All Blog Posts (982)

Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities (Black Hat Conference 2018)

2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security boundaries that web browsers, operating systems, and cloud providers rely on for isolation to protect customer data. Now, rewind back to the summer of 2017. This disclosure and the industry response were months in the making. A new…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:21pm — No Comments

WebAssembly: A New World of Native Exploits on the Browser (Black Hat Conference 2018)

WebAssembly (WASM) is a new technology being developed by the major browser vendors through the W3C. A direct descendent of NaCl and Asm.js, the idea is to allow web developers to run native (e.g. C/C++) code in a web page at near-native performance. WASM is already widely supported in the latest versions of all major browsers, and new use case examples are constantly popping up in the wild. Notable examples include 3D model rendering, interface design, visual data processing, and…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:15pm — No Comments

Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks (Black Hat Conference 2018)

Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Researchers have been able to successfully attack deep learning models used to classify malware to completely change their predictions by only accessing the output label of the model for the input samples fed by the attacker. Moreover, we've also seen attackers attempting to poison our training data for ML models by sending fake telemetry…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:36pm — No Comments

Outsmarting the Smart City (Black Hat Conference 2018)

The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:19pm — No Comments

Stealth Mango and the Prevalence of Mobile Surveillanceware (Black Hat Conference 2018)

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:13pm — No Comments

Stealth Mango and the Prevalence of Mobile Surveillanceware (Black Hat Conference 2018)

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:13pm — No Comments

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs (Black Hat Conference 2018)

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:05pm — No Comments

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (Black Hat Conference 2018)

OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryptographic standards. The belief in email security is likely based on the fact that email is non-interactive and thus an attacker cannot directly exploit vulnerability types present in TLS, SSH, or IPsec.



We…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:27pm — No Comments

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities (Black Hat Conference 2018)

Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:23pm — No Comments

A Deep Dive into macOS MDM (and How it can be Compromised) (Black Hat Conference 2018)

On macOS, DEP (Device Enrollment Program) and MDM (Mobile Device Management) are the recommended methods for automating the initial setup & configuration of new devices. MDM can offer sophisticated system configuration options, including privileged operations such as adding new trusted root CA certificates to the System Keychain. Apple's MDM implementation has gained popularity in the enterprise world recently due to their richer feature set.

The recent introduction of…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:15pm — No Comments

AI & ML in Cyber Security - Why Algorithms are Dangerous (Black Hat Conference 2018)

Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.



Guess what. It's all baloney. We have entered a state in cyber security that…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:00pm — No Comments

Your Voice is My Passport (Black Hat Conference 2018)

Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning have shown that text-to-speech systems can generate synthetic, high-quality audio of subjects using audio recordings of their speech. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning models and…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:35pm — No Comments

Snooping on Cellular Gateways and Their Critical Role in ICS (Black Hat Conference 2018)

To keep up with the growing demand of always-on and available-anywhere connectivity, the use of cellular, in comparison to its wireless mobile connectivity counterpart in the electromagnetic spectrum, is rapidly expanding. My research in the IoT space led me down the path of discovering a variety of vulnerabilities related to cellular devices manufactured by Sierra Wireless and many others. Proper disclosures have occurred; however, many manufactures have been slow to respond.…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:23pm — No Comments

Kernel Mode Threats and Practical Defenses (Black Hat Conference 2018)

Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware such as TDL4 and ZeroAccess. However, advanced attackers have found ways of evading these protections and continue to leverage kernel mode malware to stay one step ahead of the defenders. We will examine the techniques from malware such as DoublePulsar, SlingShot, and Turla that help attackers evade…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:16pm — No Comments

The Problems and Promise of WebAssembly (Black Hat Conference 2018)

WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native speed. But how does WebAssembly work, and how does it execute code while maintaining the security guarantees of a browser? This presentation gives an overview of the features of WebAssembly, as well as examples of vulnerabilities that occur in each feature. It will also discuss the future of WebAssembly, and emerging areas of security concern. Learn to find bugs in one of the newest…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:11pm — No Comments

Stop that Release, There's a Vulnerability! (Black Hat Conference 2018)

Software companies can have hundreds of software products in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all. At the same time, the velocity of open source vulnerabilities that rapidly become public or vulnerabilities found within internally written code can challenge the best intentions of any SDLC.



How do you prioritize publicly known vulnerabilities against internally found…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:05pm — No Comments

Back to the Future: A Radical Insecure Design of KVM on ARM (Black Hat Conference 2018)

In ARM there are certain instructions that generates exception. Such instructions are typically executed to request a service from software that runs at a higher privilege level. From the OS kernel (EL1), software can call the Hypervisor (EL2) with the HVC instruction.
The KVM Hypervisor is part of the Linux kernel and by default it is enabled on all supported ARM system. In ARM architecture KVM is implemented through split-mode virtualization and runs across different…
Continue

Added by Shubham Gupta on September 28, 2018 at 11:30am — No Comments

Open Sesame:Picking Locks with Cortana (Black Hat Conference 2018)

Many new devices are trying to fit into our life seamlessly. As a result, there’s a quest for a “universal access methods” for all devices. Voice activation seems to be a natural candidate for the task and many implementations for it surfaced in recent years. A few notable examples are Amazon’s Alexa, Google’s Assistant and Microsoft’s Cortana.

The problem starts when these “Universal” access methods, aimed for maximal comfort, meet the very “specific” use-case of the enterprise…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:30am — No Comments

LTE Network Automation Under Threat (Black Hat Conference 2018)

The control and management of mobile networks is shifting from manual to automatic in order to boost performance and efficiency and reduce expenditures. Especially, base stations in today's 4G/LTE networks can automatically configure and operate themselves which is technically referred to as Self Organizing Networks (SON). Additionally, they can auto-tune themselves by learning from their surrounding base stations. This talk inspects the consequences of operating a rogue base station…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:30am — No Comments

Top talks on Windows Security from DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Windows Security at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 11:30am — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts