Black Hat USA 2017 took place July 22, 2017 through July 27, 2017 (1 year, 7 months ago) at Mandalay Bay, Las Vegas, Nevada, USA.
Presentations:
Wednesday, July 26, 2017
Thursday, July 27, 2017
-
09:00 - Influencing the Market to Improve Security
-
09:00 - The Shadow Brokers – Cyber Fear Game-Changers
-
09:00 - Escalating Insider Threats Using VMware's API
-
09:00 - The Industrial Revolution of Lateral Movement
-
09:00 - Bot vs. Bot for Evading Machine Learning Malware Detection
-
09:00 - Skype & Type: Keystroke Leakage over VoIP
-
09:00 - The Future of ApplePwn - How to Save Your Money
-
09:00 - OpenCrypto: Unchaining the JavaCard Ecosystem
-
09:00 - The Epocholypse 2038: What's in Store for the Next 20 Years
-
09:45 - 'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback
-
09:45 - Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
-
09:45 - Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale
-
09:45 - Fad or Future? Getting Past the Bug Bounty Hype
-
09:45 - Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems
-
09:45 - rVMI: A New Paradigm for Full System Analysis
-
09:45 - Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
-
09:45 - Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
-
09:45 - Evading Microsoft ATA for Active Directory Domination
-
11:00 - Practical Tips for Defending Web Applications in the Age of DevOps
-
11:00 - Intel SGX Remote Attestation is Not Sufficient
-
11:00 - Breaking the Laws of Robotics: Attacking Industrial Robots
-
11:00 - Why Most Cyber Security Training Fails and What We Can Do About it
-
11:00 - Bug Collisions Meet Government Vulnerability Disclosure
-
11:00 - Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
-
11:00 - Go to Hunt, Then Sleep
-
11:00 - Hunting GPS Jammers
-
11:00 - Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
-
12:10 - Free-Fall: Hacking Tesla from Wireless to CAN Bus
-
12:10 - Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
-
12:10 - Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
-
12:10 - Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
-
12:10 - kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
-
12:10 - Game of Chromes: Owning the Web with Zombie Chrome Extensions
-
12:10 - AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
-
12:10 - Attacking Encrypted USB Keys the Hard(ware) Way
-
14:30 - Evolutionary Kernel Fuzzing
-
14:30 - Defeating Samsung KNOX with Zero Privilege
-
14:30 - Exploit Kit Cornucopia
-
14:30 - Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
-
14:30 - Taking Over the World Through MQTT - Aftermath
-
14:30 - Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
-
14:30 - Friday the 13th: JSON Attacks
-
14:30 - Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
-
14:30 - The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
-
15:50 - Blue Pill for Your Phone
-
15:50 - Well, that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
-
15:50 - Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
-
15:50 - Intel AMT Stealth Breakthrough
-
15:50 - WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
-
15:50 - Lies, and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
-
15:50 - Electronegativity - A Study of Electron Security
-
15:50 - Exploiting Network Printers
-
15:50 - And Then the Script-Kiddie Said, "Let There be No Light." Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
-
17:00 - Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
-
17:00 - IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
-
17:00 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
-
17:00 - Breaking the x86 Instruction Set
-
17:00 - Betraying the BIOS: Where the Guardians of the BIOS are Failing
-
17:00 - Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC
-
17:00 - A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
-
17:00 - The Adventures of AV and the Leaky Sandbox
-
17:00 - RBN Reloaded - Amplifying Signals from the Underground
Presenters: