Black Hat USA 2016

Black Hat USA 2016 took place July 30, 2016 through Aug. 4, 2016 (5 years, 9 months ago) at Mandalay Bay in Las Vegas, Nevada, USA.

The general admission cost for the conference was $2,295.00^[1].

• https://www.blackhat.com/us-16/briefings.html
• https://www.youtube.com/playlist?list=PLH15HpR5qRsXm0-rMacuWBxWcB2fmsmEw
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2016/

Presentations:

Wednesday, Aug. 3, 2016

• 08:50 - Welcome & Introduction to Black Hat USA 2016
• 09:00 - The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play
• 10:20 - A Retrospective on the Use of Export Cryptography
• 10:20 - Beyond the MCSE: Active Directory for the Security Professional
• 10:20 - The Linux Kernel Hidden Inside Windows 10
• 10:20 - HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things
• 10:20 - Abusing Bleeding Edge Web Standards for AppSec Glory
• 10:20 - Breaking Payment Points of Interaction (POI)
• 10:20 - Can You Trust Me Now? An Exploration into the Mobile Threat Landscape
• 10:20 - Capturing 0day Exploits with PERFectly Placed Hardware Traps
• 10:20 - Augmenting Static Analysis Using Pintool: Ablation
• 11:30 - A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land
• 11:30 - Memory Forensics Using Virtual Machine Introspection for Cloud Computing
• 11:30 - Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness
• 11:30 - Hackproofing Oracle eBusiness Suite
• 11:30 - Applied Machine Learning for Data Exfil and Other Fun Topics
• 11:30 - Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L.
• 11:30 - Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
• 11:30 - $hell on Earth: From Browser to System Compromise
• 11:30 - Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root
• 13:50 - Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
• 13:50 - HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows
• 13:50 - Xenpwn: Breaking Paravirtualized Devices
• 13:50 - Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable
• 13:50 - Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits
• 13:50 - Towards a Holistic Approach in Building Intelligence to Fight Crimeware
• 13:50 - Drone Attacks on Industrial Wireless: A New Front in Cyber Security
• 13:50 - CANSPY: A Platform for Auditing CAN Devices
• 13:50 - GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
• 15:00 - I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
• 15:00 - AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
• 15:00 - Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI
• 15:00 - Into The Core - In-Depth Exploration of Windows 10 IoT Core
• 15:00 - 1000 Ways to Die in Mobile OAuth
• 15:00 - Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy
• 15:00 - Pwning Your Java Messaging with Deserialization Vulnerabilities
• 15:00 - Does Dropping USB Drives in Parking Lots and Other Places Really Work?
• 15:00 - An Insider's Guide to Cyber-Insurance and Security Guarantees
• 16:20 - Crippling HTTPS with Unholy PAC
• 16:20 - GreatFET: Making GoodFET Great Again
• 16:20 - Captain Hook: Pirating AVs to Bypass Exploit Mitigations
• 16:20 - Account Jumping, Post Infection Persistency & Lateral Movement in AWS
• 16:20 - Access Keys Will Kill You Before You Kill the Password
• 16:20 - Design Approaches for Security Automation
• 16:20 - Viral Video - Exploiting SSRF in Video Converters
• 16:20 - Using EMET to Disable EMET
• 16:20 - Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX
• 17:30 - Unleash the Infection Monkey: A Modern Alternative to Pen-Tests
• 17:30 - AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion
• 17:30 - Brute-Forcing Lockdown Harddrive PIN Codes
• 17:30 - Security Through Design - Making Security Better by Designing for People
• 17:30 - Side-Channel Attacks on Everyday Applications
• 17:30 - The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack
• 17:30 - Building a Product Security Incident Response Team: Learnings from the Hivemind
• 17:30 - Watching Commodity Malware Get Sold to a Targeted Actor
• 17:30 - Cyber War in Perspective: Analysis from the Crisis in Ukraine

Thursday, Aug. 4, 2016

• 09:00 - Samsung Pay: Tokenized Numbers, Flaws and Issues
• 09:00 - BadTunnel: How Do I Get Big Brother Power?
• 09:00 - PINdemonium: A DBI-Based Generic Unpacker for Windows Executable
• 09:00 - Dark Side of the DNS Force
• 09:00 - A Lightbulb Worm?
• 09:00 - Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges
• 09:00 - What's the DFIRence for ICS?
• 09:00 - Dungeons, Dragons and Security
• 09:00 - Keystone Engine: Next Generation Assembler Framework
• 09:45 - HTTP Cookie Hijacking in the Wild: Security and Privacy Implications
• 09:45 - Advanced CAN Injection Techniques for Vehicle Networks
• 09:45 - The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android
• 09:45 - The Remote Malicious Butler Did It!
• 09:45 - TCP Injection Attacks in the Wild - A Large Scale Study
• 09:45 - Ouroboros: Tearing Xen Hypervisor with the Snake
• 09:45 - Understanding HL7 2.x Standards, Pen Testing, and Defending HL7 2.x Messages
• 09:45 - Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace
• 09:45 - Windows 10 Segment Heap Internals
• 11:00 - O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications
• 11:00 - Demystifying the Secure Enclave Processor
• 11:00 - Investigating DDOS - Architecture, Actors, and Attribution
• 11:00 - Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators
• 11:00 - Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
• 11:00 - Hacking Next-Gen ATMs: From Capture to Cashout
• 11:00 - Cunning with CNG: Soliciting Secrets from Schannel
• 11:00 - The Tao of Hardware, the Te of Implants
• 11:00 - Language Properties of Phone Scammers: Cyberdefense at the Level of the Human
• 12:10 - Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf
• 12:10 - AirBnBeware: Short Term Rentals, Long Term Pwnage
• 12:10 - SGX Secure Enclaves in Practice: Security and Crypto Review
• 12:10 - Horse Pill: A New Type of Linux Rootkit
• 12:10 - badWPAD
• 12:10 - When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement
• 12:10 - Hardening AWS Environments and Automating Incident Response for AWS Compromises
• 12:10 - Windows 10 Mitigation Improvements
• 12:10 - Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter
• 14:30 - Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
• 14:30 - Iran's Soft-War for Internet Dominance
• 14:30 - PLC-Blaster: A Worm Living Solely in the PLC
• 14:30 - VOIP WARS: The Phreakers Awaken
• 14:30 - Breaking FIDO: Are Exploits in There?
• 14:30 - Web Application Firewalls: Analysis of Detection Logic
• 14:30 - OSS Security Maturity: Time to Put On Your Big Boy Pants!
• 14:30 - Pangu 9 Internals
• 14:30 - The Year in Flash
• 15:50 - Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency
• 15:50 - Behind the Scenes of iOS Security
• 15:50 - The Art of Reverse Engineering Flash Exploits
• 15:50 - Crumbling the Supercookie, and Other Ways the FCC Protects Your Internet Traffic
• 15:50 - When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists
• 15:50 - The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM
• 15:50 - DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes
• 15:50 - Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks
• 15:50 - Breaking Hardware-Enforced Security with Hypervisors
• 17:00 - An Inconvenient Trust: User Attitudes Toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
• 17:00 - Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization
• 17:00 - Building Trust & Enabling Innovation for Voice Enabled IoT
• 17:00 - Over the Edge: Silently Owning Windows 10's Secure Browser
• 17:00 - Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process
• 17:00 - Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking?
• 17:00 - An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network
• 17:00 - Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud
• 17:00 - Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network

Presenters:

• Aaron Zauner
• Abdul-Aziz Hariri
• Abdulellah Alsaheel
• Alexei Bulazel
• Alex Ionescu
• Alex McCormack
• Alvaro Muñoz
• Amit Klein
• Anders Fogh
• Andre Correa
• Andrew Krug
• Anirudh Duggal
• Arnaud Lebrun
• Arun Vishwanath
• Aude Marzuoli
• Bart Stump
• Brian Wallace
• Bryant Zadegan
• Cara Marie
• Carl Vincent
• Catherine (Kate) Pearce
• Chaim Hoch
• Changhoon Yoon
• Charlie Miller
• Chris Sistrunk
• Christine Gadsby
• Chris Valasek
• Claudio Guarnieri / nex
• Cody Pierce
• Colin O'Flynn
• Collin Anderson
• Cooper Quintin
• Cristiano Giuffrida
• Dan Amiga
• Daniel Gruss
• Dan Kaminsky
• David Adrian
• David Litchfield
• David Wang
• David Weston
• Dhia Mahjoub
• Dor Knafo
• Elie Bursztein
• Elliott Peterson
• Eric Chen
• Erik Bosman
• Erik Wu
• Eva Galperin
• Fatih Ozavci
• Felix Wilhelm
• Gabi Nakibly
• Hanno Böck
• Hao Xu
• Hendrik Schwartke
• Herbert Bos
• Israel Barak
• Itzik Kotler
• Ivan Krstić
• Jake Kambic
• Jake Kouns
• Jasiel Spelman
• Jason Healey
• Jason Polakis
• Jean-Philippe Aumasson
• Jeff Melrose
• Jeff Moss / The Dark Tangent
• Jelle Niemantsverdriet
• Jennifer Granick
• Jeong Wook Oh
• Jeremiah Grossman
• Jeremy Galloway
• Jerrod Chong
• Joe FitzPatrick / @securelyfitz
• John Seymour / Delta Zero
• Jonathan-Christofer Demay
• Jonathan Mayer
• Joseph Sharkey
• Josh Thomas / m0nk
• Josh Triplett
• Joshua Smith
• Judith Tabron
• Julian Bangert
• Kaveh Razavi
• Kenneth Fitch
• Kenneth Geers
• Konstantin Berlin
• Kymberlee Price
• Lei Ji
• Liang Chen
• Loic Simon
• Lorenzo Fontana
• Luis Merino
• Luyi Xing
• Lynn Terwoerds
• Maik Brüggemann
• Marco Grassi
• Marco Ortisi
• Mark Vincent Yason
• Mathew Solnik
• Mathy Vanhoef
• Matthias Kaiser
• Matt Miller
• Matt Molinyawe
• Matt Spisak
• Matt Wolff
• Maxim Andreev
• Maxim Goncharov
• Maxwell Koo
• Michael Leibowitz / @r00tkillah
• Michael Ossmann
• Mykhailo Sakaly
• Nan Zhang
• Natalie Silvanovich
• Neil Wyler
• Nethanel Gelernter
• Nguyen Anh Quynh
• Nick Kralevich
• Nikhil Mittal
• Nikolay Ermishkin
• Nir Valtman
• Ofri Ziv
• Oleksandr Mirosh
• Patrick Gage Kelley
• Patrick Tague
• Patrick Watson
• Paul Mehta
• Paul Sabanal
• Peiter Zatko / Mudge
• Peleus Uhley
• Philipp Jovanovic
• Philip Tully / KingPhish3r
• Qidan He
• Rafal Wojtczuk
• Raghav Pande
• Ralf Hund
• Ralf Spenneberg
• Riana Pfefferkorn
• Robert Kotcher
• Rodrigo Rubira Branco
• Rohit Mothe
• Ryan Lester
• Salvador Mendoza
• Sangho Lee
• Sarah Zatko
• Sean Devlin
• Sean Malone
• Sean Metcalf
• Sebastiano Mariani
• Sergey Bratus
• Seungsoo Lee
• Shangcong Luan
• Shawn Moyer
• Shuo Chen
• Slawomir Jasek
• Suphannee Sivakorn
• Taesoo Kim
• Tal Be'ery
• Tao Wei
• Tarjei Mandt
• Taylor Hornby
• Thomas Mathew
• Tielei Wang
• Tiphaine Romand Latapie
• Tobias Zillner
• Tomer Bitton
• Tom Nipravsky
• Tom Van Goethem
• Tongbo Luo
• Travis LeBlanc
• Udi Yavo
• Vincent Tan
• Vladimir Ivanov
• Wesley McGrew
• Weston Hecker
• Xiaobo Chen
• Xiaolong Bai
• Xing Jin
• Xuan Zhao
• Yang Yu
• Yeongjin Jang
• Yuan Tian
• Yubin Fu
• Yuhei Otsubo
• Yulong Zhang
• Yunding Jian
• Yutong Pei
• Zinaida Benenson

---

1. ^ This price is meant to give a general idea of the cost of attending the conference. Many conferences have varying prices based on number of days of attendance, early registration, tiers of support, or additional costs for workshops or trainings. The price here is meant to represent the most common cost for the majority of attendees. See the conference's homepage, if applicable, for details.