최근 Blackhat 2018 USA / Defcon 행사가 진행됬었습니다. 자료도 슬슬 올라오고 어떤 내용의 발표들이 있었는지 Title만 정리해둡니다. (천천히 읽어봐야겠네요, 재미있는건 포스팅하도록 하겠습니다)


자료는 모두 media 서버로 올라와있습니다.
https://media.defcon.org/DEF%20CON%2026

Briefings

-Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
-A Brief History of Mitigation: The Path to EL1 in iOS 11
-A Deep Dive into macOS MDM (and How it can be Compromised)
-A Dive in to Hyper-V Architecture & Vulnerabilities
-A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
-AFL\'s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
-AI & ML in Cyber Security - Why Algorithms are Dangerous
-An Attacker Looks at Docker: Approaching Multi-Container Applications
-Another Flip in the Row
-Applied Self-Driving Car Security
-Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
-ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
-Automated Discovery of Deserialization Gadget Chains
-Back to the Future: A Radical Insecure Design of KVM on ARM
-Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
-Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
-Black Box is Dead. Long Live Black Box!
-Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
-Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
-Breaking the IIoT: Hacking industrial Control Gateways
-CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
-Catch me Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
-Compression Oracle Attacks on VPN Networks
-Decompiler Internals: Microcode
-Deep Dive into an ICS Firewall Looking for the Fire Hole
-Deep Neural Networks for Hackers: Methods Applications and Open Source Tools
-DeepLocker - Concealing Targeted Attacks with AI Locksmithing
-Demystifying PTSD in the Cybersecurity Environment
-Detecting Credential Compromise in AWS
-Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
-Dissecting Non-Malicious Artifacts: One IP at a Time
-Don\'t @ Me: Hunting Twitter Bots at Scale
-Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
-Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
-Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
-Exploitation of a Modern Smartphone Baseband
-Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
-Finding Xori: Malware Analysis Triage with Automated Disassembly
-Fire & Ice: Making and Breaking macOS Firewalls
-Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
-For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
-From Bot to Robot: How Abilities and Law Change with Physicality
-From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
-From Workstation to Domain Admin: Why Secure Administration isn\'t Secure and How to Fix it
-GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
-Hardening Hyper-V through Offensive Security Research
-Holding on for Tonight: Addiction in InfoSec
-How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
-How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
-How I Learned to Stop Worrying and Love the SBOM
-I for One Welcome Our New Power Analysis Overlords
-Identity Theft: Attacks on SSO Systems
-InfoSec Philosophies for the Corrupt Economy
-IoT Malware: Comprehensive Survey Analysis Framework and Case Studies
-Is the Mafia Taking Over Cybercrime?
-It\'s a PHP Unserialization Vulnerability Jim but Not as We Know It
-KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
-Kernel Mode Threats and Practical Defenses
-Last Call for SATCOM Security
-Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
-Legal Liability for IOT Cybersecurity Vulnerabilities
-Lessons and Lulz: The 4th Annual Black Hat USA NOC Report
-Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
-Lowering the Bar: Deep Learning for Side Channel Analysis
-LTE Network Automation Under Threat
-Mainframe [z/OS] Reverse Engineering and Exploit Development
-Measuring the Speed of the Red Queen\'s Race; Adaption and Evasion in Malware
-Meltdown: Basics Details Consequences
-Mental Health Hacks: Fighting Burnout Depression and Suicide in the Hacker Community
-Miasm: Reverse Engineering Framework
-Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
-New Norms and Policies in Cyber-Diplomacy
-New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
-No Royal Road … Notes on Dangerous Game
-None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
-Open Sesame: Picking Locks with Cortana
-Outsmarting the Smart City
-Over-the-Air: How we Remotely Compromised the Gateway BCM and Autopilot ECUs of Tesla Cars
-Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
-Playback: A TLS 1.3 Story
-Practical Web Cache Poisoning: Redefining \'Unexploitable\'
-Protecting the Protector Hardening Machine Learning Defenses Against Adversarial Attacks
-Real Eyes Realize Real Lies: Beating Deception Technologies
-Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
-Remotely Attacking System Firmware
-Return of Bleichenbacher\'s Oracle Threat (ROBOT)
-Reversing a Japanese Wireless SD Card - From Zero to Code Execution
-Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
-SDL That Won\'t Break the Bank
-SirenJack: Cracking a \'Secure\' Emergency Warning Siren System
-Snooping on Cellular Gateways and Their Critical Role in ICS
-So I became a Domain Controller
-Software Attacks on Hardware Wallets
-Squeezing a Key through a Carry Bit
-Stealth Mango and the Prevalence of Mobile Surveillanceware
-Stop that Release There\'s a Vulnerability!
-Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
-Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
-The Air-Gap Jumpers
-The Finest Penetration Testing Framework for Software-Defined Networks
-The Problems and Promise of WebAssembly
-The Science of Hiring and Retaining Female Cybersecurity Engineers
-The Unbearable Lightness of BMC\'s
-The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
-There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
-Threat Modeling in
-TLBleed: When Protecting Your CPU Caches is Not Enough
-TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems Forever
-Two-Factor Authentication Usable or Not? A Two-Phase Usability Study of the FIDO U
-Understanding and Exploiting Implanted Medical Devices
-Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
-WebAssembly: A New World of Native Exploits on the Browser
-Why so Spurious? How a Highly Error-Prone x86/x64 CPU Feature can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
-Windows Offender: Reverse Engineering Windows Defender\'s Antivirus Emulator
-WireGuard: Next Generation Secure Network Tunnel
-Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
-Your Voice is My Passport
-ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?

How to easy check?

https://www.blackhat.com/us-18/briefings.html 페이지에서..

data = document.getElementsByClassName('h2-link')

for (var i in data) {
  console.log(data[i].title)
}

자바스크립트로 돌리면 편합니다. h2-link class가 각 발표 세션 제목이기 때문이죵

댓글 없음:

댓글 쓰기