Ya está disponible el material de BlackHat USA 2014


Ya sabéis que la conferencia BlackHat de EE.UU. es uno de los eventos de seguridad más importantes del año. Una agenda superapretada, con ponencias incluso simultáneas, retos, mesas redondas, polémicas y temáticas fascinantes, etc. 

Seguro que algún año tendré la determinación necesaria (y podré tener ahorrado lo suficiente) para volar a Las Vegas en esas fechas, pero hasta entonces, podré seguir disfrutando de sus presentaciones y whitepapers :):


  1. Cybersecurity as Realpolitik


    1. 48 Dirty Little Secrets Cryptographers Don’t Want You To Know
    2. 802.1x and Beyond!
    3. A Journey to Protect Points-of-Sale
    4. A Practical Attack Against VDI Solutions
    5. A Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks Over Millions of Malicious Binaries
    6. A Survey of Remote Automotive Attack Surfaces
    7. Abuse of CPE Devices and Recommended Fixes
    8. Abusing Microsoft Kerberos: Sorry You Guys Don’t Get It
    9. Abusing Performance Optimization Weaknesses to Bypass ASLR
    10. Android FakeID Vulnerability Walkthrough

  1. APT Attribution and DNS Profiling
  2. Attacking Mobile Broadband Modems Like a Criminal Would
  3. Babar-ians at the Gate: Data Protection at Massive Scale
  4. Badger – The Networked Security State Estimation Toolkit
  5. BadUSB – On Accessories that Turn Evil
  6. Bitcoin Transaction Malleability Theory in Practice
  7. Breaking the Security of Physical Devices
  8. Bringing Software Defined Radio to the Penetration Testing Community
  9. Building Safe Systems at Scale – Lessons from Six Months at Yahoo
  10. Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering
  11. Capstone: Next Generation Disassembly Framework
  12. Catching Malware En Masse: DNS and IP Style
  13. Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol
  14. CloudBots: Harvesting Crypto Coins Like a Botnet Farmer
  15. Computrace Backdoor Revisited
  16. Contemporary Automatic Program Analysis
  17. Creating a Spider Goat: Using Transactional Memory Support for Security
  18. Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8.1
  19. Defeating the Transparency Feature of DBI
  20. Digging for IE11 Sandbox Escapes
  21. Dynamic Flash Instrumentation for Fun and Profit
  22. Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread
  23. Evasion of High-End IPS Devices in the Age of IPv6
  24. Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
  25. Exposing Bootkits with BIOS Emulation
  26. Extreme Privilege Escalation on Windows 8/UEFI Systems
  27. Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
  28. Fingerprinting Web Application Platforms by Variations in PNG Implementations
  29. From Attacks to Action – Building a Usable Threat Model to Drive Defensive Choices
  30. Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware
  31. Governments As Malware Authors: The Next Generation
  32. GRR: Find All the Badness, Collect All the Things
  33. Hacking the Wireless World with Software Defined Radio – 2.0
  34. How Smartcard Payment Systems Fail
  35. How to Leak a 100-Million-Node Social Graph in Just One Week? – A Reflection on Oauth and API Design in Online Social Networks
  36. How to Wear Your Password
  37. I Know Your Filtering Policy Better than You Do: External Enumeration and Exploitation of Email and Web Security Solutions
  38. ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop
  39. Internet Scanning – Current State and Lessons Learned
  40. Investigating PowerShell Attacks
  41. It Just (Net)works: The Truth About iOS 7’s Multipeer Connectivity Framework
  42. Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment
  43. Leviathan: Command and Control Communications on Planet Earth
  44. Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies
  45. Miniaturization
  46. Mission mPOSsible
  47. Mobile Device Mismanagement
  48. MoRE Shadow Walker: The Progression of TLB-Splitting on x86
  49. Multipath TCP: Breaking Today’s Networks with Tomorrow’s Protocols
  50. My Google Glass Sees Your Passwords!
  51. Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
  52. “Nobody is Listening to Your Phone Calls.” Really? A Debate and Discussion on the NSA’s Activities
  53. One Packer to Rule Them All: Empirical Identification, Comparison, and Circumvention of Current Antivirus Detection Techniques
  54. OpenStack Cloud at Yahoo Scale: How to Avoid Disaster
  55. Oracle Data Redaction is Broken
  56. Pivoting in Amazon Clouds
  57. Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors
  58. Point of Sale System Architecture and Security
  59. Prevalent Characteristics in Modern Malware
  60. Probabilistic Spying on Encrypted Tunnels
  61. Protecting Data In-Use from Firmware and Physical Attacks
  62. Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?
  63. RAVAGE – Runtime Analysis of Vulnerabilities and Generation of Exploits
  64. Reflections on Trusting TrustZone
  65. Researching Android Device Security with the Help of a Droid Army
  66. Reverse Engineering Flash Memory for Fun and Benefit
  67. Reverse-Engineering the Supra iBox: Exploitation of a Hardened MSP430-Based Device
  68. SAP, Credit Cards, and the Bird that Talks Too Much
  69. SATCOM Terminals: Hacking by Air, Sea, and Land
  70. Saving Cyberspace
  71. SecSi Product Development: Techniques for Ensuring Secure Silicon Applied to Open-Source Verilog Projects
  72. Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring
  73. Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs
  74. Smart Nest Thermostat: A Smart Spy in Your Home
  75. Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications
  76. Stay Out of the Kitchen: A DLP Security Bake-Off
  77. SVG: Exploiting Browsers without Image Parsing Bugs
  78. The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques
  79. The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP
  80. The Big Chill: Legal Landmines that Stifle Security Research and How to Disarm Them
  81. The Devil Does Not Exist – The Role of Deception in Cyber
  82. The Library of Sparta
  83. The New Page of Injections Book: Memcached Injections
  84. The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends
  85. The State of Incident Response
  86. Thinking Outside the Sandbox – Violating Trust Boundaries in Uncommon Ways
  87. Threat Intelligence Library – A New Revolutionary Technology to Enhance the SOC Battle Rhythm!
  88. Time Trial: Racing Towards Practical Timing Attacks
  89. Understanding IMSI Privacy
  90. Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
  91. Unveiling the Open Source Visualization Engine for Busy Hackers
  92. Unwrapping the Truth: Analysis of Mobile Application Wrapping Solutions
  93. VoIP Wars: Attack of the Cisco Phones
  94. What Goes Around Comes Back Around – Exploiting Fundamental Weaknesses in Botnet C&C Panels!
  95. When the Lights Go Out: Hacking Cisco EnergyWise
  96. Why Control System Cyber-Security Sucks…
  97. Why You Need to Detect More Than PtH
  98. Windows Kernel Graphics Driver Attack Surface
  99. Write Once, Pwn Anywhere


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s