Black Hat USA 2022
took place Aug. 6, 2022 through Aug. 11, 2022 (2 years, 4 months ago) at Mandalay Bay in Las Vegas, Nevada, USA.
Presentations
Wednesday, Aug. 10, 2022
-
09:00 - Keynote: Black Hat at 25: Where Do We Go from Here?
-
10:20 - Elevating Kerberos to the Next Level
-
10:20 - Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again
-
10:20 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
-
10:20 - Automatic Protocol Reverse Engineering
-
10:20 - All Your GNN Models and Data Belong to Me
-
10:20 - New Memory Forensics Techniques to Defeat Device Monitoring Malware
-
10:20 - AAD Joined Machines - The New Lateral Movement
-
10:20 - Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
-
10:20 - Harm Reduction: A Framework for Effective & Compassionate Security Guidance
-
11:20 - Better Privacy Through Offense: How To Build a Privacy Red Team
-
11:20 - IAM The One Who Knocks
-
11:20 - Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
-
11:20 - Demystifying Key Stretching and PAKEs
-
11:20 - Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
-
11:20 - Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
-
11:20 - The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
-
11:20 - A Fully Trained Jedi, You Are Not
-
11:20 - Devils Are in the File Descriptors: It Is Time To Catch Them All
-
13:30 - Trying to Be Everything to Everyone: Let’s Talk About Burnout
-
13:30 - ELF Section Docking: Revisiting Stageless Payload Delivery
-
13:30 - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
-
13:30 - Internal Server Error: Exploiting Inter-Process Communication in SAP's HTTP Server
-
13:30 - In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub Copilot
-
13:30 - The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change
-
13:30 - Is WebAssembly Really Safe? --Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
-
13:30 - Google Reimagined a Phone. It was Our Job to Red Team and Secure it.
-
14:30 - sOfT7: Revealing the Secrets of Siemens S7 PLCs
-
14:30 - Return to Sender - Detecting Kernel Exploits with eBPF
-
14:30 - Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
-
14:30 - The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting
-
14:30 - Stalloris: RPKI Downgrade Attack
-
14:30 - (Long) Dragon Tails – Measuring Dependence on International Vulnerability Research
-
14:30 - To Flexibly Tame Kernel Execution With Onsite Analysis
-
14:30 - Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone
-
14:30 - AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture
-
15:20 - BrokenMesh: New Attack Surfaces of Bluetooth Mesh
-
15:20 - I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
-
15:20 - Real 'Cyber War': Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine
-
15:20 - RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise
-
15:20 - Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
-
15:20 - Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning
-
15:20 - Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
-
15:20 - Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
-
15:20 - No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook To Develop a Shared Narrative of Major Cyber Incidents
-
16:20 - Breaking the Chrome Sandbox with Mojo
-
16:20 - Unlimited Results: Breaking Firmware Encryption of ESP32-V3
-
16:20 - A Journey Into Fuzzing WebAssembly Virtual Machines
-
16:20 - Attacks From a New Front Door in 4G & 5G Mobile Networks
-
16:20 - Dive Into Apple IO80211Family Vol. 2
-
16:20 - GPT-3 and Me: How Supercomputer-scale Neural Network Models Apply to Defensive Cybersecurity Problems
-
16:20 - Trace Me if You Can: Bypassing Linux Syscall Tracing
-
16:20 - UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice
-
16:20 - A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Thursday, Aug. 11, 2022