최근 Blackhat 2018 USA / Defcon 행사가 진행됬었습니다. 자료도 슬슬 올라오고 어떤 내용의 발표들이 있었는지 Title만 정리해둡니다. (천천히 읽어봐야겠네요, 재미있는건 포스팅하도록 하겠습니다)
자료는 모두 media 서버로 올라와있습니다. https://media.defcon.org/DEF%20CON%2026
Briefings
| - | Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes |
|---|---|
| - | A Brief History of Mitigation: The Path to EL1 in iOS 11 |
| - | A Deep Dive into macOS MDM (and How it can be Compromised) |
| - | A Dive in to Hyper-V Architecture & Vulnerabilities |
| - | A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme |
| - | AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries |
| - | AI & ML in Cyber Security - Why Algorithms are Dangerous |
| - | An Attacker Looks at Docker: Approaching Multi-Container Applications |
| - | Another Flip in the Row |
| - | Applied Self-Driving Car Security |
| - | Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies |
| - | ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware |
| - | Automated Discovery of Deserialization Gadget Chains |
| - | Back to the Future: A Radical Insecure Design of KVM on ARM |
| - | Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure |
| - | Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre |
| - | Black Box is Dead. Long Live Black Box! |
| - | Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths |
| - | Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! |
| - | Breaking the IIoT: Hacking industrial Control Gateways |
| - | CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment |
| - | Catch me Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time |
| - | Compression Oracle Attacks on VPN Networks |
| - | Decompiler Internals: Microcode |
| - | Deep Dive into an ICS Firewall Looking for the Fire Hole |
| - | Deep Neural Networks for Hackers: Methods Applications and Open Source Tools |
| - | DeepLocker - Concealing Targeted Attacks with AI Locksmithing |
| - | Demystifying PTSD in the Cybersecurity Environment |
| - | Detecting Credential Compromise in AWS |
| - | Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities |
| - | Dissecting Non-Malicious Artifacts: One IP at a Time |
| - | Don't @ Me: Hunting Twitter Bots at Scale |
| - | Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking |
| - | Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels |
| - | Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering |
| - | Exploitation of a Modern Smartphone Baseband |
| - | Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection |
| - | Finding Xori: Malware Analysis Triage with Automated Disassembly |
| - | Fire & Ice: Making and Breaking macOS Firewalls |
| - | Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina |
| - | For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems |
| - | From Bot to Robot: How Abilities and Law Change with Physicality |
| - | From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities |
| - | From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it |
| - | GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs |
| - | Hardening Hyper-V through Offensive Security Research |
| - | Holding on for Tonight: Addiction in InfoSec |
| - | How can Communities Move Forward After Incidents of Sexual Harassment or Assault? |
| - | How can Someone with Autism Specifically Enhance the Cyber Security Workforce? |
| - | How I Learned to Stop Worrying and Love the SBOM |
| - | I for One Welcome Our New Power Analysis Overlords |
| - | Identity Theft: Attacks on SSO Systems |
| - | InfoSec Philosophies for the Corrupt Economy |
| - | IoT Malware: Comprehensive Survey Analysis Framework and Case Studies |
| - | Is the Mafia Taking Over Cybercrime? |
| - | It's a PHP Unserialization Vulnerability Jim but Not as We Know It |
| - | KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous |
| - | Kernel Mode Threats and Practical Defenses |
| - | Last Call for SATCOM Security |
| - | Legal Landmines: How Law and Policy are Rapidly Shaping Information Security |
| - | Legal Liability for IOT Cybersecurity Vulnerabilities |
| - | Lessons and Lulz: The 4th Annual Black Hat USA NOC Report |
| - | Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines |
| - | Lowering the Bar: Deep Learning for Side Channel Analysis |
| - | LTE Network Automation Under Threat |
| - | Mainframe [z/OS] Reverse Engineering and Exploit Development |
| - | Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware |
| - | Meltdown: Basics Details Consequences |
| - | Mental Health Hacks: Fighting Burnout Depression and Suicide in the Hacker Community |
| - | Miasm: Reverse Engineering Framework |
| - | Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims |
| - | New Norms and Policies in Cyber-Diplomacy |
| - | New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers |
| - | No Royal Road … Notes on Dangerous Game |
| - | None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service |
| - | Open Sesame: Picking Locks with Cortana |
| - | Outsmarting the Smart City |
| - | Over-the-Air: How we Remotely Compromised the Gateway BCM and Autopilot ECUs of Tesla Cars |
| - | Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives |
| - | Playback: A TLS 1.3 Story |
| - | Practical Web Cache Poisoning: Redefining 'Unexploitable' |
| - | Protecting the Protector Hardening Machine Learning Defenses Against Adversarial Attacks |
| - | Real Eyes Realize Real Lies: Beating Deception Technologies |
| - | Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots |
| - | Remotely Attacking System Firmware |
| - | Return of Bleichenbacher's Oracle Threat (ROBOT) |
| - | Reversing a Japanese Wireless SD Card - From Zero to Code Execution |
| - | Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers |
| - | SDL That Won't Break the Bank |
| - | SirenJack: Cracking a 'Secure' Emergency Warning Siren System |
| - | Snooping on Cellular Gateways and Their Critical Role in ICS |
| - | So I became a Domain Controller |
| - | Software Attacks on Hardware Wallets |
| - | Squeezing a Key through a Carry Bit |
| - | Stealth Mango and the Prevalence of Mobile Surveillanceware |
| - | Stop that Release There's a Vulnerability! |
| - | Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops |
| - | Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology |
| - | The Air-Gap Jumpers |
| - | The Finest Penetration Testing Framework for Software-Defined Networks |
| - | The Problems and Promise of WebAssembly |
| - | The Science of Hiring and Retaining Female Cybersecurity Engineers |
| - | The Unbearable Lightness of BMC's |
| - | The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet |
| - | There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently |
| - | Threat Modeling in |
| - | TLBleed: When Protecting Your CPU Caches is Not Enough |
| - | TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems Forever |
| - | Two-Factor Authentication Usable or Not? A Two-Phase Usability Study of the FIDO U |
| - | Understanding and Exploiting Implanted Medical Devices |
| - | Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library |
| - | WebAssembly: A New World of Native Exploits on the Browser |
| - | Why so Spurious? How a Highly Error-Prone x86/x64 CPU Feature can be Abused to Achieve Local Privilege Escalation on Many Operating Systems |
| - | Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator |
| - | WireGuard: Next Generation Secure Network Tunnel |
| - | Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities |
| - | Your Voice is My Passport |
| - | ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? |
How to easy check?
https://www.blackhat.com/us-18/briefings.html 페이지에서..
data = document.getElementsByClassName('h2-link')
for (var i in data) {
console.log(data[i].title)
}
자바스크립트로 돌리면 편합니다. h2-link class가 각 발표 세션 제목이기 때문이죵