Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

全部节点
时间 节点
2024年4月19日 07:31 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
Mr David Koh is Singapore's first Commissioner of Cybersecurity and the founding Chief Executive of the Cyber Security Agency (CSA) of Singapore. He is concurrently Chief (Digital Security & Technology) at the Ministry of Communications and Information.<br><br>As Commissioner, he has the legal authority to investigate cyber threats and incidents to ensure that essential services are not disrupted in the event of a cyber-attack. As Chief Executive of CSA, he leads Singapore's efforts to provide dedicated and centralised oversight of national cyber security functions. These include enforcing the cybersecurity legislation; strategy and policy development; cyber security operations; ecosystem, R&D and capability development, public outreach and international engagement. Concurrently, as Chief (Digital Security & Technology), he oversees digital security policy and technology capability development in the Ministry of Communications and Info
2024年4月2日 02:23 blackhat
发布时间:2024-03-30 演讲时间:2024-04-19 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2024年3月27日 07:22 blackhat
发布时间:2024-03-27 演讲时间:2024-04-19 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
In this fireside chat, Black Hat Founder Jeff Moss sits down with Ruimin He, Singapore's Chief Artificial Intelligence (AI) Officer to discuss the similarities and differences between AI and previous waves of digitalisation. They reveal that due to the transformative potential of AI that new approaches are needed to deal with the technology's novel challenges so that the benefit of AI for the public good can be realised in a responsible and ethical manner.
2024年3月26日 01:22 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
As the landscape of cybersecurity continuously evolves, so too do the topics and themes that dominate the conversation.<br><br>Join us for an insightful session presented by members of the Black Hat Asia Review Board as they delve into the shifts and transformations observed in this year's conference submissions. From emerging technologies to novel attack vectors, this session will explore the cutting-edge developments that are shaping the cybersecurity agenda. Drawing upon their extensive experience and expertise, they will dissect the trends and patterns observed in the submissions.<br><br>Attendees can expect to gain valuable insights into the evolving threat landscape, emerging research areas, and innovative approaches to addressing cybersecurity challenges, while enjoying an engaging and interactive Game Show Style Format session that adds excitement to the experience.
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 8:00am 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 8:00am 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
Mr David Koh is Singapore's first Commissioner of Cybersecurity and the founding Chief Executive of the Cyber Security Agency (CSA) of Singapore. He is concurrently Chief (Digital Security & Technology) at the Ministry of Communications and Information.<br><br>As Commissioner, he has the legal authority to investigate cyber threats and incidents to ensure that essential services are not disrupted in the event of a cyber-attack. As Chief Executive of CSA, he leads Singapore's efforts to provide dedicated and centralised oversight of national cyber security functions. These include enforcing the cybersecurity legislation; strategy and policy development; cyber security operations; ecosystem, R&D and capability development, public outreach and international engagement. Concurrently, as Chief (Digital Security & Technology), he oversees digital security policy and technology capability development in the Ministry of Communications and Info
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 11:00am 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 11:00am 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 12:00pm 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 12:00pm 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 3:00pm 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 3:00pm 演讲时长:
Tags:[] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-18 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
None
2024年3月12日 03:33 blackhat
发布时间:2024-03-12 演讲时间:2024-04-19 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2024年2月15日 07:31 blackhat
发布时间:2024-02-14 演讲时间:2024-04-18 10:20am 演讲时长:40-Minute
Tags:['Hardware / Embedded', 'Cyber-Physical Systems & IoT'] 有附件
<div><span>Arm Cortex-M Microcontrollers (MCUs) are the de facto computing units powering billions of small embedded and Internet of Things (IoT) devices. Recently, as a step towards securing devices at scale, Arm introduced the TrustZone technology in the latest generation of their Armv8-M MCUs (e.g., Cortex-M33). TrustZone-M partitions the CPU into two worlds, enabling the materialization of Trusted Execution Environments (TEEs) on constrained devices. One of the weakest aspects of TrustZone-M is the CPU-centric view, i.e., the specification only defines CPU-level security protection controllers (e.g., SAU, IDAU). Still, MCUs have a number of other peripherals and computing elements (e.g., DMA devices) at the system level, and achieving system-wide isolation requires vendor-specific platform protection controllers (PPCs). We argue that this dichotomy, together with a lack of understanding 
2024年2月15日 07:31 blackhat
发布时间:2024-02-14 演讲时间:2024-04-19 1:30pm 演讲时长:40-Minute
Tags:['Exploit Development', 'Cloud Security'] 无附件
Virtual machine escape has always been a challenging task for hackers. VMware's hypervisor, as a popular closed-source commercial hypervisor, presents even greater difficulty in vulnerability discovery and exploitation. With each security update and the patching of old exploits, how can we find new vulnerabilities and write exploits to complete virtual machine escape?<br />
<br />
This talk will first systematically introduce the current architecture and attack surfaces of VMware's hypervisor. We will then analyze the changes that have occurred in recent years, as well as the relevant security patches and mitigations.<br />
<br />
Our new research focuses on the virtual USB controller, which is one of the main attack surfaces of hypervisor. A computer that can be used normally needs USB interfaces and related USB devices. Virtual machines also require USB, so there is a natural risk of security vulnera
2024年2月15日 07:31 blackhat
发布时间:2024-02-14 演讲时间:2024-04-18 1:30pm 演讲时长:40-Minute
Tags:['Community & Career', 'Hardware / Embedded'] 无附件
<span>In this talk, we will share our insights and learnings from organizing Hack@DAC, a hardware hacking competition that hosted over 1000+ researchers over the last seven years. We discuss how Hack@DAC is unique when compared against other hardware CTFs. We highlight the value of organizing a hardware CTF for the general security community. Specifically, we highlight key takeaways for industry, academia, and security researchers.<br><br></span><span>There has been a significant spike in the number of hardware vulnerabilities and cross-layer attacks in recent years, leading to increased interest and focus in this area. However, unlike software/ firmware domains, there are very few open hardware designs that detail known vulnerabilities and their mitigations. Hack@DAC CTF offers an open-source hardware design (along with a simulation environment) that mirrors the security features and weaknesses common
2024年2月15日 07:31 blackhat
发布时间:2024-02-14 演讲时间:2024-04-18 3:20pm 演讲时长:40-Minute
Tags:['Mobile', 'Privacy'] 有附件
Privacy data protection has become a major concern within regions, such as Europe, where GDPR is implemented. To discover the potentially privacy-infringing behaviors, manufacturers must test applications for compliance before release.<br>In practice, presented tools often dump TCP files, and novices cannot easily use methods of data detection. To solve these problems, we will hook system-level functions used for and by TCP, OpenSSL, and cipher methods to obtain network traffic and encrypted data. This way we can decrypt TLS traffic and automatically detect privacy data transmission behaviors, to tell if the data has been double encrypted.<br><br>In this session, we will share our research findings on hook points, TCP-TLS traffic decryption, and HTTP/2 header decoding. Moreover, prospects of how to improve the tool for automated analysis will be discussed
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-19 10:20am 演讲时长:40-Minute
Tags:['Defense', 'Enterprise Security'] 有附件
Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it's motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.<br />
<br />
Metrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?<br />
<br />
Measurements help us get results. But if you're advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-19 2:30pm 演讲时长:30-Minute
Tags:['Hardware / Embedded'] 无附件
In the recent past, technologies like Trusted Execution Environments (TEE) have emerged that provide sound security guarantees even against power adversaries exercising control over the privileged untrusted kernel. As such, TEEs have become the centrepiece to implementing critical operations in an embedded systems setting.<br><br>In modern IoT settings, physical attacks (like side-channel and fault attacks) are increasingly relevant. However, by physical characteristics (like electromagnetic shields) or software checks (memory encryption), TEEs defend against physical attacks on processors and memory chips. In this research, however, we demonstrate practical attack scenarios on TEEs using a new dimension: SoC system bus. We first unearth the fault characteristics of both aspects of the system bus- data bus and address bus. We then use these bus faults to mount an end-to-end attack on a commercial Trusted Execution Environme
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-19 3:20pm 演讲时长:40-Minute
Tags:['Cyber-Physical Systems & IoT', 'Hardware / Embedded'] 无附件
<div><span>Industry 4.0 and smart manufacturing led to the emergence of a new type of PLCs, called software </span><span>PLCs. In our previous work, sOfT7, presented in Black Hat USA 2022, we found that Siemens' leading </span><span>software PLC, ET 200SP, utilizes a hypervisor that controls two virtual machines:</span></div><div><span>1) Windows Embedded, that communicates with the upper Purdue Model layers.</span></div><div><span>2) An encrypted Adonis Linux (SWCPU), that runs the programmable control logic and operates the</span></div><div><span>field devices.</span></div><div><span><br></span></div><div><span>In sOfT7 we presented a method that decrypts the SWCPU. A tool that implements sOfT7 was </span><span>published in recent research from Black Hat Europe 2023. </span><span>Our current research shows that a remote attacker who gains control over the Windows VM can </span><span>perform
2024年2月8日 09:02 blackhat
发布时间:2024-02-27 演讲时间:2024-04-19 11:20am 演讲时长:40-Minute
Tags:['AI, ML, & Data Science', 'Platform Security'] 有附件
Hugging Face (HF) has emerged as a popular open platform for maintaining and sharing pre-trained machine learning (ML) models. It fully understands the pickle model deserialization threats originally introduced by Pytorch and accordingly implements pickle scanning for mitigation. In October 2022, Pytorch patched such a threat by white-listing weights-only modules. But in contrast, the war seems not to have reached its end for Hugging Face, which integrates a family of diverse ML libraries for model training, sharing, and even performance tuning. These libraries accidentally use the raw pickle.loads (rather than the torch.load) to parse the pickle files, hence still vulnerable to deserialization attacks.<br><br>In this talk, we present our findings on the unsafe use of pickle.loads across the integrated ML libraries in Hugging Face. We disclose kinds of novel tricks to bypass pickle scanning and enab
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-18 10:20am 演讲时长:40-Minute
Tags:['Exploit Development', 'Application Security: Offense'] 有附件
As control-flow protection techniques are widely deployed, it is difficult for attackers to modify control data, like function pointers, to hijack program control flow. Instead, data-only attacks corrupt security-related non-control data (critical data), and can bypass all control-flow protections to revive severe attacks. Previous works have explored various methods to help construct or prevent data-only attacks. However, no solution can automatically detect program-specific critical data.<br />
<br />
In this presentation, we identify an important category of critical data, syscall-guard variables, and propose a set of solutions to automatically detect such variables in a scalable manner. Our insight is that most data-only attacks rely on security-related syscalls (e.g., execve, unlink, chmod) to achieve ultimate goals and these syscalls are often guarded by security checks in the form 
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-19 3:20pm 演讲时长:40-Minute
Tags:['Platform Security', 'Mobile'] 无附件
Netlink is a socket family designed for inter-process communication (IPC) between the kernel and user-space processes since 1999 with Linux 2.2. With the popularity of Android operating system, it is widely used in the Android kernel modules. Despite its capabilities, Netlink is often overlooked by security researchers due to the strong dominance of ioctl in userspace-kernelspace communication. Its programming complexity compared to ioctl also increases the chance of developers introducing security vulnerabilities. Therefore, Netlink has actually become a hidden attack surface buried deep in the Android ecosystem.<br><br>During our research, we found Netlink can be divided into two categories according to its usage, Classic Netlink and Generic Netlink. Each category consists of two message processing flows in the kernel due to its full-duplex characteristic, top-down message parsing and bottom-up message building. F
2024年2月8日 09:02 blackhat
发布时间:2024-02-08 演讲时间:2024-04-19 11:20am 演讲时长:40-Minute
Tags:['Privacy', 'Exploit Development'] 有附件
"ThereIsNoPrivacy.app" would like to access the camera and spy on you, and access all of your private data.<br />
<br />
In this talk we return for a third time to talk about bypassing macOS's privacy mechanisms. In the last 4 years we submitted over 100 vulnerabilities to Apple which allowed us to either fully or partially bypass macOS's privacy protection framework (TCC). We gave talks about our findings and various techniques in previous BlackHat conferences.<br />
We will start by briefly explaining how the privacy framework works on macOS, how various databases, configuration files and the Sandbox play various roles in fulfilling a single goal - protecting your private data.<br />
<br />
Then we will switch gears and show many new vulnerabilities and a couple of new techniques and ideas which allowed us to bypass privacy protection. As usual, you may expect full exploits, tons of demos and a lot of fun
2024年2月6日 07:47 blackhat
发布时间:2024-01-31 演讲时间:2024-04-19 3:20pm 演讲时长:40-Minute
Tags:['Reverse Engineering', 'Malware'] 有附件
Uncompyle6, and decompyle3 are the most complete, popular, and accurate open-source Python bytecode decompilers available for the Python versions they support. The underlying cross-platform disassembler they use, xdis, is also unique.<br><br>The decompilers produce runnable Python source code for the Python version dialect that the code was written in. Furthermore, they produce the thought process used to recreate the source code. An abstract parse of the bytecode instructions can be used to understand how sequences of bytecode correspond to sequences of source code.<br><br>The disassembler they use is also unique in in a number of ways that I will describe.<br><br>I will show tips and tricks for using these decompilers and what makes these so special and successful.<br><br>Then I'll follow with how the novel technique used here can be used for other programming languages that work off of bytecode.<br><br>Finally
2024年1月31日 07:31 blackhat
发布时间:2024-01-31 演讲时间:2024-04-19 11:20am 演讲时长:40-Minute
Tags:['Exploit Development', 'Enterprise Security'] 有附件
VMware Workstation is used by software developers and network security practitioners. Users can run dangerous programs in it without affecting the host system. However, if these programs can escape, the host system is no longer safe. If APT attack organizations exploit these vulnerabilities to attack these practitioners, it would be a disaster.<br />
<br />
Attacks on virtualization often involve virtualization devices. In past public competitions for virtualization escapes, vulnerabilities in devices such as graphics cards, network cards, USB controllers, and Backdoor have been used. In recent years, multiple security vulnerabilities have appeared in USB devices in escape exploits.<br />
<br />
In this talk, I will introduce several security vulnerabilities that have appeared in the USB1.1 controller, including those used by the Fluoroacetate team in Pwn2Own 2019, those I used in TianfuCup 2021,
2024年1月31日 07:31 blackhat
发布时间:2024-01-31 演讲时间:2024-04-18 2:30pm 演讲时长:30-Minute
Tags:['Malware', 'Reverse Engineering'] 无附件
Fibers are an optional component of the Windows Operating system, largely undocumented and existing exclusively in Usermode. Compared with Threads they have been given a limited spotlight from a security perspective. They are non-trivial to extract from memory and the current API doesn't offer remote enumeration capabilities. From a defender's perspective this could sound like a nightmare, however red teams and malware developers may feel the opposite.<br />
<br />
This talk details the offensive capabilities of Windows fibers and how to apply them. It discusses current open-source techniques such as shellcode injection through current fibers, inserting malicious callbacks, callstack spoofing and misdirection via dummy Fibers.<br />
<br />
It also provides an overview of the main components of a Fiber. How each component can be leveraged from an attacker's perspective, their representation in memory and how t