Black Hat Briefings is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo. An event dedicated to the US federal agencies is organized in Washington, D.C.

Wikipedia
Black Hat
Black Hat
YouTube Video
  • In this work, we demonstrate the feasibility of the large-scale scanning over the 3G/4G intranet. First, we adapt the Nmap scanner for 3G/4G intranets. We use it to scan more than 16 million mobile users of the three main ISPs in China, including China Mobile, China Telecom and China Unicom. During our scanning, we find that 2% of the scanned devices are installed with apps containing the WormHole...

Black Hat
Black Hat
YouTube Video
  • As the previous Director of Security at companies like Linksys, Belkin, and Wink, I learned hard lessons about the pitfalls of PKI. This was especially true on IoT devices, where the responsibility was on consumers or site managers to update & fix devices when security issues arose. I've experienced expired keys that killed device connections, private keys being accidentally dropped on consumer de...

Black Hat
Black Hat
YouTube Video
  • Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files and legacy textual formats. This session will cover the best practices on how to build a document analysis pipeline including the pros and cons of true type detection, sandboxing, signatures, dynamic/static content inspection, isolation and content disarming and reconstruction. We will als...

Black Hat
Black Hat
YouTube Video
  • Recent advancements in the Targeted Attacks technology, and specifically to the Lateral Movement phase of it, are about to ignite an Industrial Revolution in this field. The original Industrial Revolution and its use of modern methods of mass production is said to had brought "improvements in the cost, quality, quantity, and variety of goods available". The Lateral Movement Industrial Revolution ...

Black Hat
Black Hat
YouTube Video
  • A niche term just two years ago, ransomware has rapidly risen to fame in the last year, infecting hundreds of thousands of users, locking their documents, and demanding hefty ransoms to get them back. In doing so, it has become one of the largest cybercrime revenue sources, with heavy reliance on Bitcoins and Tor to confound the money trail. By Elie Bursztein, Kylie McRoberts and Luca Invernizzi ...

Black Hat
Black Hat
YouTube Video
  • Enterprises often require that their IT teams have no access to data kept inside the machines they administer, a separation that is crucial for compliance, privacy and defense in depth. To this end, industries use VMWare's rich security model to separate the infrastructure domain from the guest machine domain. For example, most companies allow their IT teams to create, modify, backup and delete gu...

Black Hat
Black Hat
YouTube Video
  • In this talk, we will discuss Android's attack surface reduction history, and how that fits into the broader Android security story. We will go into detail on the specific technical strategies used to achieve the attack surface reduction, and explore specific bugs which were made unreachable as a result of the hardening over the last several years. And we will examine the overall result of the har...

Black Hat
Black Hat
YouTube Video
  • Cyberspace is formed and governed by a range of different technical and policy communities. A major challenge is insufficient awareness and mutual acceptance among the various communities. The traditional government dialogues on international security, for instance within the United Nations, have struggled to work with this reality when addressing issues of war and peace in cyberspace. By Bill Wo...

Black Hat
Black Hat
YouTube Video
  • On April 16, 2016, an army of bots stormed upon Wix servers, creating new accounts and publishing shady websites in mass. The attack was carried by a malicious Chrome extension, installed on tens of thousands of devices, sending HTTP requests simultaneously. This “Extension Bot” has used Wix websites platform and Facebook messaging service, to distribute itself among users. Two months later, same ...

Black Hat
Black Hat
YouTube Video
  • In this talk we will present the ramifications of airborne attacks, which bypass all current security measures and provide hackers with a contagious attack, capable of jumping over "air-gapped" networks and allow easy full remote code execution on devices from every major OS. We will demonstrate two out of eight zero-day exploits we've found in the Bluetooth stacks of Linux, Android, Windows, and ...

Black Hat
Black Hat
YouTube Video
  • Red Team Techniques for Evading, Bypassing, and Disabling MS Advanced Threat Protection and Advanced Threat Analytics Windows Defender Advanced Threat Protection is now available for all Blue Teams to utilize within Windows 10 Enterprise and Server 2012/16, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. By Chris T...

Black Hat
Black Hat
YouTube Video
  • Zero-day vulnerabilities and their exploits are useful in offensive operations as well as in defensive and academic settings. RAND obtained rare access to a dataset of information about more than 200 zero-day software vulnerabilities and their exploits - many of which are still publicly unknown. We analyzed these data to provide insights about the zero-day vulnerability research and exploit devel...

Black Hat
Black Hat
YouTube Video
  • We introduce key reinstallation attacks. These attacks abuse features of a protocol to reinstall an already in-use key, thereby resetting nonces and/or replay counters associated to this key. We show that our novel attack technique breaks several handshakes that are used in a WPA2-protected network. By Mathy Vanhoef Read More: https://www.blackhat.com/eu-17/briefings/schedule/index.html#key-re...

Black Hat
Black Hat
YouTube Video
  • Black Hat Europe 2017 Day 2 Keynote by Joanna Rutkowska There are different approaches to making (computer) systems (reasonably) secure and trustworthy: At one extreme, we would like to ensure everything (software, hardware, infrastructure) is _trusted_. This means the code has no bugs or backdoors, patches are always available and deployed, admins always competent and trustworthy, and the infra...

Black Hat
Black Hat
YouTube Video
  • Black Hat Europe 2017 Day 1 Keynote by Chris Painter Governments and high-level executives have transitioned from seeing both policy and technical cyber threats as solely technical issues to core issues of national security, economic policy, human rights and, ultimately, foreign policy. Drawing on experience at the U.S. Department of Justice, at the White House, and finally at the U.S. State Depa...

Black Hat
Black Hat
YouTube Video
  • Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data. By Elie Bursztein, Jean-Michel Picod & Rémi Audebert Read More: https://www....

Black Hat
Black Hat
YouTube Video
  • Well, that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers With over 5 billion pulls from the Docker Hub, Docker is proving to be the most dominant technology in an exploding trend of containerization. An increasing number of production applications are now running inside containers; and to get to p...

Black Hat
Black Hat
YouTube Video
  • Trust is an implicit requirement of doing business - at some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, developers, and their parent organization. ...

Black Hat
Black Hat
YouTube Video
  • Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network Autonomic systems are smart systems which do not need any human management or intervention. Cisco is one of the first companies to deploy the technology in which the routers are just "Plug and Play" with no need for configuration. All that is needed is 5 commands to build a fully automated networ...

Black Hat
Black Hat
YouTube Video
  • Every year thousands of organizations are compromised by targeted attacks. In many cases the attacks are labeled as advanced and persistent which suggests a high level of sophistication in the attack and tools used. Many times, this title is leveraged as an excuse that the events were inevitable or irresistible, as if the assailants' skill set is well beyond what defenders are capable of. By Wayl...

Black Hat
Black Hat
YouTube Video
  • As Enterprises rush to adopt Office365 for increased business agility and cost reduction, too few are taking time to truly evaluate the risk associated with this decision. This briefing will attempt to shine a light on the potential hazards of Microsoft's SaaS offerings while also demonstrating a practical example of what a malicious actor can do when Office365 is allowed into the Enterprise. By ...

Black Hat
Black Hat
YouTube Video
  • Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. By Andrea Maria Zanchettin, D...

Black Hat
Black Hat
YouTube Video
  • To date, the only pro-active, user-focused solution against spear phishing has been cyber security awareness training. However, multiple lines of evidence—from continuing news stories of bigger and bolder breaches to objective academic assessments of training effects—point to its limited effectiveness. By Arun Vishwanath Read More: https://www.blackhat.com/us-17/briefings/schedule/index.html#w...

Black Hat
Black Hat
YouTube Video
  • The idea of a paperless office has been dreamed of for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and common Internet users. Instead of removing them, printers evolved from simple devices into complex network computer systems, installed directly into company networks, and carrying considerable confidential data in their print jobs...

Black Hat
Black Hat
YouTube Video
  • In kernel-mode, buffer overflows and similar memory corruption issues in the internal logic are usually self-evident and can be detected with a number of static and dynamic approaches. On the contrary, flaws directly related to interactions with user-mode clients tend to be more subtle, and can survive unnoticed for many years, while still providing primitives similar to the classic bugs. By Mat...

Black Hat
Black Hat
YouTube Video
  • In this talk, we recount how we found the first SHA-1 collision. We delve into the challenges we faced from developing a meaningful payload, to scaling the computation to that massive scale, to solving unexpected cryptanalytic challenges that occurred during this endeavor. By Elie Bursztein Read More: https://www.blackhat.com/us-17/briefings/schedule/index.html#how-we-created-the-first-sha-1-co...

Black Hat
Black Hat
YouTube Video
  • Annual Black Hat network debrief: We'll let you know all the stats and stories from behind the plexiglass curtain. There's always a lot to say about the Black Hat network. Some of it's true, some of it...not so much. Whether you're confidently connected with your own devices, or you're on your burner laptop, burner phone, and wearing a tinfoil hat, you've likely thought to yourself "What the hell...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.