Black Hat Asia 2017 – کنفرانس

کنفرانس بلک‌‌هت یکی از بزرگ‌ترین گردهمایی‌هایی است که در آن کارشناسان خبره دنیای امنیت، نتایج دستاوردهای یک‌ساله خود یا سازمانشان را به همگان اعلام می‌کنند. این کنفرانس هر ساله ویژه کارشناسان امنیتی و توسط آنان، سازمان‌دهی می‌شود. این رویداد شش‌روزه نه تنها به بررسی رخنه‌های امنیتی و ارائه راه‌حل‌های مربوط به آن‌ها می‌پردازد، بلکه دوره‌های آموزشی فشرده‌ای را برای متخصصان حوزه امنیت برگزار می‌کند تا سطح آمادگی آن‌ها را در برابر مخاطرات سایبری افزایش دهد. این کنفرانس از تاریخ 28 تا 31 March در سنگاپور برگزار شد.

Black Hat Asia 2017

https://www.blackhat.com/asia-17/

Black Hat Asia 2017 Show Filenames for Videos To view a session description click a session title in the Track listing below
You can then click the title above the session description to view the recorded presentation.
To view the FAQ’s (FAQ.pdf) click here. To view the Enterprise-Wide License Agreement (EWLA) click here.
It is recommended that you use the latest version of your browser. Note: Some browsers may require plug-ins to play mp4 files.
For technical assistance, contact us at technical@sok-media.com or (702) 600 1990.
Android, iOS and Mobile Hacking
3G/4G Intranet Scanning and its Application on the WormHole VulnerabilityAll Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision Anti-Plugin: Don’t Let Your App Play as an Android PluginFried Apples: Jailbreak DIYRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Applied Security
25 Techniques to Gather Threat Intel and Track ActorsAll Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision Anti-Plugin: Don’t Let Your App Play as an Android PluginBetting Against the House: Security and Stability When the Odds are Against YouDomo Arigato, Mr. Roboto: Security Robots a la Unit-TestingMASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LEPhishing for Funds: Understanding Business Email CompromiseThe Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Cryptography
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized RechargingCache Side Channel Attack: Exploitability and Countermeasures MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Data Forensics
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Enterprise
Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCEPhishing for Funds: Understanding Business Email Compromise
Exploit Development
3G/4G Intranet Scanning and its Application on the WormHole VulnerabilityCross the Wall – Bypass All Modern Mitigations of Microsoft EdgeDig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 YearExploiting USB/IP in Linux Fried Apples: Jailbreak DIYNever Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big DataThe Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
General Sessions
Keynote: The Seven Axioms of SecurityKeynote: Why We are Not Building a Defendable InternetLocknote: Conclusions & Key Takeaways from Black Hat Asia 2017Welcome & Introduction to Black Hat Asia 2017
Hardware/Embedded
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized RechargingOpen Sourcing Automotive DiagnosticsThe UEFI Firmware Rootkits: Myths and Reality
Human Factors
Mobile-Telephony Threats in Asia
Internet of Things
Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoTMobile-Telephony Threats in AsiaOpen Sourcing Automotive Diagnostics
Malware
25 Techniques to Gather Threat Intel and Track ActorsBeyond the Blacklists: Detecting Malicious URL Through Machine Learning Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-BoxThe Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious DocumentsThe Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation TechniquesThe UEFI Firmware Rootkits: Myths and Reality
Network Defense
Beyond the Blacklists: Detecting Malicious URL Through Machine Learning Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCEHacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Platform Security
Cache Side Channel Attack: Exploitability and Countermeasures Drop the ROP: Fine-Grained Control-Flow Integrity for the Linux KernelExploiting USB/IP in Linux Hack Microsoft Using Microsoft Signed BinariesHello From the Other Side: SSH Over Robust Cache Covert Channels in the CloudMyth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-BoxNever Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big DataRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Reverse Engineering
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 YearHack Microsoft Using Microsoft Signed BinariesWhat Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Security Development Lifecycle
Domo Arigato, Mr. Roboto: Security Robots a la Unit-TestingGo Get My/Vulnerabilities: An In-Depth Analysis of Go Language Runtime and the New Class of Vulnerabilities It Introduces
Smart Grid/Industrial Security
“Man-in-the-SCADA:” Anatomy of Data Integrity Attacks in Industrial Control Systems
Web AppSec
Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Android, iOS and Mobile Hacking
3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
Speakers: Bai Guangdong, Zhang Qing

All Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision
Speakers: Ilya Nesterov, Maxim Goncharov

Anti-Plugin: Don’t Let Your App Play as an Android Plugin
Speakers: Tongbo Luo, Zhi Xu, Cong Zheng

Fried Apples: Jailbreak DIY
Speakers: Max Bazaliy, Vlad Putin, Alex Hude

Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Speakers: Marco Grassi

Applied Security
25 Techniques to Gather Threat Intel and Track Actors
Speakers: Sun Huang, Wayne Huang

All Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision
Speakers: Ilya Nesterov, Maxim Goncharov

Anti-Plugin: Don’t Let Your App Play as an Android Plugin
Speakers: Tongbo Luo, Zhi Xu, Cong Zheng

Betting Against the House: Security and Stability When the Odds are Against You
Speakers: Neil Wyler, Bart Stump

Domo Arigato, Mr. Roboto: Security Robots a la Unit-Testing
Speakers: Seth Law

MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Speakers: Yan Michalevsky

Phishing for Funds: Understanding Business Email Compromise
Speakers: Keith Turpin

The Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Speakers: Dan Amiga, Dor Knafo

Cryptography
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized Recharging
Speakers: Tae Won Kim

Cache Side Channel Attack: Exploitability and Countermeasures
Speakers: Xiaofei Guo, Gorka Irazoqui

MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Speakers: Yan Michalevsky

Data Forensics
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)
Speakers: Monnappa KA

What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Speakers: Monnappa KA

Enterprise
Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCE
Speakers: Matan Hart

Phishing for Funds: Understanding Business Email Compromise
Speakers: Keith Turpin

Exploit Development
3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
Speakers: Bai Guangdong, Zhang Qing

Cross the Wall – Bypass All Modern Mitigations of Microsoft Edge
Speakers: Henry Li

Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
Speakers: Ke Liu

Exploiting USB/IP in Linux
Speakers: Ignat Korchagin

Fried Apples: Jailbreak DIY
Speakers: Max Bazaliy, Vlad Putin, Alex Hude

Never Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big Data
Speakers: Ke Sun, Ya Ou

The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Speakers: Bing Sun, Chong Xu, Stanley Zhu

General Sessions
Keynote: The Seven Axioms of Security
Speakers: Saumil Shah

Keynote: Why We are Not Building a Defendable Internet
Speakers: Halvar Flake

Locknote: Conclusions & Key Takeaways from Black Hat Asia 2017
Speakers: Moderated by Jeff Moss

Welcome & Introduction to Black Hat Asia 2017
Speakers: Jeff Moss

Hardware/Embedded
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized Recharging
Speakers: Tae Won Kim

Open Sourcing Automotive Diagnostics
Speakers: Eric Evenchick

The UEFI Firmware Rootkits: Myths and Reality
Speakers: Alex Matrosov, Eugene Rodionov

Human Factors
Mobile-Telephony Threats in Asia
Speakers: Payas Gupta

Internet of Things
Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoT
Speakers: Yuhao Song, Huiming Liu

Mobile-Telephony Threats in Asia
Speakers: Payas Gupta

Open Sourcing Automotive Diagnostics
Speakers: Eric Evenchick

Malware
25 Techniques to Gather Threat Intel and Track Actors
Speakers: Sun Huang, Wayne Huang

Beyond the Blacklists: Detecting Malicious URL Through Machine Learning
Speakers: Hao Dong, Jin Shang

Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-Box
Speakers: Seunghun Han, Junghwan Kang

The Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Speakers: Dan Amiga, Dor Knafo

The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Speakers: Bing Sun, Chong Xu, Stanley Zhu

The UEFI Firmware Rootkits: Myths and Reality
Speakers: Alex Matrosov, Eugene Rodionov

Network Defense
Beyond the Blacklists: Detecting Malicious URL Through Machine Learning
Speakers: Hao Dong, Jin Shang

Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCE
Speakers: Matan Hart

Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Speakers: Nadav Avital

Platform Security
Cache Side Channel Attack: Exploitability and Countermeasures
Speakers: Xiaofei Guo, Gorka Irazoqui

Drop the ROP: Fine-Grained Control-Flow Integrity for the Linux Kernel
Speakers: João Moreira

Exploiting USB/IP in Linux
Speakers: Ignat Korchagin

Hack Microsoft Using Microsoft Signed Binaries
Speakers: Pierre-Alexandre Braeken

Hello From the Other Side: SSH Over Robust Cache Covert Channels in the Cloud
Speakers: Michael Schwarz, Manuel Weber

Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-Box
Speakers: Seunghun Han, Junghwan Kang

Never Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big Data
Speakers: Ke Sun, Ya Ou

Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Speakers: Marco Grassi

Reverse Engineering
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
Speakers: Ke Liu

Hack Microsoft Using Microsoft Signed Binaries
Speakers: Pierre-Alexandre Braeken

What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)
Speakers: Monnappa KA

What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Speakers: Monnappa KA

Security Development Lifecycle
Domo Arigato, Mr. Roboto: Security Robots a la Unit-Testing
Speakers: Seth Law

Go Get My/Vulnerabilities: An In-Depth Analysis of Go Language Runtime and the New Class of Vulnerabilities It Introduces
Speakers: Roberto Clapis

Smart Grid/Industrial Security
“Man-in-the-SCADA:” Anatomy of Data Integrity Attacks in Industrial Control Systems
Speakers: Marina Krotofil, Chris Sistrunk

Web AppSec
Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Speakers: Nadav Avital

90%

Awesome

• Criteria