Black Hat USA 2022
took place Aug. 6, 2022 through Aug. 11, 2022 (2 years, 10 months ago) at Mandalay Bay in Las Vegas, Nevada, USA.
Presentations
Wednesday, Aug. 10, 2022
-
09:00 - Keynote: Black Hat at 25: Where Do We Go from Here?
-
10:20 - Elevating Kerberos to the Next Level
-
10:20 - Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again
-
10:20 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
-
10:20 - Automatic Protocol Reverse Engineering
-
10:20 - All Your GNN Models and Data Belong to Me
-
10:20 - New Memory Forensics Techniques to Defeat Device Monitoring Malware
-
10:20 - AAD Joined Machines - The New Lateral Movement
-
10:20 - Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
-
10:20 - Harm Reduction: A Framework for Effective & Compassionate Security Guidance
-
11:20 - Better Privacy Through Offense: How To Build a Privacy Red Team
-
11:20 - IAM The One Who Knocks
-
11:20 - Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
-
11:20 - Demystifying Key Stretching and PAKEs
-
11:20 - Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
-
11:20 - Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
-
11:20 - The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
-
11:20 - A Fully Trained Jedi, You Are Not
-
11:20 - Devils Are in the File Descriptors: It Is Time To Catch Them All
-
13:30 - Trying to Be Everything to Everyone: Let’s Talk About Burnout
-
13:30 - ELF Section Docking: Revisiting Stageless Payload Delivery
-
13:30 - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
-
13:30 - Internal Server Error: Exploiting Inter-Process Communication in SAP's HTTP Server
-
13:30 - In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub Copilot
-
13:30 - The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change
-
13:30 - Is WebAssembly Really Safe? --Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
-
13:30 - Google Reimagined a Phone. It was Our Job to Red Team and Secure it.
-
14:30 - sOfT7: Revealing the Secrets of Siemens S7 PLCs
-
14:30 - Return to Sender - Detecting Kernel Exploits with eBPF
-
14:30 - Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
-
14:30 - The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting
-
14:30 - Stalloris: RPKI Downgrade Attack
-
14:30 - (Long) Dragon Tails – Measuring Dependence on International Vulnerability Research
-
14:30 - To Flexibly Tame Kernel Execution With Onsite Analysis
-
14:30 - Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone
-
14:30 - AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture
-
15:20 - BrokenMesh: New Attack Surfaces of Bluetooth Mesh
-
15:20 - I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
-
15:20 - Real 'Cyber War': Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine
-
15:20 - RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise
-
15:20 - Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
-
15:20 - Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning
-
15:20 - Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
-
15:20 - Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
-
15:20 - No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook To Develop a Shared Narrative of Major Cyber Incidents
-
16:20 - Breaking the Chrome Sandbox with Mojo
-
16:20 - Unlimited Results: Breaking Firmware Encryption of ESP32-V3
-
16:20 - A Journey Into Fuzzing WebAssembly Virtual Machines
-
16:20 - Attacks From a New Front Door in 4G & 5G Mobile Networks
-
16:20 - Dive Into Apple IO80211Family Vol. 2
-
16:20 - GPT-3 and Me: How Supercomputer-scale Neural Network Models Apply to Defensive Cybersecurity Problems
-
16:20 - Trace Me if You Can: Bypassing Linux Syscall Tracing
-
16:20 - UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice
-
16:20 - A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Thursday, Aug. 11, 2022