Black Hat Briefings is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo. An event dedicated to the US federal agencies is organized in Washington, D.C.

Wikipedia
Black Hat
Black Hat
YouTube Video
  • The presentation starts with the introduction of Hourglass Model 2.0, a research framework allowing researchers with limited access to underground marketplace to further collect security intelligence leads that can be used for both threat prevention and mitigation plan development. By Anna Chung Full Abstract & Presentation Materials: https://www.blackhat.com/asia-18/briefings.html#hourglass-mod...

Black Hat
Black Hat
YouTube Video
  • In this talk, we will disclose four recent campaigns conducted by the groups. These campaign targeted banks in South Korea and EMEA, an ATM company and several Bitcoin exchanges service provider. We will introduce the malware, vulnerabilities, IOC, and attack vectors discovered in these attacks. By Chi-en (Ashley) Shen, Kyoung-ju Kwak & Min-Chang Jang Full Abstract & Presentation Materials: http...

Black Hat
Black Hat
YouTube Video
  • Millions of networks are relying on Windows authentication protocols to secure their logins, and consequently, their network's integrity. In this talk, we will show a surprising chosen-plaintext attack exploiting a logical vulnerability in one of Windows' more common protocols. By Eyal Karni & Yaron Zinar & Roman Blachman Full Abstract & Presentation Materials: https://www.blackhat.com/asia-18/b...

Black Hat
Black Hat
YouTube Video
  • Black Hat Asia 2018 Day 2 Keynote: A Short Course in Cyber Warfare presented by The Grugq Cyber is a new dimension in conflict which is still not fully theorized or conceptualized. Not that that is stopping anybody. Critically, cyber is the third new dimension in war in the last century, and the only one where the great powers are openly engaged in active conflict. Here we have an opportunity to...

Black Hat
Black Hat
YouTube Video
  • Black Hat Asia 2018 Day 1 Keynote Bill Woodcock addresses past and current efforts to curtail nation-state cyber-attacks on the private-sector core infrastructure of the Internet. From the live fire cyber exercises of the dot-com era and the US-China-Russia cyber-conflicts and United Nations “Group of Government Experts" of the subsequent decade to the current effort of the Global Commission on t...

Black Hat
Black Hat
YouTube Video
  • The connected landscape enables organizations to innovate but also increases their risk exposure. Todd Waskelis, AVP of AT&T Cybersecurity Solutions, reveals the disconnect between business and security while highlighting the importance of a layered defense. Let AT&T help accelerate and protect your digital transformation with security expertise and data insights. Video Highlight...

Black Hat
Black Hat
YouTube Video
  • 2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability to the spotlight and motivated the community to start finding and fixing these issues. by Alvaro Muñoz & Oleksandr Mirosh Full Abstract & Pre...

Black Hat
Black Hat
YouTube Video
  • In this talk we show how to detect and abuse logical flaws in implementations of this handshake.Our goal is not to detect common programming errors such as buffer overflows or double frees, but to detect logical vulnerabilities. By Mathy Vanhoef Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#wifuzz-detecting-and-exploiting-logical-flaws-in-the-wi-fi-crypto...

Black Hat
Black Hat
YouTube Video
  • Microsoft Advanced Threat Analytics (ATA) is a defense platform which reads information from multiple sources like traffic for certain protocols to the Domain Controller, Windows Event Logs and SIEM events. The information thus collected is used to detect Reconnaissance, Credentials replay, Lateral movement, Persistence attacks etc. Well known attacks like Pass-the-Hash, Pass-the-Ticket, Overpass-...

Black Hat
Black Hat
YouTube Video
  • Your datacenter isn't a bunch of computers, it is *a* computer. While some large organizations have over a decade of experience running software-defined datacenters at massive scale, many more large organizations are just now laying the foundations for their own cloud-scale platforms based on similar ideas. By Dino Dai Zovi Full Abstract: https://www.blackhat.com/us-17/briefings/schedule/index....

Black Hat
Black Hat
YouTube Video
  • Dumping firmware from hardware, utilizing a non-eMMC flash storage device, can be a daunting task with expensive programmers required, 15+ wires to solder (or a pricey socket), and dumps that contain extra data to allow for error correction. By Amir Etemadieh, Khoa Hoang & CJ Heres Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#hacking-hardware-with-a-$10-...

Black Hat
Black Hat
YouTube Video
  • Serverless technology is getting increasingly ubiquitous in the enterprise and startup communities. As micro-services multiply and single purpose services grow, how do you audit and defend serverless runtimes? By Andrew Krug & Graham Jones Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#hacking-serverless-runtimes-profiling-aws-lambda-azure-functions-and-mo...

Black Hat
Black Hat
YouTube Video
  • Detecting the compromised websites, gates, and dedicated hosts that make up the infrastructure used by Exploit Kits involves a variety of creative techniques. In this session, we will detail four approaches to uncovering these systems while explaining the underlying architecture of Exploit Kit networks. By Brad Antoniewicz & Matt Foley Full Abstract: https://www.blackhat.com/us-17/briefings/sch...

Black Hat
Black Hat
YouTube Video
  • In this session, we present the OpenCrypto library that enables programmers to utilize all the capabilities of JavaCards (e.g., the cryptographic coprocessor) without being bound to a specific vendor. By Vasilios Mavroudis, George Danezis, Petr Svenda & Dan Cvrcek Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#opencrypto-unchaining-the-javacard-ecosystem

Black Hat
Black Hat
YouTube Video
  • Preventive and reactive security measures can only partially mitigate the damage caused by modern ransomware attacks. The remarkable amount of illicit profit and the cybercriminals' increasing interest in ransomware schemes demonstrate that current defense solutions are failing, and a large number of users are actually paying the ransoms. In fact, pure-detection approaches (e.g., based on analysis...

Black Hat
Black Hat
YouTube Video
  • Web Cache Deception attack is a new web attack vector that puts various technologies and frameworks at risk. By manipulating behaviors of web servers and caching mechanisms, anonymous attackers can expose sensitive information of authenticated application users, and in certain cases to even take control over their accounts. By Omer Gil Read More and Download Presentation Materials: https://www....

Black Hat
Black Hat
YouTube Video
  • Ever want to talk to someone that runs a bug bounty program and get the real scoop on its impact to application security? Whether your company has a bounty program or is considering starting one, join this panel of bounty managers for real talk on signal vs noise, ROI, interacting with bounty hunters, and all the little things they wish they'd known before learning the hard way. By Kymberlee Pri...

Black Hat
Black Hat
YouTube Video
  • For UEFI firmware, the barbarians are at the gate -- and the gate is open. On the one hand, well-intentioned researchers are increasingly active in the UEFI security space; on the other hand, so are attackers. Information about UEFI implants -- by HackingTeam and state-sponsored actors alike -- hints at the magnitude of the problem, but are these isolated incidents, or are they indicative of a mor...

Black Hat
Black Hat
YouTube Video
  • This talk will share practical lessons learned at Etsy on the most effective application security techniques in todays increasingly rapid world of application creation and delivery. Specifically, it will cover how to: - Adapt traditionally heavyweight controls like static analysis and dynamic scanning to lightweight efforts that work in modern development and deployment practices - Obtain visibil...

Black Hat
Black Hat
YouTube Video
  • In this work, we demonstrate the feasibility of the large-scale scanning over the 3G/4G intranet. First, we adapt the Nmap scanner for 3G/4G intranets. We use it to scan more than 16 million mobile users of the three main ISPs in China, including China Mobile, China Telecom and China Unicom. During our scanning, we find that 2% of the scanned devices are installed with apps containing the WormHole...

Black Hat
Black Hat
YouTube Video
  • As the previous Director of Security at companies like Linksys, Belkin, and Wink, I learned hard lessons about the pitfalls of PKI. This was especially true on IoT devices, where the responsibility was on consumers or site managers to update & fix devices when security issues arose. I've experienced expired keys that killed device connections, private keys being accidentally dropped on consumer de...

Black Hat
Black Hat
YouTube Video
  • Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files and legacy textual formats. This session will cover the best practices on how to build a document analysis pipeline including the pros and cons of true type detection, sandboxing, signatures, dynamic/static content inspection, isolation and content disarming and reconstruction. We will als...

Black Hat
Black Hat
YouTube Video
  • Recent advancements in the Targeted Attacks technology, and specifically to the Lateral Movement phase of it, are about to ignite an Industrial Revolution in this field. The original Industrial Revolution and its use of modern methods of mass production is said to had brought "improvements in the cost, quality, quantity, and variety of goods available". The Lateral Movement Industrial Revolution ...

Black Hat
Black Hat
YouTube Video
  • A niche term just two years ago, ransomware has rapidly risen to fame in the last year, infecting hundreds of thousands of users, locking their documents, and demanding hefty ransoms to get them back. In doing so, it has become one of the largest cybercrime revenue sources, with heavy reliance on Bitcoins and Tor to confound the money trail. By Elie Bursztein, Kylie McRoberts and Luca Invernizzi ...

Black Hat
Black Hat
YouTube Video
  • Enterprises often require that their IT teams have no access to data kept inside the machines they administer, a separation that is crucial for compliance, privacy and defense in depth. To this end, industries use VMWare's rich security model to separate the infrastructure domain from the guest machine domain. For example, most companies allow their IT teams to create, modify, backup and delete gu...

Black Hat
Black Hat
YouTube Video
  • In this talk, we will discuss Android's attack surface reduction history, and how that fits into the broader Android security story. We will go into detail on the specific technical strategies used to achieve the attack surface reduction, and explore specific bugs which were made unreachable as a result of the hardening over the last several years. And we will examine the overall result of the har...

Black Hat
Black Hat
YouTube Video
  • Cyberspace is formed and governed by a range of different technical and policy communities. A major challenge is insufficient awareness and mutual acceptance among the various communities. The traditional government dialogues on international security, for instance within the United Nations, have struggled to work with this reality when addressing issues of war and peace in cyberspace. By Bill Wo...

Black Hat
Black Hat
YouTube Video
  • On April 16, 2016, an army of bots stormed upon Wix servers, creating new accounts and publishing shady websites in mass. The attack was carried by a malicious Chrome extension, installed on tens of thousands of devices, sending HTTP requests simultaneously. This “Extension Bot” has used Wix websites platform and Facebook messaging service, to distribute itself among users. Two months later, same ...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.