Black Hat Briefings is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo. An event dedicated to the US federal agencies is organized in Washington, D.C.

Wikipedia
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Executive Interview: Yuval Cohen, CISO, ServiceNow
    Yuval Cohen, CISO at ServiceNow discusses the trends in cybersecurity that are keeping CISO's up at night, issues organizations are trying to overcome, and proposed solutions for the security industry's challenges.
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy
    by Moritz Lipp & Clémentine Maurice In the last years, mobile devices and smartphones have become the most important personal computing platform. Besides phone calls and managing the personal address book, they are also used to approve bank transfers and digitally sign official documents, thus storing very sensitive secrets. Their exposure or misappropriation would not only be a fatal infringem...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Breaking BHAD: Abusing Belkin Home Automation Devices
    by Scott Tenaglia & Joe Tanen In 2013 and 2014 several high profile vulnerabilities were found in Belkin's WeMo line of home automation devices. Belkin not only patched most of those vulnerabilities, but also maintains a very regular update cycle, which makes them one of the more responsive players in the IoT space. Therefore, we thought it would be interesting to revisit this line of IoT produ...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • EGO MARKET: When People's Greed for Fame Benefits Large-Scale Botnets
    by Masarah Paquet-Clouston & Olivier Bilodeau Want to give your blog a push or your "gun show" more views? Then why not buy 50,000 fake followers for $1,000! Click farms from down South or botnets such as Game over Zeus will be more than happy to supply them for you. For this talk, a criminologist and a security researcher teamed up to hunt a large-scale botnet dubbed Linux/Moose 2.0 that condu...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • DRAMA: How Your DRAM Becomes a Security Problem
    by Michael Schwarz & Anders Fogh In this talk, we will present our research into how the design of DRAM common to all computers and many other devices makes these computers and devices insecure. Since our attack methodology targets the DRAM, it is mostly independent of software flaws, operating system, virtualization technology and even CPU. The attack is based on the presence of a row buffer i...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Witchcraft Compiler Collection: Towards Self Aware Computer Programs
    by Jonathan Brossard With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code 'reuse' by relinking those relocatable objects as ar...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link...
    by Zinaida Benenson Messages containing links to malware-infected websites represent a serious threat. Despite the numerous user education efforts, people still click on suspicious links and attachments, and their motivations for clicking or not clicking remain hidden. We argue that knowing how people reason about their clicking behavior can help the defenders in devising more effective protectio...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Applied Machine Learning for Data Exfil and Other Fun Topics
    by Matt Wolff & Brian Wallace & Xuan Zhao Machine learning techniques have been gaining significant traction in a variety of industries in recent years, and the security industry is no exception to it's influence. These techniques, when applied correctly, can help assist in many data driven tasks to provide interesting insights and decision recommendations to analyst. While these techniques c...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land
    by Alvaro Munoz & Oleksandr Mirosh JNDI (Java Naming and Directory Interface) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services such as RMI, CORBA, LDAP, or DNS. This talk will present a new type of vulnerability named "JNDI Reference Injection" found on malware samples attacking Java App...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Keynote: The Seven Axioms of Security
    By Saumil Shah "Today's attacks succeed because the defense is reactive.” As the defenses have caught up and closed open doors, we attackers have looked for new avenues and vectors. Looking back on the state of defenses from One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up. It is time to transit...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Keynote: Why We are Not Building a Defendable Internet
    By Thomas Dullien / Halvar Flake In IT security, offensive problems are technical - but most defensive problems are political and organisational. Attackers have the luxury to focus only on the technical aspects of their work, while defenders have to navigate complex political and regulatory environments. In a previous talk ("Rearchitecting a defendable internet") I discussed what technical measur...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • ARMageddon: How Your Smartphone CPU Breaks Software-Level Security and Privacy
    by Moritz Lipp & Clémentine Maurice In the last years, mobile devices and smartphones have become the most important personal computing platform. Besides phone calls and managing the personal address book, they are also used to approve bank transfers and digitally sign official documents, thus storing very sensitive secrets. Their exposure or misappropriation would not only be a fatal infringem...
  • Breaking BHAD: Abusing Belkin Home Automation Devices
    by Scott Tenaglia & Joe Tanen In 2013 and 2014 several high profile vulnerabilities were found in Belkin's WeMo line of home automation devices. Belkin not only patched most of those vulnerabilities, but also maintains a very regular update cycle, which makes them one of the more responsive players in the IoT space. Therefore, we thought it would be interesting to revisit this line of IoT produ...
  • EGO MARKET: When People's Greed for Fame Benefits Large-Scale Botnets
    by Masarah Paquet-Clouston & Olivier Bilodeau Want to give your blog a push or your "gun show" more views? Then why not buy 50,000 fake followers for $1,000! Click farms from down South or botnets such as Game over Zeus will be more than happy to supply them for you. For this talk, a criminologist and a security researcher teamed up to hunt a large-scale botnet dubbed Linux/Moose 2.0 that condu...
  • DRAMA: How Your DRAM Becomes a Security Problem
    by Michael Schwarz & Anders Fogh In this talk, we will present our research into how the design of DRAM common to all computers and many other devices makes these computers and devices insecure. Since our attack methodology targets the DRAM, it is mostly independent of software flaws, operating system, virtualization technology and even CPU. The attack is based on the presence of a row buffer i...
  • Witchcraft Compiler Collection: Towards Self Aware Computer Programs
    by Jonathan Brossard With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code 'reuse' by relinking those relocatable objects as ar...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link...
    by Zinaida Benenson Messages containing links to malware-infected websites represent a serious threat. Despite the numerous user education efforts, people still click on suspicious links and attachments, and their motivations for clicking or not clicking remain hidden. We argue that knowing how people reason about their clicking behavior can help the defenders in devising more effective protectio...
  • Applied Machine Learning for Data Exfil and Other Fun Topics
    by Matt Wolff & Brian Wallace & Xuan Zhao Machine learning techniques have been gaining significant traction in a variety of industries in recent years, and the security industry is no exception to it's influence. These techniques, when applied correctly, can help assist in many data driven tasks to provide interesting insights and decision recommendations to analyst. While these techniques c...
  • A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land
    by Alvaro Munoz & Oleksandr Mirosh JNDI (Java Naming and Directory Interface) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services such as RMI, CORBA, LDAP, or DNS. This talk will present a new type of vulnerability named "JNDI Reference Injection" found on malware samples attacking Java App...
  • $Hell on Earth: From Browser to System Compromise
    by Matt Molinyawe & Jasiel Spelman & Abdul-Aziz Hariri & Joshua Smith The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state of the art in software exploitation. Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plugin. In most cases, these privileges were attained by exploiting the ...
  • The Linux Kernel Hidden Inside Windows 10
    by Alex Ionescu Initially known as "Project Astoria" and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it's back and improved in Windows 10 Anniversary Update ("Redstone"), unde...
  • HTTP/2 & Quic - Teaching Good Protocols to Do Bad Things
    by Catherine (Kate) Pearce & Carl Vincent The meteoric rise of SPDY, HTTP/2, and QUIC has gone largely unremarked upon by most of the security field. QUIC is an application-layer UDP-based protocol that multiplexes connections between endpoints at the application level, rather than the kernel level. HTTP/2 (H2) is a successor to SPDY, and multiplexes different HTTP streams within a single conne...
  • Can You Trust Me Now? An Exploration Into the Mobile Threat Landscape
    by Josh Thomas & Shawn Moyer Before we dive into specific mobile vulnerabilities and talk as if the end times are upon us, let us pop the stack and talk about how the mobile environment works as a whole. We will explore the assumptions and design paradigms of each player in the overall mobile space, along with the requirements and inheritance problems they face. The value of this approach is th...
  • Breaking Payment Points of Interaction (POI)
    by Nir Valtman & Patrick Watson The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security. The best example for that is the ability to bypass protections put in place by points of interaction (POI) devices, by simple m...
  • Capturing 0Day Exploits With Perfectly Placed Hardware Traps
    by Cody Pierce & Matt Spisak & Kenneth Fitch The security industry has gone to great lengths to make exploitation more difficult. Yet we continue to see weaponized exploits used in malware campaigns and targeted attacks capable of bypassing OS and vendor exploit mitigation strategies. Many of these newly deployed mitigations target code-reuse attacks like return-oriented-programming. Unfortun...
  • Beyond the Mcse: Active Directory for the Security Professional
    by Sean Metcalf Active Directory (AD) is leveraged by 95% of the Fortune 1000 companies for its directory, authentication, and management capabilities. This means that both Red and Blue teams need to have a better understanding of Active Directory, it's security, how it's attacked, and how best to align defenses. This presentation covers key Active Directory components which are critical for secu...
  • Augmenting Static Analysis Using Pintool: Ablation
    by Paul Mehta Ablation is a tool built to extract information from a process as it executes. This information is then imported into the disassembly environment where it used to resolve virtual calls, highlight regions of code executed, or visually diff samples. The goal of Ablation is to augment static analysis with minimal overhead or user interaction. C++ binaries can be a real pain to audit s...
  • Abusing Bleeding Edge Web Standards for Appsec Glory
    by Bryant Zadegan & Ryan Lester Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns...
  • A Retrospective on the Use of Export Cryptography
    by David Adrian TLS has experienced three major vulnerabilities stemming from "export-grade" cryptography in the last year---FREAK, Logajm, and Drown. Although regulations limiting the strength of cryptography that could be exported from the United States were lifted in 1999, and export ciphers were subsequently deprecated in TLS 1.1, Internet-wide scanning showed that support for various forms o...
  • Measuring Adversary Costs to Exploit Commercial Software...
    by Mudge & Sarah Zatko Many industries, provide consumers with data about the quality, content, and cost of ownership of products, but the software industry leaves consumers with very little data to act upon. In fact when it comes to how secure or weak a product is from a security perspective, there is no meaningful consumer facing data. There has long been a call for the establishment of an in...
  • Memory Forensics Using Virtual Machine Introspection for Cloud Computing
    by Tobias Zillner The relocation of systems and services into cloud environments is on the rise. Because of this trend users lose direct control over their machines and depend on the offered services from cloud providers. These services are especially in the field of digital forensics very rudimentary. The possibilities for users to analyze their virtual machines with forensic methods are very li...
Black Hat
Black Hat
YouTube Video

New YouTube videos detected.

  • Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace
    by Jason Healey Cyber attackers have had the advantage for decades over defenders but we can and must change this with a more defensible cyberspace. This talk describes the results of a recent task force to identify the top technologies, operational innovations and public policies which have delivered security at scale for the defense to catch up with attackers. All of these innovations have one...
Black Hat
Black Hat
YouTube Video
Black Hat
Black Hat
YouTube Video
Black Hat
Black Hat
YouTube Video

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.