Some PDFs from Blackhat 2015
The Black Hat Conference of 2015 just concluded in Las Vegas, and they've got a lot to show for it. If you're not familiar with Black Hat, they are:
How to build an asychronous and fileless back door,
Reverse Engineering a Smart Card,
Automated Human Vulnerability Scanning with AVA,
Big Game Hunting: Nation-state malware research,
https://www.blackhat.com/docs/us-15/materials/us-15-Davis-Deep-Learning-On-Disassembly.pdf
Toward Automated Scalable Analysis of Graphical Images Embedded in Malware,
Hidden risks of biometric identifiers and how to avoid them,
Internet Facing PLCs: a new back orifice,
Internet-scale file analysis,
The ELK: Obtaining context from security events,
Conti Pen testing a city,
Modern Active Directory attacks: detection and protection,
Remote physical damage 101 Bread and Butter attacks,
Sharing more than just your files,
The memory sinkhole: unleashing an X86 design flaw allowing univeral privilege escalation,
The NSA Playset: a year of toys and tools,
Understanding and managing entropy usage,
Using static binary analysis to find vulnerabilities and backdoors in firmware, and
Web timing attacks made practical.
Editor's note: For what it's worth, the Black Hat Review Board oversees the entire organization and is supposed to be a selection of the industry's best and brightest. I don't recognize any names, which probably says more about your editor than about the Board. What is |.'s opinion of Black Hat and its annual conferences?
the most technical and relevant global information security event series in the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.Here are links for PDFs provided as part of the 2015 event (don't read them in Firefox's built-in PDF reader; it's got a vulnerability):
From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, the Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.
How to build an asychronous and fileless back door,
Reverse Engineering a Smart Card,
Automated Human Vulnerability Scanning with AVA,
Big Game Hunting: Nation-state malware research,
https://www.blackhat.com/docs/us-15/materials/us-15-Davis-Deep-Learning-On-Disassembly.pdf
Toward Automated Scalable Analysis of Graphical Images Embedded in Malware,
Hidden risks of biometric identifiers and how to avoid them,
Internet Facing PLCs: a new back orifice,
Internet-scale file analysis,
The ELK: Obtaining context from security events,
Conti Pen testing a city,
Modern Active Directory attacks: detection and protection,
Remote physical damage 101 Bread and Butter attacks,
Sharing more than just your files,
The memory sinkhole: unleashing an X86 design flaw allowing univeral privilege escalation,
The NSA Playset: a year of toys and tools,
Understanding and managing entropy usage,
Using static binary analysis to find vulnerabilities and backdoors in firmware, and
Web timing attacks made practical.
Editor's note: For what it's worth, the Black Hat Review Board oversees the entire organization and is supposed to be a selection of the industry's best and brightest. I don't recognize any names, which probably says more about your editor than about the Board. What is |.'s opinion of Black Hat and its annual conferences?
Check out the internet facing PLC systems one at least - stuff like Stuxnet, SCADA. Also interesting to me to see the German guys must have done their slides using LaTeX and the beamer package - awesome. Other presentations are so glossy they almost take away from the content (like the social engineering one). Last one I liked was about the smart cards - with application not only for printer cartridge manufacturers but that technology's push into the impending Internet of Things.