Event: Black Hat USA 2015 – Briefings

Event Period: August 1 – 6, 2015

Briefings to be held on 5th and 6th  August, 2015

The featured briefings for Black Hat USA 2015  have been released. The main themes include vehicles, Windows 10 and the Internet of Things. Some of these briefings will demonstrate weaknesses that can be exploited in these new technologies and the resulting hazards, after they are hacked. While, the other briefings will speak to new security methods developed to protect these technologies. Below is a summary list of the titles for these briefings:

  • Adventures in Femtoland: 350 Yuan for Invaluable Fun
  • Accessing and Exploiting BigNum Vulnerabilities
  • Attacking EMCAScript Engines with Redefinition
  • Attacking Interoperability – An OLE Edition
  • Attacking Your Trusted Core: Exploiting Trustzone on Android
  • Automated Human Vulnerability Scanning with Ava
  • Back Doors and Front Doors: Breaking The Unbreakable System
  • Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture
  • Big Game Hunting: The Peculiarities of Nation-State Malware Research
  • Breaking Access Controls with Blekey
  • Breaking Payloads with Runtime Code Stripping and Image Freezing
  • Broadcasting Your Attack: Security Testing DAB Radio in Cars
  • Bypass Control Flow Guard Comprehensively
  • Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF), FLASH, and DNS
  • Certifi-Gate: Front-Door Access To Pwning Millions of Androids
  • Commercial Mobile Spyware – Detecting The Undetectable
  • Data-Driven Threat Intelligence: Metrics On Indicator Dissemination And Sharing
  • Deep Learning on Disassembly
  • Defeating Machine Learning: What your Security Vendor is not telling you
  • Defeating Pass-The-Hash: Separation of Powers
  • DOM Flow – Untangling The DOM For More Easy-Juicy Bugs
  • Emanate Like A Boss: Generalized Convert Data Exfiltration With Funtenna
  • Exploiting the DRAM RowHammer Bug to Gain Kernel Privileges
  • Exploiting XXE Vulnerabilities In File Parsing Funictionality
  • Faux Disk Encryption: Realities of Secure Storage On Mobile Devices
  • Fingerprints on Mobile Devices: Abusing and Leaking
  • Fuzzing Android System Services By Binder Call To Escalate Privilege
  • GameOver Zeus: Badguys and Backends
  • Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
  • Hacking into Smart phones and Cars with a SIM Card
  • How to Hack Government: Technologists as Policy Makers
  • How to Implement IT Security After a Cyber Meltdown
  • How Vulnerable are We to Scams?
  • Internet Plumbing For Security Professionals: The State of BGP Security
  • Most Ransomware isn’t as Complex as You Might Think
  • Pen Testing a City
  • Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection
  • Remote Exploitation of an Unaltered Passenger Vehicle
  • Re-purposing OnionDuke: A Single Case Study around reusing Nation State Malware
  • Return to Where? You can’t Exploit What You Can’t Find
  • Server-Side Template Injection: RCE For the Modern Web App
  • Social Engineering The Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities
  • Spread Spectrum SATCOM Hacking: Attacking the GlobalStar Simplex Data Service
  • StageFright: Scary Code in the Heart of Android
  • Staying Persistent in Software Defined Networks
  • Stranger Danger! What is the Risk from 3rd Party Libraries
  • Switches get Stitches
  • The Battle for Free Speech on the Internet
  • The Memory Sinkhole – Unleashing An X86 Design Flaw allowing Universal Privilege Escalation
  • The Node.js Highway: Attacks are at Full Throttle
  • The NSA Playset: A Year of Toys and Tools
  • Thunderstrike 2: Sith Strike
  • TrustKit: Code Injection on IOS 8 for the Greater Good
  • Understanding and Managing Entropy Usage
  • Understanding the Attack Surface And Attack Resilience of Project Spartan’s New EDGEHTML Rendering Engine
  • When IOT Attacks: Hacking A Linux-Powered Rifle
  • Why Security Data Science Matters and How It’s Different: Pitfalls and Promises of Data Science Based Breach Detection And Threat Intelligence
  • Winning the Online Banking War


Click on the link below to read more about the Black Hat USA 2015 featured briefings.


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.