Tuesday, July 16, 2013

Black Hat 2013 Briefings - By Category

For those of you going to Black Hat this year, I went through and categorized the briefings. Clicking the link will take you to the abstract on the Black Hat site.

Some of the talks would easily fit into multiple categories but to keep it simple, I arbitrarily assigned them as I saw fit. I found it easier to verify that I would be hitting a good cross-section of the available talks this way. I hope you also get some use out of it.


Black-box Assessment of Pseudorandom Algorithms

Password Hashing: The Future is Now

Power Analysis Attacks for Cheapskates

TLS 'Secrets'


Truncating TLS Connections to Violate Beliefs in Web Applications

The Factoring Dead: Preparing for Cyptopocalypse

SSL, Gone in 30 Seconds - A BREACH beyond CRIME


Combating the Insider Threat at the FBI: Real-world Lessons Learned

Evading Deep Inspection for Fun and Shell

Hot Knives Through Butter: Bypassing Automated Analysis Systems

Enterprise Software

Mainframes: The Past Will Come to Haunt You

With BIGDATA comes BIG responsibility: Practical exploiting of MDX injections

Java Every-Days: Exploiting Software Running on Three Billion Devices

Practical Pentesting of ERPs and Business Applications

Methodologies of Hacking Embedded Security Appliances


Hunting the Shadows: In-Depth Analysis of Escalated APT Attacks

Above My Pay Grade: Cyber Response at the National Level

Is that a Government in Your Network or are you Just Happy to See Me?


OPSEC Failures of Spies

Spy-jacking the Booters


A Tale of One Software Bypass of Windows 8 Secure Boot

Flying In the Dark - All the Things Not to Do When Hacking Hardware

BIOS Security

Embedded Devices Security and Firmware RE

Untwining Twine


Hiding @ Depth -Exploring, Subverting, and Breaking NAND Flash Memory

The Outer Limits: Hacking The Samsung Smart TV

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions


Stepping p3wns: Adventures in Full Spectrum Embedded Exploitation

Funderbolt: Adventures in Thunderbolt DMA Attacks

JTAGulator: Assisted Discovery of On-Chip Debug Interfaces

Teridian SoC Exploitation: Exploration of Harvard Architecture Smart Grid Systems

Information Exchange

CMX: IEEE Clean File Metadata Exchange


Keynote Speaker: General Keith B. Alexander

Keynote Speaker: Brian Muirhead


Beyond the Application: Cellular Privacy Regulatory Space

What Security Researchers Need to Know About Anti-Hacking Law

Legal Aspects of Full-spectrum Computer Network (Active) Defense


CrowdSource: An Open Source, Crowd Trained Machine Learning Model for Malware Detection

Million Browser Botnet

End-to-end Analysis of Domain Generating Algorithm Malware Family

PDF Attack: A Journey from the Exploit Kit to the Shellcode

Clickjacking Revisted: A Perceptual View of UI Security

Malicious File for Exploiting Forensic Software

BinaryPig - Scalable Malware Analytics in Hadoop

Mo' Malware, Mo' Problems - Cuckoo Sandbox to the Rescue

Press ROOT to Continue: Detecting OSX and Windows Bootkits with RDFU


BlackberryOS 10 From a Security Perspective

How to Build a SpyPhone

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

LTE Booms with Vulnerabilities

A Practical Attack Against MDM Solutions

Mactans: Injecting Malware Into iOS Devices via Malicious Chargers

Mobile Malware: Why the Traditional AV Paradigm is Doomed

Abusing Web APIs Through Scripted Android Applications

Mobile Rootkits: Exploiting and Rootkitting ARM TrustZone

Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix!

Do-It-Yourself Cellular IDS

Android: One Root to Own them All

Mobile Forensics Sudden Death Workshop

Rooting SIM Cards

Multiplexed Wired Attack Surfaces


New Trends in FastFlux Networks

Lessons from Surviving a 300Gbps Denial of Service Attack

Denying Service to DDoS Protection Services

Denial of Service as a Service - Asymmetrical Warfare at its Finest

Universal DDoS Mitigation Bypass

Fully Arbitrary 802.3 Packet Injection: Maximizing Ethernet Attack Surface

What's on the Wire? - Physical Layer Tapping with Project Daisho

Defending Networks With Incomplete Information: A Machine Learning Approach

Owning the Routing Table - Part II

Operating System Vulnerability

Smashing the Font Scaler Engine in Windows Kernel

Bochspwn: Identifying 0-Days via System-Wide Memory Access Pattern Analysis

Physical Control Systems

Let's Get Physical: Breaking Home Security Systems and Bypassing Building Controls

The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices - Part Deux!

Honey, I'm Home!! - Hacking Z-Wave Home Automation Systems

Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus)

Out of Control: Demonstrating SCADA Device Exploitation

Implantable Medical Devices: Hacking Humans

Compromising Industrial Facilities from 40 Miles Away

RFID Hacking: Live Free or RFID Hard

Exploiting Network Surveillance Cameras Like a Hollywood Hacker

Home Invasion v2.0 - Attacking Network-Controlled Hardware


Pass the Hash and other credential theft and reuse: Preventing Lateral Movement and Privelage Escalation

Pass-the-Hash 2: The Admin's Revenge

Post Eploitation Operations with Cloud Synchronization


Maltego Tungsten As a Collaborative Attack Platform


CreepyDOL: Cheap, Distributed Stalking

Reverse Engineering

How to grow a TREE (Taint-Enabled Reverse Engineering Environment) from a CBASS (Cross-platform Binary Automated Symbolic-execution System)

Virtual Deobfuscator - A DARPA Cyber Fast Track Funded Effort

Secure Coding

Shattering Illusions in Lock-Free Worlds: Compiler/Hardware Behaviors in OSes and VMs

Just-In-Time Code Reuse: The More Things Change, the More They Stay the Same

Social Engineering

Predicting Susceptibility to Socialbots on Twitter

Software Research

Javascript Static Security Analysis Made Easy with JSPrime

OptiROP: hunting for ROP gadgets in style

Bugalyze.com - Detecting bugs using decompilation and data flow analysis

Hacking Like in the Movies: Visualizing Page Tables for Local Exploitation

Vulnerability Management

Buying into the Bias: Why Vulnerability Statistics Suck

How CVSS is DOSsing Your Patching Policy (and wasting your money)

Web App Security

The Web IS Vulnerable: XSS Defense on the BattleFront

Pixel-Perfect Timing Attacks with HTML5

Big Data for Web Application Security

Dissecting CSRF Attacks and Countermeasures

') UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques???)

1 comment:

  1. This Defeating DDOS Attacks white paper investigates the business and technical issues pertaining to a platform, ... Cisco Guard DDoS Mitigation Appliances.