کنفرانس بلکهت یکی از بزرگترین گردهماییهایی است که در آن کارشناسان خبره دنیای امنیت، نتایج دستاوردهای یکساله خود یا سازمانشان را به همگان اعلام میکنند. این کنفرانس هر ساله ویژه کارشناسان امنیتی و توسط آنان، سازماندهی میشود. این رویداد ششروزه نه تنها به بررسی رخنههای امنیتی و ارائه راهحلهای مربوط به آنها میپردازد، بلکه دورههای آموزشی فشردهای را برای متخصصان حوزه امنیت برگزار میکند تا سطح آمادگی آنها را در برابر مخاطرات سایبری افزایش دهد. این کنفرانس از تاریخ 28 تا 31 March در سنگاپور برگزار شد.
لینک دانلود
Black Hat Asia 2017
حجم: 6.81 گیگابایت
دانلود – بخش اول
دانلود – بخش دوم
دانلود – بخش سوم
دانلود – بخش چهارم
دانلود – بخش پنجم
دانلود – بخش ششم
دانلود – بخش هفتم
رمز فایل: technet24.ir
Black Hat Asia 2017
https://www.blackhat.com/asia-17/
Black Hat Asia 2017 Show Filenames for Videos To view a session description click a session title in the Track listing below
You can then click the title above the session description to view the recorded presentation.
To view the FAQ’s (FAQ.pdf) click here. To view the Enterprise-Wide License Agreement (EWLA) click here.
It is recommended that you use the latest version of your browser. Note: Some browsers may require plug-ins to play mp4 files.
For technical assistance, contact us at technical@sok-media.com or (702) 600 1990.
Android, iOS and Mobile Hacking
3G/4G Intranet Scanning and its Application on the WormHole VulnerabilityAll Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision Anti-Plugin: Don’t Let Your App Play as an Android PluginFried Apples: Jailbreak DIYRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Applied Security
25 Techniques to Gather Threat Intel and Track ActorsAll Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision Anti-Plugin: Don’t Let Your App Play as an Android PluginBetting Against the House: Security and Stability When the Odds are Against YouDomo Arigato, Mr. Roboto: Security Robots a la Unit-TestingMASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LEPhishing for Funds: Understanding Business Email CompromiseThe Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Cryptography
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized RechargingCache Side Channel Attack: Exploitability and Countermeasures MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Data Forensics
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Enterprise
Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCEPhishing for Funds: Understanding Business Email Compromise
Exploit Development
3G/4G Intranet Scanning and its Application on the WormHole VulnerabilityCross the Wall – Bypass All Modern Mitigations of Microsoft EdgeDig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 YearExploiting USB/IP in Linux Fried Apples: Jailbreak DIYNever Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big DataThe Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
General Sessions
Keynote: The Seven Axioms of SecurityKeynote: Why We are Not Building a Defendable InternetLocknote: Conclusions & Key Takeaways from Black Hat Asia 2017Welcome & Introduction to Black Hat Asia 2017
Hardware/Embedded
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized RechargingOpen Sourcing Automotive DiagnosticsThe UEFI Firmware Rootkits: Myths and Reality
Human Factors
Mobile-Telephony Threats in Asia
Internet of Things
Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoTMobile-Telephony Threats in AsiaOpen Sourcing Automotive Diagnostics
Malware
25 Techniques to Gather Threat Intel and Track ActorsBeyond the Blacklists: Detecting Malicious URL Through Machine Learning Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-BoxThe Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious DocumentsThe Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation TechniquesThe UEFI Firmware Rootkits: Myths and Reality
Network Defense
Beyond the Blacklists: Detecting Malicious URL Through Machine Learning Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCEHacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Platform Security
Cache Side Channel Attack: Exploitability and Countermeasures Drop the ROP: Fine-Grained Control-Flow Integrity for the Linux KernelExploiting USB/IP in Linux Hack Microsoft Using Microsoft Signed BinariesHello From the Other Side: SSH Over Robust Cache Covert Channels in the CloudMyth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-BoxNever Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big DataRemotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Reverse Engineering
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 YearHack Microsoft Using Microsoft Signed BinariesWhat Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Security Development Lifecycle
Domo Arigato, Mr. Roboto: Security Robots a la Unit-TestingGo Get My/Vulnerabilities: An In-Depth Analysis of Go Language Runtime and the New Class of Vulnerabilities It Introduces
Smart Grid/Industrial Security
“Man-in-the-SCADA:” Anatomy of Data Integrity Attacks in Industrial Control Systems
Web AppSec
Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Android, iOS and Mobile Hacking
3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
Speakers: Bai Guangdong, Zhang Qing
All Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision
Speakers: Ilya Nesterov, Maxim Goncharov
Anti-Plugin: Don’t Let Your App Play as an Android Plugin
Speakers: Tongbo Luo, Zhi Xu, Cong Zheng
Fried Apples: Jailbreak DIY
Speakers: Max Bazaliy, Vlad Putin, Alex Hude
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Speakers: Marco Grassi
Applied Security
25 Techniques to Gather Threat Intel and Track Actors
Speakers: Sun Huang, Wayne Huang
All Your Emails Belong to Us: Exploiting Vulnerable Email Clients via Domain Name Collision
Speakers: Ilya Nesterov, Maxim Goncharov
Anti-Plugin: Don’t Let Your App Play as an Android Plugin
Speakers: Tongbo Luo, Zhi Xu, Cong Zheng
Betting Against the House: Security and Stability When the Odds are Against You
Speakers: Neil Wyler, Bart Stump
Domo Arigato, Mr. Roboto: Security Robots a la Unit-Testing
Speakers: Seth Law
MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Speakers: Yan Michalevsky
Phishing for Funds: Understanding Business Email Compromise
Speakers: Keith Turpin
The Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Speakers: Dan Amiga, Dor Knafo
Cryptography
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized Recharging
Speakers: Tae Won Kim
Cache Side Channel Attack: Exploitability and Countermeasures
Speakers: Xiaofei Guo, Gorka Irazoqui
MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Speakers: Yan Michalevsky
Data Forensics
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)
Speakers: Monnappa KA
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Speakers: Monnappa KA
Enterprise
Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCE
Speakers: Matan Hart
Phishing for Funds: Understanding Business Email Compromise
Speakers: Keith Turpin
Exploit Development
3G/4G Intranet Scanning and its Application on the WormHole Vulnerability
Speakers: Bai Guangdong, Zhang Qing
Cross the Wall – Bypass All Modern Mitigations of Microsoft Edge
Speakers: Henry Li
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
Speakers: Ke Liu
Exploiting USB/IP in Linux
Speakers: Ignat Korchagin
Fried Apples: Jailbreak DIY
Speakers: Max Bazaliy, Vlad Putin, Alex Hude
Never Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big Data
Speakers: Ke Sun, Ya Ou
The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Speakers: Bing Sun, Chong Xu, Stanley Zhu
General Sessions
Keynote: The Seven Axioms of Security
Speakers: Saumil Shah
Keynote: Why We are Not Building a Defendable Internet
Speakers: Halvar Flake
Locknote: Conclusions & Key Takeaways from Black Hat Asia 2017
Speakers: Moderated by Jeff Moss
Welcome & Introduction to Black Hat Asia 2017
Speakers: Jeff Moss
Hardware/Embedded
Breaking Korea Transit Card with Side-Channel Attack – Unauthorized Recharging
Speakers: Tae Won Kim
Open Sourcing Automotive Diagnostics
Speakers: Eric Evenchick
The UEFI Firmware Rootkits: Myths and Reality
Speakers: Alex Matrosov, Eugene Rodionov
Human Factors
Mobile-Telephony Threats in Asia
Speakers: Payas Gupta
Internet of Things
Daily-Life Peeper: Bug Hunting and Exploit Techniques in IoT
Speakers: Yuhao Song, Huiming Liu
Mobile-Telephony Threats in Asia
Speakers: Payas Gupta
Open Sourcing Automotive Diagnostics
Speakers: Eric Evenchick
Malware
25 Techniques to Gather Threat Intel and Track Actors
Speakers: Sun Huang, Wayne Huang
Beyond the Blacklists: Detecting Malicious URL Through Machine Learning
Speakers: Hao Dong, Jin Shang
Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-Box
Speakers: Seunghun Han, Junghwan Kang
The Irrelevance of K-Bytes Detection – Building a Robust Pipeline for Malicious Documents
Speakers: Dan Amiga, Dor Knafo
The Power of Data-Oriented Attacks: Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Speakers: Bing Sun, Chong Xu, Stanley Zhu
The UEFI Firmware Rootkits: Myths and Reality
Speakers: Alex Matrosov, Eugene Rodionov
Network Defense
Beyond the Blacklists: Detecting Malicious URL Through Machine Learning
Speakers: Hao Dong, Jin Shang
Delegate to the Top: Abusing Kerberos for Arbitrary Impersonations and RCE
Speakers: Matan Hart
Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Speakers: Nadav Avital
Platform Security
Cache Side Channel Attack: Exploitability and Countermeasures
Speakers: Xiaofei Guo, Gorka Irazoqui
Drop the ROP: Fine-Grained Control-Flow Integrity for the Linux Kernel
Speakers: João Moreira
Exploiting USB/IP in Linux
Speakers: Ignat Korchagin
Hack Microsoft Using Microsoft Signed Binaries
Speakers: Pierre-Alexandre Braeken
Hello From the Other Side: SSH Over Robust Cache Covert Channels in the Cloud
Speakers: Michael Schwarz, Manuel Weber
Myth and Truth About Hypervisor-Based Kernel Protector: The Reason Why You Need Shadow-Box
Speakers: Seunghun Han, Junghwan Kang
Never Let Your Guard Down: Finding Unguarded Gates to Bypass Control Flow Guard with Big Data
Speakers: Ke Sun, Ya Ou
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Speakers: Marco Grassi
Reverse Engineering
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
Speakers: Ke Liu
Hack Microsoft Using Microsoft Signed Binaries
Speakers: Pierre-Alexandre Braeken
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(1st presentation)
Speakers: Monnappa KA
What Malware Authors Don’t Want You to Know – Evasive Hollow Process Injection(2nd presentation)
Speakers: Monnappa KA
Security Development Lifecycle
Domo Arigato, Mr. Roboto: Security Robots a la Unit-Testing
Speakers: Seth Law
Go Get My/Vulnerabilities: An In-Depth Analysis of Go Language Runtime and the New Class of Vulnerabilities It Introduces
Speakers: Roberto Clapis
Smart Grid/Industrial Security
“Man-in-the-SCADA:” Anatomy of Data Integrity Attacks in Industrial Control Systems
Speakers: Marina Krotofil, Chris Sistrunk
Web AppSec
Hacking HTTP/2 – New Attacks on the Internet’s Next Generation Foundation
Speakers: Nadav Avital
- Criteria
سپاس فراوان
سلام
لطفا کنفرانس لاس وگاس 2017 رو هم در سایت قرار بدید
ممنون
ببخشین لینک ها هنوز دانلود نمیکنه خطای HTTP 500 میده
در حال بررسی هست…