Back

Defcon 2018 발표 자료 및 Briefings list

최근 Blackhat 2018 USA / Defcon 행사가 진행됬었습니다. 자료도 슬슬 올라오고 어떤 내용의 발표들이 있었는지 Title만 정리해둡니다. (천천히 읽어봐야겠네요, 재미있는건 포스팅하도록 하겠습니다)

자료는 모두 media 서버로 올라와있습니다. https://media.defcon.org/DEF%20CON%2026

Briefings

- Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
- A Brief History of Mitigation: The Path to EL1 in iOS 11
- A Deep Dive into macOS MDM (and How it can be Compromised)
- A Dive in to Hyper-V Architecture & Vulnerabilities
- A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
- AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
- AI & ML in Cyber Security - Why Algorithms are Dangerous
- An Attacker Looks at Docker: Approaching Multi-Container Applications
- Another Flip in the Row
- Applied Self-Driving Car Security
- Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
- ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
- Automated Discovery of Deserialization Gadget Chains
- Back to the Future: A Radical Insecure Design of KVM on ARM
- Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
- Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
- Black Box is Dead. Long Live Black Box!
- Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
- Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
- Breaking the IIoT: Hacking industrial Control Gateways
- CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
- Catch me Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
- Compression Oracle Attacks on VPN Networks
- Decompiler Internals: Microcode
- Deep Dive into an ICS Firewall Looking for the Fire Hole
- Deep Neural Networks for Hackers: Methods Applications and Open Source Tools
- DeepLocker - Concealing Targeted Attacks with AI Locksmithing
- Demystifying PTSD in the Cybersecurity Environment
- Detecting Credential Compromise in AWS
- Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
- Dissecting Non-Malicious Artifacts: One IP at a Time
- Don't @ Me: Hunting Twitter Bots at Scale
- Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
- Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
- Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
- Exploitation of a Modern Smartphone Baseband
- Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
- Finding Xori: Malware Analysis Triage with Automated Disassembly
- Fire & Ice: Making and Breaking macOS Firewalls
- Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
- For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
- From Bot to Robot: How Abilities and Law Change with Physicality
- From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
- From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it
- GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
- Hardening Hyper-V through Offensive Security Research
- Holding on for Tonight: Addiction in InfoSec
- How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
- How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
- How I Learned to Stop Worrying and Love the SBOM
- I for One Welcome Our New Power Analysis Overlords
- Identity Theft: Attacks on SSO Systems
- InfoSec Philosophies for the Corrupt Economy
- IoT Malware: Comprehensive Survey Analysis Framework and Case Studies
- Is the Mafia Taking Over Cybercrime?
- It's a PHP Unserialization Vulnerability Jim but Not as We Know It
- KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
- Kernel Mode Threats and Practical Defenses
- Last Call for SATCOM Security
- Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
- Legal Liability for IOT Cybersecurity Vulnerabilities
- Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
- Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
- Lowering the Bar: Deep Learning for Side Channel Analysis
- LTE Network Automation Under Threat
- Mainframe [z/OS] Reverse Engineering and Exploit Development
- Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
- Meltdown: Basics Details Consequences
- Mental Health Hacks: Fighting Burnout Depression and Suicide in the Hacker Community
- Miasm: Reverse Engineering Framework
- Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
- New Norms and Policies in Cyber-Diplomacy
- New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
- No Royal Road … Notes on Dangerous Game
- None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
- Open Sesame: Picking Locks with Cortana
- Outsmarting the Smart City
- Over-the-Air: How we Remotely Compromised the Gateway BCM and Autopilot ECUs of Tesla Cars
- Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
- Playback: A TLS 1.3 Story
- Practical Web Cache Poisoning: Redefining 'Unexploitable'
- Protecting the Protector Hardening Machine Learning Defenses Against Adversarial Attacks
- Real Eyes Realize Real Lies: Beating Deception Technologies
- Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
- Remotely Attacking System Firmware
- Return of Bleichenbacher's Oracle Threat (ROBOT)
- Reversing a Japanese Wireless SD Card - From Zero to Code Execution
- Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
- SDL That Won't Break the Bank
- SirenJack: Cracking a 'Secure' Emergency Warning Siren System
- Snooping on Cellular Gateways and Their Critical Role in ICS
- So I became a Domain Controller
- Software Attacks on Hardware Wallets
- Squeezing a Key through a Carry Bit
- Stealth Mango and the Prevalence of Mobile Surveillanceware
- Stop that Release There's a Vulnerability!
- Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
- Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
- The Air-Gap Jumpers
- The Finest Penetration Testing Framework for Software-Defined Networks
- The Problems and Promise of WebAssembly
- The Science of Hiring and Retaining Female Cybersecurity Engineers
- The Unbearable Lightness of BMC's
- The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
- There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
- Threat Modeling in
- TLBleed: When Protecting Your CPU Caches is Not Enough
- TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems Forever
- Two-Factor Authentication Usable or Not? A Two-Phase Usability Study of the FIDO U
- Understanding and Exploiting Implanted Medical Devices
- Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
- WebAssembly: A New World of Native Exploits on the Browser
- Why so Spurious? How a Highly Error-Prone x86/x64 CPU Feature can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
- Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
- WireGuard: Next Generation Secure Network Tunnel
- Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
- Your Voice is My Passport
- ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?

How to easy check?

https://www.blackhat.com/us-18/briefings.html 페이지에서..

data = document.getElementsByClassName('h2-link')

for (var i in data) {
  console.log(data[i].title)
}

자바스크립트로 돌리면 편합니다. h2-link class가 각 발표 세션 제목이기 때문이죵

Licensed under CC BY-NC-SA 4.0
Last updated on Jul 10, 2021 01:05 +0900