Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

全部节点
时间 节点
2023年11月29日 07:31 blackhat
发布时间:2023-10-31 演讲时间:2023-12-06 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
<span>In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the challenge and need before going on to discuss possible approaches and the research challenges which underpin them and continue to remain unanswered.</span>
2023年11月29日 07:31 blackhat
发布时间:2023-10-31 演讲时间:2023-12-07 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
<p>In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him. The decision reverberated throughout the security community, but still left many unanswered questions. Before the judge sentenced him, Sullivan committed that he would speak wherever possible about the need for a better model for collaboration between the private sector and government. The judge rejected the claims by the prosecutors and Uber that the use of an NDA during the investigation was a coverup, and sentenced Sullivan to probation only.</p><p>Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professiona
2023年11月29日 07:31 blackhat
发布时间:2023-11-28 演讲时间:2023-12-07 2:30pm 演讲时长:30-Minute
Tags:['Network Security'] 无附件
Most large-scale Denial-of-Service (DoS) attacks involve transmitting a massive number of network-layer packets (Layer-3 attacks) to overwhelm a target host so it becomes unreachable by legitimate users. Such volumetric attacks rely fundamentally on the attackers' ability to spoof the source IP address of the DoS packets to avoid detection and filtering, or to execute reflection and amplification attacks. <br><br>Due to the severity of IP spoofing, many recent efforts such as MANRS and CAIDA Spoofers advocate for the deployment of source address validation (SAV) techniques described in the IETF Best Current Practice 38 (BCP-38). However, today it is estimated that 75% of Internet autonomous systems (ASes) have deployed BCP38, yet spoofing is still a major problem. <br><br>In this talk we will analyze the global view of spoofing from Cloudflare, to understand IP spoofing on network-layer DoS attacks, and analyze geographic, lon
2023年11月21日 07:31 blackhat
发布时间:2023-11-01 演讲时间:2023-12-07 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2023年11月18日 05:13 blackhat
发布时间:2023-11-01 演讲时间:2023-12-06 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
At the end of day one, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of Day 1 of the conference and how these trends will impact future InfoSec strategies.
2023年11月18日 05:13 blackhat
发布时间:2023-11-01 演讲时间:2023-12-07 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-06 8:00am 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Breakfast at 8:00 AM - 9:00 AM in the Briefings Corridor (Level 3).  Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-06 11:00am 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Morning Coffee Service at 11:00 AM - 11:20 AM in the Briefings Corridor (Level 3).  Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-06 12:00pm 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Lunch at 12:00 PM - 1:30 PM in the ICC Capital Auditorium, Level 0.  Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-06 3:00pm 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Afternoon Coffee Service at 3:00 PM - 3:20 PM in the Briefings Corridor (Level 3). Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-07 8:00am 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Breakfast at 8:00 AM - 9:00 AM in the Briefings Corridor (Level 3).  Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-07 11:00am 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Morning Coffee Service at 11:00 AM - 11:20 AM in the Briefings Corridor (Level 3).  Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-07 12:00pm 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Lunch at 12:00 PM - 1:30 PM in the ICC Auditorium, Level 0. Be sure to wear your Briefings Badge in order to gain access.
2023年11月10日 07:31 blackhat
发布时间:2023-11-08 演讲时间:2023-12-07 3:00pm 演讲时长:
Tags:[] 无附件
Briefings Pass Holders: Please join us for Afternoon Coffee Service at 3:00 PM - 3:20 PM in the Briefings Corridor (Level 3).  Be sure to wear your Briefings Badge in order to gain access.
2023年11月2日 07:31 blackhat
发布时间:2023-10-31 演讲时间:2023-12-06 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
<span>In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the challenge and need before going on to discuss possible approaches and the research challenges which underpin them and continue to remain unanswered.</span>
2023年11月2日 07:31 blackhat
发布时间:2023-11-01 演讲时间:2023-12-06 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2023年11月2日 07:31 blackhat
发布时间:2023-10-31 演讲时间:2023-12-07 9:00am 演讲时长:60-Minute
Tags:['Keynote'] 无附件
<p>In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him. The decision reverberated throughout the security community, but still left many unanswered questions. Before the judge sentenced him, Sullivan committed that he would speak wherever possible about the need for a better model for collaboration between the private sector and government. The judge rejected the claims by the prosecutors and Uber that the use of an NDA during the investigation was a coverup, and sentenced Sullivan to probation only.</p><p>Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professiona
2023年11月2日 07:31 blackhat
发布时间:2023-11-01 演讲时间:2023-12-07 4:20pm 演讲时长:40-Minute
Tags:['Keynote'] 无附件
None
2023年10月30日 14:41 blackhat
发布时间:2023-09-26 演讲时间:2023-12-07 10:20am 演讲时长:40-Minute
Tags:['Community & Career'] 无附件
It seems that lately, Burnout is an invisible member of every operational security team. Attackers grow more capable every year, the attacks faster and harder, and regulations even more strict about how quickly and completely your team must perform its mission. With the growing complexity of battle and so much on the line in defending users, operational response teams are under more stress than ever. If the response teams fall apart, who will be the last line of defense?<br><br>For Google's Security Response team, controlling burnout has been a years-long effort to ensure that our global on-call response team maintains just the right balance of practiced and experienced (but well-rested and ready!) responders with a healthy work-life balance. This talk shares Google Security's experience in recognizing burnout, what types of burnout are most applicable to security response teams, and how we operate to actively monitor and r
2023年10月30日 14:41 blackhat
发布时间:2023-09-27 演讲时间:2023-12-06 11:20am 演讲时长:40-Minute
Tags:['Network Security'] 有附件
We will present two new attacks to leak traffic sent by a VPN client. A rogue Wi-Fi network can abuse these vulnerabilities to make the victim leak IP packets, in plaintext, outside the VPN tunnel. The adversary accomplishes this by manipulating the victim's routing table. Our attacks are independent of the VPN protocol being used, meaning they apply to IPsec, OpenVPN, WireGuard, etc.<br><br>Our first attack exploits VPN clients that allow access to the local network. The attacker must create a rogue Wi-Fi network and will, briefly summarized, pretend that the local network is the whole Internet. As a result, if the victim visits a website, the VPN client will think the website is hosted in the local network and won't send the resulting HTTP request through the VPN tunnel. We tested 126 free, paid, and built-in VPNs on various platforms, and 65% were vulnerable to this attack. Surprisingly, all VPN clients on iOS were vulnera
2023年10月30日 14:41 blackhat
发布时间:2023-09-27 演讲时间:2023-12-07 11:20am 演讲时长:40-Minute
Tags:['Hardware / Embedded', 'Platform Security'] 无附件
<span>AI technology has become more and more important in recent years, with the growth of AI techniques, its attack surface and security impact are also expanding. In this Briefing, we will focus on low level implementation of AI hardware from different platforms, and show the similarities and differences with a broader view. <br><br>First, we will show the historical research background of the NPU security and attack surface. Next, we'll talk about the vulnerabilities that we found in different NPU systems, from Samsung Exynos, Qualcomm and Apple Silicon chipsets. We will then demonstrate the code auditing/firmware reversing methodology and bug patterns and we will discuss the code execution exploitation on Exynos NPU ARM core and Android root exploitation with a Qualcomm NPU kernel driver bug. <br><br>Our talk will help attendees see the bigger picture of NPU design and bring AI hardware security to
2023年10月30日 14:41 blackhat
发布时间:2023-09-07 演讲时间:2023-12-07 1:30pm 演讲时长:40-Minute
Tags:['Platform Security', 'Reverse Engineering'] 无附件
Microarchitectural attacks threaten the security of computer systems even in the absence of software vulnerabilities. While x86 and ARM CPUs have been extensively studied, the rising popularity of RISC-V CPUs demands a thorough examination of their microarchitectural attack surface. With the standardization of the RISC-V instruction set architecture and the announcement of support for the architecture by major processor vendors, RISC-V CPUs are on the verge of becoming ubiquitous. <br><br>In this talk, we will show a systematic investigation of the microarchitectural attack surface on the first commercially-available 64-bit hardware RISC-V CPUs. These CPUs run a full Linux operating system and can be used for general tasks, such as using the web. Hence, it is vital to consider the security of these CPUs to guarantee the confidentiality of processed data on such devices. <br>However, our analysis resulte
2023年10月30日 14:41 blackhat
发布时间:2023-09-26 演讲时间:2023-12-06 1:30pm 演讲时长:40-Minute
Tags:['Data Forensics & Incident Response', 'Malware'] 有附件
Join us on a thrilling journey as we unveil the story of HeadCrab - a highly elusive and sophisticated malware. HeadCrab is a creation of an advanced threat actor who utilized custom-made Redis Modules and API usage to build a full-scale malicious framework. We found the malware to be highly advanced, deploying several highly technical novel techniques which allowed it to infiltrate servers worldwide since 2021. It was evident that the threat actor has put operation security as a top priority with several hiding techniques including specifically bypassing security solutions<br><br>In this session, we will share with you a rare and fascinating story of the attack, the tactics we employed to communicate with the attacker, and our technical analysis of both the malware and the persistent tool. We will delve into the malware's 50+ malicious capabilities, including its use of custom Redis commands as co
2023年10月30日 14:41 blackhat
发布时间:2023-10-09 演讲时间:2023-12-07 3:20pm 演讲时长:40-Minute
Tags:['AI, ML, & Data Science', 'Defense'] 无附件
<span>Security Operations Centres (SOC) are overwhelmed by false positives due to the rapid growth in data volumes and the inability of current analytics models to adapt to evolutionary changes in logs, i.e., unstable log data, creating a need for more efficient solutions. Thus, we introduce VoBERT, an innovative sequence anomaly detection method. An improvement on BERTs (Bidirectional Encoder Representations from Transformers), VoBERT adds resilience by accurately classifying unstable logs that traditional BERT-like models would deem out-of-vocabulary. We show that a standard BERT and a simple heuristic (defined as the anomaly score of a sequence is the percentage of unseen logs) often used in industry cannot deal with log changes in time. This innovation is crucial as a more stable model leads to a significant reduction in the number of false positives and enhances our attack detection. Our evaluation for th
2023年10月30日 14:41 blackhat
发布时间:2023-09-07 演讲时间:2023-12-06 10:20am 演讲时长:40-Minute
Tags:['Cloud Security', 'Cyber-Physical Systems & IoT'] 有附件
Currently, a concerning situation is unfolding online: a large amount of personal information and medical records belonging to patients is scattered across the internet. Our internet-wide research on DICOM, the decade-old standard protocol for medical imaging, has revealed a distressing fact – Many medical institutions have unintentionally made the private data and medical histories of millions of patients accessible to the vast realm of the internet. <br><br>Medical imaging encompasses a range of techniques such as X-Rays, CT scans, and MRIs, used to visualize internal body structures, with DICOM serving as the standard protocol for storing and transmitting these images. The security problems with DICOM are connected to using legacy protocols on the internet as industries strive to align with the transition towards Cloud-based solutions. <br><br>This talk will explain the security shortcomings o
2023年10月30日 14:41 blackhat
发布时间:2023-09-26 演讲时间:2023-12-07 10:20am 演讲时长:40-Minute
Tags:['Defense', 'Privacy'] 无附件
We will present LEMMINGS (an acronym derived from "deLetEd doMain MaIl warNinG System"), which has been developed at SIDN to warn former owners of deleted domains when their domain is likely still being used for sending email. In this presentation, we will present the system and results based on real-world data collected while running the system for a nine-month period and analysing over 600,000 domains.<br><br>When a .nl domain is deleted, it enters a 40-day grace period, after which it becomes available for general registration again. A malicious actor may re-register this domain with the intent of collecting email traffic still being sent to the domain. The received email may contain highly confidential and privacy-sensitive data, such as medical records. We have seen real-world examples in the Netherlands, where this was the case. For example, when domains were deleted by the Dutch Police and healthcare organizations.<b
2023年10月30日 14:41 blackhat
发布时间:2023-09-08 演讲时间:2023-12-06 10:20am 演讲时长:40-Minute
Tags:['Platform Security', 'Hardware / Embedded'] 有附件
Everyone loves to customize and personalize their own devices: from text editors to background pictures, from operating systems to keyboard shortcuts, each device is almost unique. One of the most exotic customizations, done either for personal tastes or for company branding, is personalizing the logo displayed by the BIOS during boot. But what are the security implications of parsing user-supplied (a.k.a. "attacker-controlled") logo images during boot? Aren't we jumping back straight to 2009, when Rafal Wojtczuk and Alexander Tereshkin exploited a BMP parser bug in UEFI reference code… right?! <br><br>Enter LogoFAIL, our latest research revealing significant security vulnerabilities in the image parsing libraries used by nearly all BIOS vendors to display logo images during boot. Our research highlights the risks associated with parsing complex file formats at such a delicate stage of the platform sta
2023年10月30日 14:41 blackhat
发布时间:2023-09-26 演讲时间:2023-12-07 2:30pm 演讲时长:30-Minute
Tags:['Human Factors', 'AI, ML, & Data Science'] 无附件
Kidnap ransoms without kidnapping people? New extortion techniques such as Human Process Compromise (HPC) are gaining popularity with criminals at the edge of emerging technologies and traditional crime. We have identified a growing trend in virtual kidnapping attacks: when a target is taken offline through either technical means or social engineering, and then relatives of the person are contacted by criminal groups asking for a ransom. Threat actors often utilize sophisticated technical means including ChatGPT and Generative AI to produce falsified evidence of the person being kidnapped and pressure the relatives to pay. In this presentation, we will discuss actual cases of virtual kidnapping, including tools and techniques that we have observed used by criminals. We will propose some red flags and measures to deal with such situations to protect targets of virtual kidnapping attempts.<br><br>Since Vir
2023年10月30日 14:41 blackhat
发布时间:2023-09-28 演讲时间:2023-12-07 3:20pm 演讲时长:40-Minute
Tags:['Network Security'] 无附件
Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.
2023年10月30日 14:41 blackhat
发布时间:2023-09-07 演讲时间:2023-12-06 3:20pm 演讲时长:40-Minute
Tags:['Hardware / Embedded', 'Cloud Security'] 无附件
Power side channels exploit leakage that is fundamentally a result of how we build processors. Over the recent years, these attacks evolved to target general-purpose desktop and server CPUs purely from software.<br><br>In this talk, we explore this evolution to its most recent addition: Collide+Power, a novel technique to exploit the fundamental way we share components in modern general-purpose CPUs. In contrast to previous work, Collide+Power does not target specific programs or algorithms but the underlying CPU hardware. This advance in software-based power side channels echoes the discovery of Meltdown and Spectre — where similarly, the underlying hardware provided unforeseen attack possibilities.<br><br>We present the root of the problem: shared CPU components, like the internal memory system. These components allow attacker-controlled data to collide with data from any other application, resulting in