1、Listen to the whispersJames Kettleweb timing attacks that actually workPortSwigger ResearchThe timing trapdef strcmp(s1,s2):for c1,c2 in zip(s1,s2):if c1!=c2:return Falsetime.sleep(0.01)return TrueDo。
2、#BHUSA BlackHatEventsTuDoor Attack:Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed PacketsSpeaker(s):Qi Wang,Tsinghua UniversityContributor。
3、ACE up the SleeveHacking into Apples new USB-C controllerhextree.iowhoamiThomas Roth aka stacksmashing Security researcher-Hardware&Firmware Co-founder at hextree.io Twitter:ghidraninja YouTube:s。
4、Unraveling the Mind behind the APTAnalyzing the Role of Pretexting in CTI and AttributionSpeaker:Sanne MaasakkersBlackHat USA 2024 briefingsContents3Introduction01Introduction02Research concept03Anal。
5、#BHUSA BlackHatEventsPageJackPageJack:A Powerful Exploit Technique With Page:A Powerful Exploit Technique With Page-Level UAFLevel UAFSpeaker:Zhiyun QianContributors:Jiayi Hu,Jinmeng Zhou,Qi Tang,Wen。
6、Listen to the whispersweb timing attacks that actually workJames Kettle-albinowaxWebsites are riddled with timing oracles eager to divulge their innermost secrets.Its time westarted listening to the。
7、#BHUSA BlackHatEvents#BHUSA BlackHatEventsThe Problem#BHUSA BlackHatEvents#BHUSA BlackHatEvents“Complexity is your enemy.Any fool can make something complicated.It is hard to keep things simple.”Rich。
8、#BHUSA BlackHatEventsFrom Doxing to Doorstep:From Doxing to Doorstep:Jacob LarsenExposing Privacy Intrusion Techniques used by Hackers for Extortion#BHUSA BlackHatEventswhoamiJacob Larsen Offensive S。
9、#BHUSA BlackHatEventsUnveiling Mac Security:A Comprehensive Exploration of Sandboxing and AppData TCCZhongquan Li&Qidan He#BHUSA BlackHatEventsZhongquan Li GuluisacatSenior security researcher fr。
10、Deep Backdoorsin Deep RLReinforcement LearningReinforcement LearningReinforcement LearningReinforcement LearningThe Anatomy of a RL BackdoorMaliciousTriggerBackdoored NeuronsSoftware Supply Chain Att。
11、#BHUSA BlackHatEventsFrom From MLOpsMLOps to to MLOopsMLOopsExposing the Attack Surface of Machine Learning PlatformsExposing the Attack Surface of Machine Learning PlatformsSpeaker:Shachar Menashe#B。
12、Splitting the email atomexploiting parsers to bypass access controlsGareth Heyes-garethheyes-garethheyes.co.ukSome websites parse email addresses to extract the domain and infer whichorganisation th。
13、Hardening HSMs for Hardening HSMs for BankingBanking-Grade Crypto WalletsGrade Crypto WalletsBlack Hat 2024Black Hat 2024JP Aumasson,Chervine MajeriJP Aumasson,Chervine MajeriWhoisWhoisJP Taurus co-f。
14、#BHUSA BlackHatEventsForeign Information Manipulation and Interference(Disinformation 2.0)FRANKY SAEGERMAN Based on Learnings from 30 Years at NATO#BHUSA BlackHatEvents#BHUSA BlackHatEventsfrankyliti。
15、#BHUSA BlackHatEventsLiving off Microsoft CopilotSpeaker(s):#BHUSA BlackHatEventsYou must wonder whyIve gathered you here today#BHUSA BlackHatEvents#BHUSA BlackHatEventsWeve known the solution to thi。
16、SnailLoadAnyone on the Internet Can Learn What Youre DoingStefan Gast,Daniel Gruss2024-08-07Graz University of Technology1Stefan Gast,Daniel GrussWho are we?Stefan GastPhD StudentGraz University of T。
17、Practical LLM Security:Takeaways From a Year in the TrenchesRich Harang,Principal Security Architect(AI/ML)|August 7,2024IntroWho am I and why should you listen to me about LLM security?PhD in Statis。
18、Yehuda SmirnovHOOK,LINE AND SINKER:PHISHING WINDOWS HELLO FOR BUSINESS Like learning&researching Windows,Active Directory,Azure and anything interesting Develop in C,C#,Python&Assembly Ex pri。
19、#BHUSA BlackHatEventsUse Your Spell Against Y ou:A Proactive ThreatPrevention of Smart Contract ExploitYajin ZhouBlockSec&Zhejiang UniversityThis work is a team effort of researchers from Zhejian。
20、#BHUSA BlackHatEventsWe R in a right pickle with all these We R in a right pickle with all these insecure serialization formatsinsecure serialization formatsSpeaker(s):Kasimir Schulz&Tom Bonner#B。
21、#BHUSA BlackHatEventsLet the Cache Cache and Let the WebAssembly Assemble:Knocking on Chromes ShellEdouard Bochin(le_douds),Tao Yan(Ga1ois)and Bo QuPalo Alto Networks#BHUSA BlackHatEvents2About UsSec。
22、#BHUSA BlackHatEventsBreaching AWS AccountsThroughShadow ResourcesYakir KadkodaMichael KatchinskiyOfek Itach#BHUSA BlackHatEventsAWS Account IDEach AWS account has a unique account ID12-digit IDSome 。
23、White Paper(Super Hat Trick:Exploit Chrome and Firefox Four Times)1White Paper(Super Hat Trick:Exploit Chrome and Firefox Four Times)BackgroundWith the widespread use of the JavaScript language,JavaS。
24、#BHUSA BlackHatEventsA Framework For Evaluating NationalCybersecurity StrategiesFred Heiding,Alex ONeill,Lachlan Price,Eric RosenbachResearch Fellow,Harvard_fredrikh01Fred HeidingAlex ONeillIndepende。
25、Into the Inbox:Novel Email Spoofing Attack PatternsSpeakers:Caleb Sargent&Hao Wang#BHUSA BlackHatEventsAbout UsCaleb Sargent(squared_)Offensive Security EngineerHao Wang(MrRed_Panda)Offensive Sec。
26、Low Energy to High Energy:Hacking Nearby EV-Chargers Over BluetoothThijs Alkemade&Khaled Nassar Computest Sector 7Introduction1.Be in Bluetooth/WiFi range 2.?3.Execute arbitrary code on the charg。
27、#BHUSA BlackHatEventsOvercoming State:Finding Baseband Overcoming State:Finding Baseband Vulnerabilities by Fuzzing Layer-2Vulnerabilities by Fuzzing Layer-2Speakers:Dyon Goos&Marius Muench#BHUSA。
28、#BHUSA BlackHatEventsYouve AlreadyYouve Already BeenBeen HackedHackedWhat if There Is a Backdoor in Your UEFI OROM?What if There Is a Backdoor in Your UEFI OROM?Kazuki Matsuo(InfPCTechStack)2024/8/8 。
29、Microarchitecture VulnerabilitiesPast,Present and FutureDaniel Gruss(Graz University of Technology)Anders Fogh(Intel Corporation)IntroductionDaniel GrussGraz University of TechnologyAnders FoghIntelD。
30、 1 Abstract Future cyber threats will include high volumes of sophisticated machine speed cyber-attacks that are able to evade and overwhelm traditional cyber defenders.In support of social good and 。
31、#BHUSA BlackHatEventsAre Your Backups Still Immutable,Even Though You Cant Access Them?Speaker(s):Rushank Shetty Ryan KaneINTROwhoamiData Immutability BackgroundVendor Case StudiesRecommendationsThe 。
32、FromWeapontoTarget:QuantumComputersParadoxMdlina BSorin Bolos,sorin.bolostransilvania-Adrian Coles,Andrei KAndrei Lut,as,Dan Lut,as,Radu Mrgineanradu.margineantransilvania-Andrei MRadu PMiruna Ros,Au。
33、#BHUSA BlackHatEventsSelf Hosted GitHub Self Hosted GitHub RunnersRunnersContinuous Integration,Continuous DestructionContinuous Integration,Continuous DestructionAdnan Khan|John StawinskiFirstA Stor。
34、#BHUSA BlackHatEventsKicking in the Door to the Kicking in the Door to the Cloud:Exploiting Cloud Cloud:Exploiting Cloud Provider Vulnerabilities for Provider Vulnerabilities for Initial AccessInitia。
35、#BHUSA BlackHatEventsBugs of yore:A bug hunting Bugs of yore:A bug hunting journey on VMwares hypervisorjourney on VMwares hypervisorZisis Sialveras,zisiscensus-,_zisis#BHUSA BlackHatEventsWHOAMI Com。
36、#BHUSA BlackHatEventsPyLingualPyLingual:A Python:A Python DecompilationDecompilation Framework for Framework for Evolving Python VersionsEvolving Python VersionsJosh Wiedemeier#BHUSA BlackHatEventsHe。
37、#BHUSA BlackHatEventsWhat Lies Beneath the Surface:What Lies Beneath the Surface:Evaluating LLMs for Offensive Cyber Capabilities through Evaluating LLMs for Offensive Cyber Capabilities through Prom。
38、#BHUSA BlackHatEventsAttention Is All You Need for Semantics DetectionA Novel Transformer on Neural-Symbolic ApproachSheng-Hao MaYi-An LinMars Chengaaaddress1marscheng_TXOne Networks|Keep the Operati。
39、Gotta Cache em allBending the rules of web cache exploitationMartin DoyhenardPortSwigger Research1.Web Caches2.Cache Rule Exploitation3.Cache Key Exploitation4.Cache-What-Where(DEMO)5.Defences6.Takea。
40、Modern Kill ChainsReal World SaaS Attacks and Mitigation StrategiesCory MichalVP of SecurityAugust 7,2024Brandon LevenePrincipal Product Manager,Threat DetectionBen PruceLead Threat Detection Enginee。
41、#BHUSA BlackHatEventsThe Way to Android Root:Exploiting Your GPU On SmartphoneXuan XingEugene RodionovXiling Gong#BHUSA BlackHatEventsWhoamiIncrease Android and Pixel security by attacking key compon。
42、1 Ignore Safety Directions.Violate the CFAA?Kendra Albert(Harvard Law School);Jonathon Penney(Osgoode Hall Law School/Harvard Berkman Klein Center);and Ram Shankar Siva Kumar(Harvard Berkman Klein Ce。
43、#BHUSA BlackHatEventsTerrapin Attack:Breaking SSH Channel Terrapin Attack:Breaking SSH Channel Integrity by Sequence Number ManipulationIntegrity by Sequence Number ManipulationFabian BumerRuhr Unive。
44、 2022 Akamai|Confidential1Tunnel VisionExploring VPN Post-Exploitation TechniquesOri DavidAgendaVPN exploitationVPN post-exploitationWhat can we do about itwhoamiOri DavidSecurity Researcher at Akama。
45、Splitting The Email AtomExploiting Parsers To Bypass Access ControlsGARETH HEYESOutlineWhy email address parser discrepancies matterThe shaky foundationParser discrepancies-Unicode overflows-Encoded-。
46、Windows Downdate:Downgrade Attacks Using Windows UpdatesAlon LevievSecurity Researcher SafeBreach22-years-oldSelf-taughtOS internals,reverse engineering and vulnerability researchFormer BJJ world and。
47、#BHUSA BlackHatEventsSecuring Network AppliancesSecuring Network Appliances:New Technologies and Old ChallengesSpeaker:Vladyslav Babkin#BHUSA BlackHatEvents$whoamiVladyslav Babkin(“hotab”)Network&。
48、#BHUSA BlackHatEventsBreak the Wall from Bottom:Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application FirewallsSpeaker:Qi Wang(Eki)Contributors:Jianjun Chen,Run Guo,Chao Zh。