle and so much on the line in defending users, operational response teams are under more stress than...
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility
Переглядів 8832 місяці тому
...How do you go about fully understanding what cryptography you have, how it is used and if it's good or bad? This was the question we started to ask ourselves and set about trying to answer using static analysis tools such as GitHub's CodeQL. Given how we all rely heavily on open-source projects, we set about scanning the top 1000 GitHub open-source projects to identify insecure cryptographic...
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38
Переглядів 1,1 тис.2 місяці тому
...In this talk we will analyze the global view of spoofing from Cloudflare, to understand IP spoofing on network-layer DoS attacks, and analyze geographic, longitudinal and network-specific characteristics of spoofing sources. We developed and applied IP spoofing detection techniques on three months of network-layer DoS traces, and used the insights to understand where and why BCP38 is most ur...
Collide+Power: The Evolution of Software-based Power Side-Channels Attacks
Переглядів 8912 місяці тому
Power side channels exploit leakage that is fundamentally a result of how we build processors. Over the recent years, these attacks evolved to target general-purpose desktop and server CPUs purely from software. In this talk, we explore this evolution to its most recent addition: Collide Power, a novel technique to exploit the fundamental way we share components in modern general-purpose CPUs. ...
Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure
Переглядів 8882 місяці тому
A security researcher submits their vulnerability report to an open source project (when they can find a confidential way to do so!). That launches several events in the affected project. In this talk, Marta will explain the reasons behind typical reactions. The main part will focus on common myths, misunderstandings, and communication errors that arise in these situations. The goal is to foste...
New Techniques for Split-Second DNS Rebinding
Переглядів 1,5 тис.2 місяці тому
...In this talk, I will present two new techniques that can be used to achieve reliable, split-second DNS rebinding in Chrome, Edge, and Safari on hosts with IPv6 access, along with a method to bypass Chrome's restrictions on requests to the local network. I will also walk through a real-world attack against a web application resulting in AWS credentials to demonstrate how achievable rebinding ...
Something Rotten in the State of Data Centers
Переглядів 8 тис.2 місяці тому
...This talk details our findings in the data center device management domain, showcasing the most impactful vulnerabilities and exploits unearthed in our broader effort to investigate the security of critical data center components. Specifically, we will reveal 8 critical vulnerabilities across two common data center appliances: a popular DDI solution and a KVM. Continuing, we delve into the t...
When The Front Door Becomes a Backdoor: The Security Paradox of OSDP
Переглядів 8832 місяці тому
Ever imagined that the modern Physical Access Control Systems (PACS) at the front door of your facility could actually serve as an entry point into your internal IP network? Surprisingly, this is not as far-fetched as it seems. In this talk, we will demonstrate how to go through doors, protected with the latest advancements in building access control security - both physically and digitally. We...
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
Переглядів 2,2 тис.2 місяці тому
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools
Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead
Переглядів 1,2 тис.2 місяці тому
Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
Переглядів 7143 місяці тому
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers
One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials
Переглядів 1,4 тис.3 місяці тому
One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials
Off The Record - Weaponizing DHCP DNS Dynamic Updates
Переглядів 1,8 тис.3 місяці тому
Off The Record - Weaponizing DHCP DNS Dynamic Updates
Breaching the Perimeter via Cloud Synchronized Browser Settings
Переглядів 8053 місяці тому
Breaching the Perimeter via Cloud Synchronized Browser Settings
Hiding in the Clouds: Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules
Переглядів 1,7 тис.3 місяці тому
Hiding in the Clouds: Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules
Vulnerabilities in Old Third-Party Software Components- Importance of Having SBoM for IoT/OT Devices
Переглядів 1,7 тис.3 місяці тому
Vulnerabilities in Old Third-Party Software Components- Importance of Having SBoM for IoT/OT Devices
Indirect Prompt Injection Into LLMs Using Images and Sounds
Переглядів 1,1 тис.3 місяці тому
Indirect Prompt Injection Into LLMs Using Images and Sounds
VoBERT: Unstable Log Sequence Anomaly Detection: Introducing Vocabulary-Free BERT
Переглядів 8103 місяці тому
VoBERT: Unstable Log Sequence Anomaly Detection: Introducing Vocabulary-Free BERT
HODOR: Reducing Attack Surface on Node.js via System Call Limitation
Переглядів 5453 місяці тому
HODOR: Reducing Attack Surface on Node.js via System Call Limitation
How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks
Переглядів 2,4 тис.3 місяці тому
How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks
Unmasking APTs: An Automated Approach for Real-World Threat Attribution
Переглядів 1,5 тис.3 місяці тому
Unmasking APTs: An Automated Approach for Real-World Threat Attribution
Calling all Cybersecurity Pros! Join Us at Black Hat USA 2024 at the Mandalay Bay.
Переглядів 46 тис.3 місяці тому
Calling all Cybersecurity Pros! Join Us at Black Hat USA 2024 at the Mandalay Bay.
Extremely captivating!
I feel like the e=0 efficiency joke at the beginning did not get enough laughs. Here's an extra LOL on me: 🤣
This really should be a much bigger scandal than it is.
I'm glad you are on 'our side' - Ha, ha, ha, ha..... ;-)
If audience is any indicator, BH USA is a hell of a lot more fun than BH EU.
good information, helpful video
Why not dissassemble with nanoscope ?
22:26 ok this part genuinely looks like what you would see in hollywood movies
I discover this talk and love it some ten years after.
Great video you are the MAN Matt😁
When you mentioned _"came in with a B-210"_ ... I'm just old enough to think of a certain 1970s era *Datsun* (before it was rebranded as _"Nissan'.)_ Now all we need is for someone to hack _Microsoft Flight Simulator_ to import realtime ADS-B data ...
That encryption scheme - maybe the _”Puzzle Palace”_ should take notes … Just kidding - sort of. Or maybe .. it’s so _”ridiculous”_ that it might be useful because no one would suspect such a naive implementation. (Or use something _”super secure”,_ like *ROT13.)*
NOW on LIFE SUPPORT: All militia, governments, supremacists, and communists: Cease and desist all malicious use of AI against myself and my family. We are not your property
They aren't secret, they are just side effects of the hardware.
WHITEDUMPS thanks for put me thru with apple method + cc-fullz, I was able to hit easily without op required glad on easy cash out steps you walk me thru. hit twice and still hitting
It's obvious that you dont know what you are talking about... but anyway, hope you have learned anything during the joureny. Please tell what qVSDC is in terms of EMV
Found this after lot of digging after 9 years
Is this still valid? Calling over Wifi was deprecated some time in 2021 am I right?
Still my favourite talk
Very good research. Thank you!
that a important information given by you SIR ....thankyou
Great content🔥
34:16 - Not entirely true. You can actually use `PAGE_READWRITE` during the mem alloc phase, write the code and then switch the permission to `PAGE_EXECUTE_READ` using `VirtualProtectEx`. This method provides you with a RW buffer for data copy which becomes an RX buffer for execution. By the way, malfind is dependent on `vadinfo` plugin, `vadinfo` shows the original protection only, meaning you'll not see the `PAGE_EXECUTE_READ` memory segment, so there's that. EDIT: Props to Monnappa for this demonstration. Not many people have the guts to demonstrate and explain such topics.
Cool!
such simple presemtation. loved it
what the fuck is this.
16:06
29:29 BOOKmark
Is there a Adguard or Pihole blocklist for the domain's of pegasus so Day2Day users can have a extra (Little) layer of protection against them?
24:14 bookmark
Would be interested to see how the first phase was done, how the "light bulb" strings are actually generated, I get they are different function calls but what the process looks like and the tools used and how it's actually done would be good to see!
Is it possible to get the sample you are analyzing ?
05:00
Up
"Intel has a 95% market share" - oh boy did that not age well 😅
Oh hell yea
Interesting. Even if this is more than 2 decades old, it's still applicable today.
Very insightful session. Thanks a lot!
Cat tries to eat plushy fish: 80mio views in two days Very good in-depth talk about the technologies that run our world that are still valuable years later:
All militia, governments, white supremacists, and communists: Cease and desist all malicious use of AI against myself and my family. We are not your property.
Am from Pakistan 🎉
I love My heroes ❤
I'm suffering terrorism issues in Sudbury Ontario they are using SSL or tsl packets and illegal communications or even Pegasus.
I'm suffering terrorism issues in Sudbury Ontario they are using SSL or tsl packets and illegal communications.
I'm suffering terrorism issues in Sudbury Ontario they are using SSL or tsl packets and illegal communications.
Great talk
ayoooo
i am late af
Best memory forensics presentation ever! Thank you sir!
a good idea about treat definder
legend