Ya tenemos disponible la mayoría de las presentaciones de la Black Hat USA 2015.
La lista es la siguiente:
- The Lifecycle of a Revolution
us-15-Granick-The-Lifecycle-Of-A-Revolution.pdf - Abusing Silent Mitigations – Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection
us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection.pdf
us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection-wp.pdf - Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor.pdf
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-WMIBackdoor.ps1 - Abusing XSLT for Practical Attacks
us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks.pdf
us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks-wp.pdf - Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf - Adventures in Femtoland: 350 Yuan for Invaluable Fun
- Ah! Universal Android Rooting is Back
us-15-Xu-Ah-Universal-Android-Rooting-Is-Back.pdf
us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf - Android Security State of the Union
- API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers
us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf - Assessing and Exploiting BigNum Vulnerabilities
- Attacking ECMAScript Engines with Redefinition
us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition
us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition-wp.pdf - Attacking Hypervisors Using Firmware and Hardware
- Attacking Interoperability – An OLE Edition
us-15-Li-Attacking-Interoperability-An-OLE-Edition.pdf - Attacking Your Trusted Core: Exploiting Trustzone on Android
us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf
us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android-wp.pdf - Automated Human Vulnerability Scanning with AVA
us-15-Bell-Automated-Human-Vulnerability-Scanning-With-AVA.pdf - Back Doors and Front Doors Breaking the Unbreakable System
- Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture
- Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity
us-15-Daugherty-Behind-The-Mask-The-Agenda-Tricks-And-Tactics-Of-The-Federal-Trade-Commission-As-They-Regulate-Cybersecurity.pdf - BGP Stream
- Big Game Hunting: The Peculiarities of Nation-State Malware Research
us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf - Breaking Access Controls with BLEKey
- Breaking Honeypots for Fun and Profit
- Breaking HTTPS with BGP Hijacking
us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf
us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf - Breaking Payloads with Runtime Code Stripping and Image Freezing
us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing.pdf
us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing-wp.pdf - Bring Back the Honeypots
- Bringing a Cannon to a Knife Fight
- Broadcasting Your Attack: Security Testing DAB Radio in Cars
- Bypass Control Flow Guard Comprehensively
us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively.pdf
us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf - Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS
- Certifi-gate: Front-Door Access to Pwning Millions of Androids
us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids.pdf
us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids-wp.pdf - Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security
us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security.pdf
us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security-wp.pdf - Commercial Mobile Spyware – Detecting the Undetectable
us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable.pdf
us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable-wp.pdf - CrackLord: Maximizing Password Cracking Boxes
us-15-Morris-CrackLord-Maximizing-Password-Cracking.pdf
us-15-Morris-CrackLord-Maximizing-Password-Cracking-wp.pdf
us-15-Morris-CrackLord-Maximizing-Password-Cracking-src.zip - Crash & Pay: How to Own and Clone Contactless Payment Devices
us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.pdf
us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices-wp.pdf - Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network
- Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
- Deep Learning on Disassembly
us-15-Davis-Deep-Learning-On-Disassembly.pdf - Defeating Machine Learning: What Your Security Vendor is Not Telling You
- Defeating Pass-the-Hash: Separation of Powers
us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers.pdf
us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers-wp.pdf - Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis
- Dom Flow – Untangling the DOM for More Easy-Juicy Bugs
us-15-Nafeez-Dom-Flow-Untangling-The-DOM-For-More-Easy-Juicy-Bugs.pdf - Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna
- Exploiting Out-of-Order Execution for Covert Cross-VM Communication
us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication.pdf
us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication-wp.pdf - Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf
us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges-wp.pdf - Exploiting XXE Vulnerabilities in File Parsing Functionality
us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality.pdf
us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality-tool.zip - Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
us-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices-wp.pdf - FileCry – The New Age of XXE
us-15-Wang-FileCry-The-New-Age-Of-XXE.pdf
us-15-Wang-FileCry-The-New-Age-Of-XXE-ie-wp.pdf
us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf - Fingerprints on Mobile Devices: Abusing and Leaking
us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking.pdf
us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf - Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer
- From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC.pdf
us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC-wp.pdf - Fuzzing Android System Services by Binder Call to Escalate Privilege
us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf
us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege-wp.pdf - GameOver Zeus: Badguys and Backends
us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf
us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf - Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
us-15-Long-Graphic-Content-Ahead-Towards-Automated-Scalable-Analysis-Of-Graphical-Images-Embedded-In-Malware.pdf - Harnessing Intelligence from Malware Repositories
us-15-Lakhotia-Harnessing-Intelligence-From-Malware-Repositories.pdf - HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs
us-15-Price-Hi-This-Is-Urgent-Plz-Fix-ASAP-Critical-Vulnerabilities-And-Bug-Bounty-Programs.pdf - Hidden Risks of Biometric Identifiers and How to Avoid Them
us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them.pdf
us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them-wp.pdf - How to Hack Government: Technologists as Policy Makers
- How to Implement IT Security After a Cyber Meltdown
us-15-Kubecka-How-To-Implement-IT-Security-After-A-Cyber-Meltdown.pdf - How Vulnerable are We to Scams?
us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams.pdf
us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams-wp.pdf - Information Access and Information Sharing: Where We are and Where We are Going
- Internet Plumbing for Security Professionals: The State of BGP Security
us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security.pdf
us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security-wp.pdf - Internet-Facing PLCs – A New Back Orifice
us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice.pdf
us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-wp.pdf - Internet-Scale File Analysis
us-15-Hanif-Internet-Scale-File-Analysis.pdf
us-15-Hanif-Internet-Scale-File-Analysis-wp.pdf - Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail
- Mobile Point of Scam: Attacking the Square Reader
us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader.pdf
us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader-wp.pdf - Most Ransomware Isnt as Complex as You Might Think
us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think.pdf
us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think-wp.pdf - My Bro the ELK: Obtaining Context from Security Events
us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events.pdf
us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events-wp.pdf - Optimized Fuzzing IOKit in iOS
us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS.pdf
us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf - Panel: Getting It Right: Straight Talk on Threat & Information Sharing
- Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry
- Pen Testing a City
us-15-Conti-Pen-Testing-A-City.pdf
us-15-Conti-Pen-Testing-A-City-wp.pdf - Red vs Blue: Modern Active Directory Attacks Detection and Protection
us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf
us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection-wp.pdf - Remote Exploitation of an Unaltered Passenger Vehicle
- Remote Physical Damage 101 – Bread and Butter Attacks
us-15-Larsen-Remote-Physical-Damage-101-Bread-And-Butter-Attacks.pdf - Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware
us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware.pdf
us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware-wp.pdf - Return to Where? You Cant Exploit What You Cant Find
- Review and Exploit Neglected Attack Surfaces in iOS 8
us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf - Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion.pdf
us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion-wp.pdf - ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion
us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion.pdf
us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion-wp.pdf - Securing Your Big Data Environment
us-15-Gaddam-Securing-Your-Bigdata-Environment.pdf
us-15-Gaddam-Securing-Your-Bigdata-Environment-wp.pdf - Server-Side Template Injection: RCE for the Modern Web App
us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf - SMBv2: Sharing More than Just Your Files
us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf - Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities
- Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service.pdf
us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service-wp.pdf - Stagefright: Scary Code in the Heart of Android
- Staying Persistent in Software Defined Networks
us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks.pdf
us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-wp.pdf
us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-tool.py - Stranger Danger! What is the Risk from 3rd Party Libraries?
- Subverting Satellite Receivers for Botnet and Profit
us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit.pdf
us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit-wp.pdf - Switches Get Stitches
us-15-Cassidy-Switches-Get-Stitches.pdf - Take a Hacker to Work Day – How Federal Prosecutors Use the CFAA
us-15-Bailey-Take-A-Hacker-To-Work Day-How-Federal-Prosecutors-Use-The-CFAA.pdf - Taking Event Correlation with You
us-15-King-Taking-Event-Correlation-With-You.pdf
us-15-King-Taking-Event-Correlation-With-You-wp.pdf
us-15-King-Taking-Event-Correlation-With-You-tool.tgz - Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
us-15-Vixie-Targeted-Takedowns-Minimizing-Collateral-Damage-Using-Passive-DNS.pdf - Taxonomic Modeling of Security Threats in Software Defined Networking
us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pdf
us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking-wp.pdf - The Applications of Deep Learning on Traffic Identification
us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification.pdf
us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification-wp.pdf - The Battle for Free Speech on the Internet
- The Kali Linux Dojo Workshop #1: Rolling Your Own – Generating Custom Kali Linux 20 ISOs
- The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support
- The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems
us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems.pdf
us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems-wp.pdf - The Memory Sinkhole – Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf
us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf - The Nodejs Highway: Attacks are at Full Throttle
us-15-Siman-The-Node-Js-Highway-Attacks-Are-At-Full-Throttle.pdf - The NSA Playset: A Year of Toys and Tools
us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf - The Tactical Application Security Program: Getting Stuff Done
- These are Not Your Grand Daddys CPU Performance Counters – CPU Hardware Performance Counters for Security
us-15-Herath-These-Are-Not-Your-Grand-Daddys-CPU-Performance-Counters-CPU-Hardware-Performance-Counters-For-Security.pdf - THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
us-15-Park-This-Is-DeepERENT-Tracking-App-Behaviors-With-Nothing-Changed-Phone-For-EvasiveAAndroid-Malware.pdf - ThunderStrike 2: Sith Strike
us-15-Hudson-Thunderstrike-2-Sith-Strike.pdf - TrustKit: Code Injection on iOS 8 for the Greater Good
us-15-Diquet-TrustKit-Code-Injection-On-iOS-8-For-The-Greater-Good.pdf - Understanding and Managing Entropy Usage
us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf
us-15-Potter-Understanding-And-Managing-Entropy-Usage-wp.pdf - Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine
us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine.pdf
us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf - Unicorn: Next Generation CPU Emulator Framework
- Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
us-15-Kruegel-Using-Static-Binary-Analysis-To-Find-Vulnerabilities-And-Backdoors-In-Firmware.pdf - Web Timing Attacks Made Practical
us-15-Morgan-Web-Timing-Attacks-Made-Practical.pdf
us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf - When IoT Attacks: Hacking a Linux-Powered Rifle
us-15-Sandvik-When-IoT-Attacks-Hacking-A-Linux-Powered-Rifle.pdf - Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence
us-15-Saxe-Why-Security-Data-Science-Matters-And-How-Its-Different.pdf - Winning the Online Banking War
us-15-Park-Winning-The-Online-Banking-War.pdf
us-15-Park-Winning-The-Online-Banking-War-wp.pdf - Writing Bad @$$ Malware for OS X
us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf - WSUSpect – Compromising the Windows Enterprise via Windows Update
us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update.pdf
us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update-wp.pdf - ZigBee Exploited the Good the Bad and the Ugly
us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly.pdf
us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf
Fuente: Segu-Info