Black Hat USA 2022
took place Aug. 6, 2022 through Aug. 11, 2022 (1 year, 11 months ago) at Mandalay Bay in Las Vegas, Nevada, USA.
Presentations
Wednesday, Aug. 10, 2022
-
09:00 - Keynote: Black Hat at 25: Where Do We Go from Here?
-
10:20 - Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again
-
10:20 - New Memory Forensics Techniques to Defeat Device Monitoring Malware
-
10:20 - Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
-
10:20 - Elevating Kerberos to the Next Level
-
10:20 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
-
10:20 - Automatic Protocol Reverse Engineering
-
10:20 - Harm Reduction: A Framework for Effective & Compassionate Security Guidance
-
10:20 - AAD Joined Machines - The New Lateral Movement
-
10:20 - All Your GNN Models and Data Belong to Me
-
11:20 - A Fully Trained Jedi, You Are Not
-
11:20 - Demystifying Key Stretching and PAKEs
-
11:20 - Better Privacy Through Offense: How To Build a Privacy Red Team
-
11:20 - Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
-
11:20 - Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
-
11:20 - IAM The One Who Knocks
-
11:20 - The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
-
11:20 - Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
-
11:20 - Devils Are in the File Descriptors: It Is Time To Catch Them All
-
13:30 - ELF Section Docking: Revisiting Stageless Payload Delivery
-
13:30 - Is WebAssembly Really Safe? --Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
-
13:30 - Internal Server Error: Exploiting Inter-Process Communication in SAP's HTTP Server
-
13:30 - The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change
-
13:30 - In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub Copilot
-
13:30 - Google Reimagined a Phone. It was Our Job to Red Team and Secure it.
-
13:30 - Trying to Be Everything to Everyone: Let’s Talk About Burnout
-
13:30 - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
-
14:30 - The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting
-
14:30 - sOfT7: Revealing the Secrets of Siemens S7 PLCs
-
14:30 - Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
-
14:30 - Stalloris: RPKI Downgrade Attack
-
14:30 - Return to Sender - Detecting Kernel Exploits with eBPF
-
14:30 - AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture
-
14:30 - To Flexibly Tame Kernel Execution With Onsite Analysis
-
14:30 - Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone
-
14:30 - (Long) Dragon Tails – Measuring Dependence on International Vulnerability Research
-
15:20 - Real 'Cyber War': Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine
-
15:20 - Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
-
15:20 - I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
-
15:20 - Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
-
15:20 - No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook To Develop a Shared Narrative of Major Cyber Incidents
-
15:20 - BrokenMesh: New Attack Surfaces of Bluetooth Mesh
-
15:20 - Fault-Injection Detection Circuits: Design, Calibration, Validation and Tuning
-
15:20 - Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
-
15:20 - RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise
-
16:20 - A Journey Into Fuzzing WebAssembly Virtual Machines
-
16:20 - UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice
-
16:20 - Attacks From a New Front Door in 4G & 5G Mobile Networks
-
16:20 - Trace Me if You Can: Bypassing Linux Syscall Tracing
-
16:20 - GPT-3 and Me: How Supercomputer-scale Neural Network Models Apply to Defensive Cybersecurity Problems
-
16:20 - Unlimited Results: Breaking Firmware Encryption of ESP32-V3
-
16:20 - Breaking the Chrome Sandbox with Mojo
-
16:20 - A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
-
16:20 - Dive Into Apple IO80211Family Vol. 2
Thursday, Aug. 11, 2022