Las Presentaciones del Black Hat USA 2015

Ya tenemos disponible la mayoría de las presentaciones de la Black Hat USA 2015.

La lista es la siguiente:

• The Lifecycle of a Revolution
  us-15-Granick-The-Lifecycle-Of-A-Revolution.pdf
• Abusing Silent Mitigations – Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection
  us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection.pdf
  us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection-wp.pdf
• Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
  us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor.pdf
  us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf
  us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-WMIBackdoor.ps1
• Abusing XSLT for Practical Attacks
  us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks.pdf
  us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks-wp.pdf
• Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
  us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf
• Adventures in Femtoland: 350 Yuan for Invaluable Fun
• Ah! Universal Android Rooting is Back
  us-15-Xu-Ah-Universal-Android-Rooting-Is-Back.pdf
  us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf
• Android Security State of the Union
• API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers
  us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf
• Assessing and Exploiting BigNum Vulnerabilities
• Attacking ECMAScript Engines with Redefinition
  us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition
  us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition-wp.pdf
• Attacking Hypervisors Using Firmware and Hardware
• Attacking Interoperability – An OLE Edition
  us-15-Li-Attacking-Interoperability-An-OLE-Edition.pdf
• Attacking Your Trusted Core: Exploiting Trustzone on Android
  us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf
  us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android-wp.pdf
• Automated Human Vulnerability Scanning with AVA
  us-15-Bell-Automated-Human-Vulnerability-Scanning-With-AVA.pdf
• Back Doors and Front Doors Breaking the Unbreakable System
• Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture
• Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity
  us-15-Daugherty-Behind-The-Mask-The-Agenda-Tricks-And-Tactics-Of-The-Federal-Trade-Commission-As-They-Regulate-Cybersecurity.pdf
• BGP Stream
• Big Game Hunting: The Peculiarities of Nation-State Malware Research
  us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf
• Breaking Access Controls with BLEKey
• Breaking Honeypots for Fun and Profit
• Breaking HTTPS with BGP Hijacking
  us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf
  us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf
• Breaking Payloads with Runtime Code Stripping and Image Freezing
  us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing.pdf
  us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing-wp.pdf
• Bring Back the Honeypots
• Bringing a Cannon to a Knife Fight
• Broadcasting Your Attack: Security Testing DAB Radio in Cars
• Bypass Control Flow Guard Comprehensively
  us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively.pdf
  us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf
• Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS
• Certifi-gate: Front-Door Access to Pwning Millions of Androids
  us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids.pdf
  us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids-wp.pdf
• Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security
  us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security.pdf
  us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security-wp.pdf
• Commercial Mobile Spyware – Detecting the Undetectable
  us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable.pdf
  us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable-wp.pdf
• CrackLord: Maximizing Password Cracking Boxes
  us-15-Morris-CrackLord-Maximizing-Password-Cracking.pdf
  us-15-Morris-CrackLord-Maximizing-Password-Cracking-wp.pdf
  us-15-Morris-CrackLord-Maximizing-Password-Cracking-src.zip
• Crash & Pay: How to Own and Clone Contactless Payment Devices
  us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.pdf
  us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices-wp.pdf
• Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network
• Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
• Deep Learning on Disassembly
  us-15-Davis-Deep-Learning-On-Disassembly.pdf
• Defeating Machine Learning: What Your Security Vendor is Not Telling You
• Defeating Pass-the-Hash: Separation of Powers
  us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers.pdf
  us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers-wp.pdf
• Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis
• Dom Flow – Untangling the DOM for More Easy-Juicy Bugs
  us-15-Nafeez-Dom-Flow-Untangling-The-DOM-For-More-Easy-Juicy-Bugs.pdf
• Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna
• Exploiting Out-of-Order Execution for Covert Cross-VM Communication
  us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication.pdf
  us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication-wp.pdf
• Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
  us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf
  us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges-wp.pdf
• Exploiting XXE Vulnerabilities in File Parsing Functionality
  us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality.pdf
  us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality-tool.zip
• Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
  us-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices-wp.pdf
• FileCry – The New Age of XXE
  us-15-Wang-FileCry-The-New-Age-Of-XXE.pdf
  us-15-Wang-FileCry-The-New-Age-Of-XXE-ie-wp.pdf
  us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf
• Fingerprints on Mobile Devices: Abusing and Leaking
  us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking.pdf
  us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf
• Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer
• From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC
  us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC.pdf
  us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC-wp.pdf
• Fuzzing Android System Services by Binder Call to Escalate Privilege
  us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf
  us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege-wp.pdf
• GameOver Zeus: Badguys and Backends
  us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf
  us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf
• Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
  us-15-Long-Graphic-Content-Ahead-Towards-Automated-Scalable-Analysis-Of-Graphical-Images-Embedded-In-Malware.pdf
• Harnessing Intelligence from Malware Repositories
  us-15-Lakhotia-Harnessing-Intelligence-From-Malware-Repositories.pdf
• HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs
  us-15-Price-Hi-This-Is-Urgent-Plz-Fix-ASAP-Critical-Vulnerabilities-And-Bug-Bounty-Programs.pdf
• Hidden Risks of Biometric Identifiers and How to Avoid Them
  us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them.pdf
  us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them-wp.pdf
• How to Hack Government: Technologists as Policy Makers
• How to Implement IT Security After a Cyber Meltdown
  us-15-Kubecka-How-To-Implement-IT-Security-After-A-Cyber-Meltdown.pdf
• How Vulnerable are We to Scams?
  us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams.pdf
  us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams-wp.pdf
• Information Access and Information Sharing: Where We are and Where We are Going
• Internet Plumbing for Security Professionals: The State of BGP Security
  us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security.pdf
  us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security-wp.pdf
• Internet-Facing PLCs – A New Back Orifice
  us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice.pdf
  us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-wp.pdf
• Internet-Scale File Analysis
  us-15-Hanif-Internet-Scale-File-Analysis.pdf
  us-15-Hanif-Internet-Scale-File-Analysis-wp.pdf
• Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail
• Mobile Point of Scam: Attacking the Square Reader
  us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader.pdf
  us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader-wp.pdf
• Most Ransomware Isnt as Complex as You Might Think
  us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think.pdf
  us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think-wp.pdf
• My Bro the ELK: Obtaining Context from Security Events
  us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events.pdf
  us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events-wp.pdf
• Optimized Fuzzing IOKit in iOS
  us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS.pdf
  us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf
• Panel: Getting It Right: Straight Talk on Threat & Information Sharing
• Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry
• Pen Testing a City
  us-15-Conti-Pen-Testing-A-City.pdf
  us-15-Conti-Pen-Testing-A-City-wp.pdf
• Red vs Blue: Modern Active Directory Attacks Detection and Protection
  us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf
  us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection-wp.pdf
• Remote Exploitation of an Unaltered Passenger Vehicle
• Remote Physical Damage 101 – Bread and Butter Attacks
  us-15-Larsen-Remote-Physical-Damage-101-Bread-And-Butter-Attacks.pdf
• Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware
  us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware.pdf
  us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware-wp.pdf
• Return to Where? You Cant Exploit What You Cant Find
• Review and Exploit Neglected Attack Surfaces in iOS 8
  us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf
• Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
  us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion.pdf
  us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion-wp.pdf
• ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion
  us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion.pdf
  us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion-wp.pdf
• Securing Your Big Data Environment
  us-15-Gaddam-Securing-Your-Bigdata-Environment.pdf
  us-15-Gaddam-Securing-Your-Bigdata-Environment-wp.pdf
• Server-Side Template Injection: RCE for the Modern Web App
  us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
• SMBv2: Sharing More than Just Your Files
  us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
• Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities
• Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
  us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service.pdf
  us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service-wp.pdf
• Stagefright: Scary Code in the Heart of Android
• Staying Persistent in Software Defined Networks
  us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks.pdf
  us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-wp.pdf
  us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-tool.py
• Stranger Danger! What is the Risk from 3rd Party Libraries?
• Subverting Satellite Receivers for Botnet and Profit
  us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit.pdf
  us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit-wp.pdf
• Switches Get Stitches
  us-15-Cassidy-Switches-Get-Stitches.pdf
• Take a Hacker to Work Day – How Federal Prosecutors Use the CFAA
  us-15-Bailey-Take-A-Hacker-To-Work Day-How-Federal-Prosecutors-Use-The-CFAA.pdf
• Taking Event Correlation with You
  us-15-King-Taking-Event-Correlation-With-You.pdf
  us-15-King-Taking-Event-Correlation-With-You-wp.pdf
  us-15-King-Taking-Event-Correlation-With-You-tool.tgz
• Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
  us-15-Vixie-Targeted-Takedowns-Minimizing-Collateral-Damage-Using-Passive-DNS.pdf
• Taxonomic Modeling of Security Threats in Software Defined Networking
  us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pdf
  us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking-wp.pdf
• The Applications of Deep Learning on Traffic Identification
  us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification.pdf
  us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification-wp.pdf
• The Battle for Free Speech on the Internet
• The Kali Linux Dojo Workshop #1: Rolling Your Own – Generating Custom Kali Linux 20 ISOs
• The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support
• The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems
  us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems.pdf
  us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems-wp.pdf
• The Memory Sinkhole – Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
  us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf
  us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
• The Nodejs Highway: Attacks are at Full Throttle
  us-15-Siman-The-Node-Js-Highway-Attacks-Are-At-Full-Throttle.pdf
• The NSA Playset: A Year of Toys and Tools
  us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf
• The Tactical Application Security Program: Getting Stuff Done
• These are Not Your Grand Daddys CPU Performance Counters – CPU Hardware Performance Counters for Security
  us-15-Herath-These-Are-Not-Your-Grand-Daddys-CPU-Performance-Counters-CPU-Hardware-Performance-Counters-For-Security.pdf
• THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
  us-15-Park-This-Is-DeepERENT-Tracking-App-Behaviors-With-Nothing-Changed-Phone-For-EvasiveAAndroid-Malware.pdf
• ThunderStrike 2: Sith Strike
  us-15-Hudson-Thunderstrike-2-Sith-Strike.pdf
• TrustKit: Code Injection on iOS 8 for the Greater Good
  us-15-Diquet-TrustKit-Code-Injection-On-iOS-8-For-The-Greater-Good.pdf
• Understanding and Managing Entropy Usage
  us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf
  us-15-Potter-Understanding-And-Managing-Entropy-Usage-wp.pdf
• Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine
  us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine.pdf
  us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf
• Unicorn: Next Generation CPU Emulator Framework
• Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
  us-15-Kruegel-Using-Static-Binary-Analysis-To-Find-Vulnerabilities-And-Backdoors-In-Firmware.pdf
• Web Timing Attacks Made Practical
  us-15-Morgan-Web-Timing-Attacks-Made-Practical.pdf
  us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf
• When IoT Attacks: Hacking a Linux-Powered Rifle
  us-15-Sandvik-When-IoT-Attacks-Hacking-A-Linux-Powered-Rifle.pdf
• Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence
  us-15-Saxe-Why-Security-Data-Science-Matters-And-How-Its-Different.pdf
• Winning the Online Banking War
  us-15-Park-Winning-The-Online-Banking-War.pdf
  us-15-Park-Winning-The-Online-Banking-War-wp.pdf
• Writing Bad @$$ Malware for OS X
  us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf
• WSUSpect – Compromising the Windows Enterprise via Windows Update
  us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update.pdf
  us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update-wp.pdf
• ZigBee Exploited the Good the Bad and the Ugly
  us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly.pdf
  us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf

Fuente: Segu-Info

Compartir