Black Hat USA 2017

Black Hat USA 2017 took place July 22, 2017 through July 27, 2017 (4 years, 10 months ago) at Mandalay Bay in Las Vegas, Nevada, USA.

The general admission cost for the conference was $2,395.00^[1].

• https://www.blackhat.com/us-17/
• https://www.youtube.com/playlist?list=PLH15HpR5qRsUyGhBVRDKGrHyQC5G4jQyd
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/

Presentations:

Wednesday, July 26, 2017

• 09:00 - Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
• 10:30 - All Your SMS & Contacts Belong to ADUPS & Others
• 10:30 - Ichthyology: Phishing as a Science
• 10:30 - Adventures in Attacking Wind Farm Control Networks
• 10:30 - PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection, Traffic Analysis, and Beyond
• 10:30 - Web Cache Deception Attack
• 10:30 - Wire Me Through Machine Learning
• 10:30 - Breaking Electronic Door Locks Like You're on CSI: Cyber
• 10:30 - They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
• 10:30 - Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software
• 11:15 - Real Humans, Simulated Attacks: Usability Testing with Attack Scenarios
• 11:15 - Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller
• 11:15 - Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid
• 11:15 - FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
• 11:15 - The Avalanche Takedown: Landslide for Law Enforcement
• 11:15 - Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
• 11:15 - When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
• 11:15 - New Adventures in Spying 3G and 4G Users: Locate, Track & Monitor
• 11:15 - Many Birds, One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
• 13:30 - Hacking Hardware with a $10 SD Card Reader
• 13:30 - Challenges of Cooperation Across Cyberspace
• 13:30 - SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers' Lives Much Harder on Mobile Networks
• 13:30 - Hacking Serverless Runtimes: Profiling AWS Lambda, Azure Functions, and More
• 13:30 - Delivering Javascript to World+Dog
• 13:30 - How We Created the First SHA-1 Collision and What it Means for Hash Security
• 13:30 - Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update
• 13:30 - The Active Directory Botnet
• 13:30 - Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network
• 14:40 - Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
• 14:40 - What's on the Wireless? Automating RF Signal Identification
• 14:40 - An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
• 14:40 - Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
• 14:40 - Automated Testing of Crypto Software Using Differential Fuzzing
• 14:40 - Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
• 14:40 - So You Want to Market Your Security Product...
• 14:40 - The Art of Securing 100 Products
• 14:40 - ShieldFS: The Last Word in Ransomware Resilient File Systems
• 16:00 - White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data
• 16:00 - WSUSpendu: How to Hang WSUS Clients
• 16:00 - What They're Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs
• 16:00 - Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
• 16:00 - Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
• 16:00 - Go Nuclear: Breaking Radiation Monitoring Devices
• 16:00 - Evilsploit – A Universal Hardware Hacking Toolkit
• 16:00 - Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
• 16:00 - Developing Trust and Gitting Betrayed
• 17:05 - Garbage In, Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data
• 17:05 - Protecting Visual Assets: Digital Image Counter-Forensics
• 17:05 - Intercepting iCloud Keychain
• 17:05 - Protecting Pentests: Recommendations for Performing More Secure Tests
• 17:05 - Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
• 17:05 - (in)Security in Building Automation: How to Create Dark Buildings with Light Speed
• 17:05 - Tracking Ransomware End to End
• 17:05 - Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
• 17:05 - Fighting Targeted Malware in the Mobile Ecosystem
• 18:30 - Pwnie Awards

Thursday, July 27, 2017

• 09:00 - The Industrial Revolution of Lateral Movement
• 09:00 - Bot vs. Bot for Evading Machine Learning Malware Detection
• 09:00 - Influencing the Market to Improve Security
• 09:00 - The Epocholypse 2038: What's in Store for the Next 20 Years
• 09:00 - The Future of ApplePwn - How to Save Your Money
• 09:00 - The Shadow Brokers – Cyber Fear Game-Changers
• 09:00 - Escalating Insider Threats Using VMware's API
• 09:00 - OpenCrypto: Unchaining the JavaCard Ecosystem
• 09:00 - Skype & Type: Keystroke Leakage over VoIP
• 09:45 - 'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback
• 09:45 - Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
• 09:45 - Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale
• 09:45 - Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
• 09:45 - Fad or Future? Getting Past the Bug Bounty Hype
• 09:45 - Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems
• 09:45 - Evading Microsoft ATA for Active Directory Domination
• 09:45 - Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
• 09:45 - rVMI: A New Paradigm for Full System Analysis
• 11:00 - Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
• 11:00 - Bug Collisions Meet Government Vulnerability Disclosure
• 11:00 - Practical Tips for Defending Web Applications in the Age of DevOps
• 11:00 - Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
• 11:00 - Breaking the Laws of Robotics: Attacking Industrial Robots
• 11:00 - Hunting GPS Jammers
• 11:00 - Intel SGX Remote Attestation is Not Sufficient
• 11:00 - Go to Hunt, Then Sleep
• 11:00 - Why Most Cyber Security Training Fails and What We Can Do About it
• 12:10 - Free-Fall: Hacking Tesla from Wireless to CAN Bus
• 12:10 - Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
• 12:10 - Attacking Encrypted USB Keys the Hard(ware) Way
• 12:10 - Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
• 12:10 - AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
• 12:10 - kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
• 12:10 - Game of Chromes: Owning the Web with Zombie Chrome Extensions
• 12:10 - Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
• 14:30 - Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
• 14:30 - The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
• 14:30 - Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
• 14:30 - Evolutionary Kernel Fuzzing
• 14:30 - Exploit Kit Cornucopia
• 14:30 - Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
• 14:30 - Defeating Samsung KNOX with Zero Privilege
• 14:30 - Friday the 13th: JSON Attacks
• 14:30 - Taking Over the World Through MQTT - Aftermath
• 15:50 - Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
• 15:50 - And Then the Script-Kiddie Said, "Let There be No Light." Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
• 15:50 - Exploiting Network Printers
• 15:50 - Lies, and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
• 15:50 - Blue Pill for Your Phone
• 15:50 - Intel AMT Stealth Breakthrough
• 15:50 - Electronegativity - A Study of Electron Security
• 15:50 - Well, that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
• 15:50 - WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
• 17:00 - Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
• 17:00 - Breaking the x86 Instruction Set
• 17:00 - Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC
• 17:00 - A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
• 17:00 - IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
• 17:00 - RBN Reloaded - Amplifying Signals from the Underground
• 17:00 - The Adventures of AV and the Leaky Sandbox
• 17:00 - Betraying the BIOS: Where the Guardians of the BIOS are Failing
• 17:00 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

Presenters:

• Aaron Alva
• Aimin Pan
• Alberto Compagno
• Alessandro Barenghi
• Alessandro Guagnelli
• Alexander Ermolov
• Alex Matrosov
• Alex Radocea
• Alex Stamos
• Altaf Shaik
• Alvaro Muñoz
• Amir Etemadieh / Zenofex
• Amit Klein
• Anastasis Keliris
• Andrea Continella
• Andrea Maria Zanchettin
• Andrew Blaich
• Andrew Furtak
• Andrew Krug
• Andrew Martin
• Andy Robbins / @_wald0
• Angelo Prado
• Angelos Stavrou
• Ankit Singh
• Anna Trikalinou
• Anton Cherepanov
• April C. Wright
• Arun Vishwanath
• Azzedine Benameur
• Bart Stump
• Ben Miller
• Bill Woodcock
• Billy Rios
• Bo Yang
• Brad Antoniewicz
• Brian Knopf
• Bruce Monroe
• Bryce Kunz
• Chaim Sanders
• Chanil Jeon
• Charalambos Konstantinou
• Charles Valentine
• Chenxiong Qian
• Christopher Domas / the.delta.axiom
• Chris Wysopal / Weld Pond
• Chui Yew Leong
• CJ Heres / CJ_000
• Clint Gibler
• Colin O'Flynn
• Craig Dods
• Dan Cvrcek
• Daniel Bohannon / DBO
• Daniele Lain
• Dan Lake
• David Bianco
• Davide Quarta
• David Rodriguez
• Dhia Mahjoub
• Dino Dai Zovi
• Di Shen
• Dmitriy Evdokimov
• Dominic Spill
• Eason Goodale
• Eduardo Vela
• Elie Bursztein
• Federico Maggi
• Gabi Nakibly
• Gene Tsudik
• George Danezis
• Giovanni Zingaro
• Giulio De Pasquale
• Graham Jones
• Haoqi Shan
• Harold Chun
• Haroon Meer
• Hillary Sanders
• Hyrum Anderson
• Insu Yun
• Itzik Kotler
• Jacob Osborn
• James Kettle / albinowax
• Jason Healey
• Jason Nichols
• Jason Passwaters
• Jason Staggs
• Jean-Michel Picod
• Jean-Philippe Aumasson
• Jean-Pierre Seifert
• Jeff Moss / The Dark Tangent
• Jens Müller
• Jinho Jung
• Joe Slowik
• John Ventura
• Jonas Pfoh
• Jonathan Butts
• Joseph Nye
• Jun Li
• Justine Bone
• Justin Harvey
• Karen Neuman
• Karla Burnett
• Katie Moussouris
• Kelly Shortridge
• Kenneth Brown
• Khoa Hoang / Maximus64
• Khoo Boon Hui
• Kim Zetter
• Krzysztof Kotowicz
• Kun Yang
• Kyle Randolph
• Kylie McRoberts
• Kymberlee Price
• Lee Holmes
• Lidia Giuliano
• Lillian Ablon
• Ling Liu
• Lin Huang
• Lori Rangel
• Lorrie Cranor
• Luca Carettoni
• Luca Invernizzi
• Lucas Lundgren
• Lucca Hirschi
• Maksim Malyutin
• Manuel Sommer
• Marcello Pogliani
• Marco Slaviero
• Marina Kaljurand
• Marina Krotofil
• Mario Polino
• Marios Pomonis
• Martin Kacer
• Mateusz Jurczyk / j00ru
• Mathy Vanhoef
• Matt Foley
• Matt Suiche
• Mauro Conti
• Max Wolotsky
• Megan Ruthven
• Michael Cherny
• Michael Ossmann
• Mihalis Maniatakos
• Mike Spaulding
• Mikhail Gorobets
• Mikko Hypponen
• Mingming Wan
• Morten Schenk
• Natalie Silvanovich
• Nathan Bates
• Neil Wyler
• Nicholas Gray
• Nick Kralevich
• Nikhil Mittal
• Nikita Mazurov
• Nir Valtman
• Nitay Artenstein
• Noah Beddome
• Norman Barbosa
• Ofri Ziv
• Oleksandr Bazhaniuk
• Oleksandr Mirosh
• Omar Eissa
• Omer Gil
• Orange Tsai
• Patrick Wardle
• Paul Kalinin
• Petr Svenda
• Philippe Langlois
• Phuoc Tran-Gia
• Qing Yang
• Ravishankar Borgaonkar
• Rémi Audebert
• Richard Johnson
• Robert Lipovsky
• Robert M. Lee
• Rob Olson
• Rodrigo Branco
• Romain Coltel
• Ruben Santamarta
• Ryan Johnson
• Sagie Dulce
• Sarah Zatko
• Sebastian Lekies
• Sebastian Vogl
• Sen Nie
• Shangyuan LI
• Shinjo Park
• Siji Feng
• Simon Pak Ho Chung
• Stefano Zanero
• Stefan Prandl
• Taesoo Kim
• Tal Be'ery
• Tal Maor
• Terrell McSweeny
• Thomas Brandstetter
• Thomas Zinner
• Timur Yunusov
• Tomer Cohen
• Tom Grasso
• Tongbo Luo
• Trey Herr
• Ty Miller
• Vasilios Mavroudis
• Vijay Thaware
• Vincent Zimmer
• Vlad Gostomelsky
• Wang Kang
• Waylon Grange
• Wenke Lee
• Wesley McGrew
• Will Schroeder / @harmj0y
• Wolfgang Kleinwachter
• Xing Jin
• Xin Ouyang
• Yanick Fratantonio
• Yogesh Swami
• Yolan Romailler
• Yuefeng Du
• Yuriy Bulygin
• Yuwei Zheng
• Yves Le Provost
• Zane Lackey
• Zhaoyan Xu
• Zhengbo Wang
• Zhi Zhou

---

1. ^ This price is meant to give a general idea of the cost of attending the conference. Many conferences have varying prices based on number of days of attendance, early registration, tiers of support, or additional costs for workshops or trainings. The price here is meant to represent the most common cost for the majority of attendees. See the conference's homepage, if applicable, for details.