All Blog Posts (967)

Stop that Release, There's a Vulnerability! (Black Hat Conference 2018)

Software companies can have hundreds of software products in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all. At the same time, the velocity of open source vulnerabilities that rapidly become public or vulnerabilities found within internally written code can challenge the best intentions of any SDLC.



How do you prioritize publicly known vulnerabilities against internally found…

Continue

Added by Shubham Gupta on September 28, 2018 at 12:05pm — No Comments

Back to the Future: A Radical Insecure Design of KVM on ARM (Black Hat Conference 2018)

In ARM there are certain instructions that generates exception. Such instructions are typically executed to request a service from software that runs at a higher privilege level. From the OS kernel (EL1), software can call the Hypervisor (EL2) with the HVC instruction.
The KVM Hypervisor is part of the Linux kernel and by default it is enabled on all supported ARM system. In ARM architecture KVM is implemented through split-mode virtualization and runs across different…
Continue

Added by Shubham Gupta on September 28, 2018 at 11:53am — No Comments

Open Sesame: Picking Locks with Cortana (Black Hat Conference 2018)

Many new devices are trying to fit into our life seamlessly. As a result, there’s a quest for a “universal access methods” for all devices. Voice activation seems to be a natural candidate for the task and many implementations for it surfaced in recent years. A few notable examples are Amazon’s Alexa, Google’s Assistant and Microsoft’s Cortana.

The problem starts when these “Universal” access methods, aimed for maximal comfort, meet the very “specific” use-case of the…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:45am — No Comments

LTE Network Automation Under Threat (Black Hat Conference 2018)

The control and management of mobile networks is shifting from manual to automatic in order to boost performance and efficiency and reduce expenditures. Especially, base stations in today's 4G/LTE networks can automatically configure and operate themselves which is technically referred to as Self Organizing Networks (SON). Additionally, they can auto-tune themselves by learning from their surrounding base stations. This talk inspects the consequences of operating a rogue base…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:30am — No Comments

Top talks on Windows Security from DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Windows Security at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 11:30am — No Comments

Top 9 Talks On Vulnerabilities & Exploits from DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Vulnerabilities & Exploits at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 11:30am — No Comments

Threat Modeling in 2018: Attacks, Impacts and Other Updates (Black Hat Conference 2018)

Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what's new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable. This includes new properties of systems being attacked, new attack techniques (like biometrics confused by LEDs) and a growing importance of threats to and/or through social media platforms and features. Take home ways to ensure your security engineering and…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:27am — No Comments

From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it (Black Hat Conference 2018)

Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised.

This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts. Is it enough?



The overwhelming answer is: No.



The security controls that matter most are the ones that best protect those with…

Continue

Added by Shubham Gupta on September 28, 2018 at 11:24am — No Comments

Top talks on Malware from DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Malware Security at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 11:00am — No Comments

Top talks on Security Research from DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Security Research at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 11:00am — No Comments

Top 5 Talks On MAC/iOS Security From DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on MAC/iOS Security at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 10:30am — No Comments

Top 3 Talks On IoT Security From DEF CON 26

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on IoT Security at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF CON…

Continue

Added by Amit, CISO Platform on September 28, 2018 at 10:30am — No Comments

Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering (Black Hat Conference 2018)

Traditional phishing and social engineering attack techniques are typically well-documented and understood. While such attacks often still succeed, a combination of psychology, awareness campaigns, and technical or physical controls has made significant progress in limiting their effectiveness.



In response, attackers are turning to increasingly sophisticated and longer-term efforts involving self-referencing synthetic networks, multiple credible false…

Continue

Added by Shubham Gupta on September 27, 2018 at 4:08pm — No Comments

An Attacker Looks at Docker: Approaching Multi-Container Applications (Black Hat Conference 2018)

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. This is likely to make life a lot easier for attackers.



While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and…

Continue

Added by Shubham Gupta on September 27, 2018 at 4:03pm — No Comments

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers (Black Hat Conference 2018)

The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," in which analog and digital circuitry are residing on the same silicon die. A typical example is WiFi chips which include a microcontroller (digital logic) where crypto and protocols are implemented together with the radio transceiver (analog logic). The special challenge of such designs is to separate the "noisy" digital circuits from the sensitive analog…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:59pm — No Comments

Remotely Attacking System Firmware (Black Hat Conference 2018)

In recent years, we have been witnessing a steady increase in security vulnerabilities in firmware. Nearly all of these issues require local (often privileged) or physical access to exploit. In this talk, we will present novel *remote* attacks on system firmware. 



In this talk, we will show different remote attack vectors into system firmware, including networking, updates over the Internet, and error reporting. We will also be demonstrating and remotely…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:50pm — No Comments

TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever (Black Hat Conference 2018)

In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:43pm — No Comments

Miasm: Reverse Engineering Framework (Black Hat Conference 2018)

Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). Since then, it has been continuously improved through a daily use. The framework is made of several parts, including an assembler/disassembler for several architectures (x86, aarch64, arm, etc.), an human readable intermediate language describing their instructions' semantic, or sandboxing capabilities of Windows/Linux environment. On top of these foundations, higher level analysis are…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:30pm — No Comments

KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous

Modern operating systems nowadays implement read-only memory mappings at their CPU architecture level, preventing common security attacks. By mapping memories as read-only, the memory owner process can usually trust the memory content, eleminating unnecessary security considerations such as boundary check, TOCTTOU(Time of check to time of use) issues etc., with the assumption of other processes not being able to mutate read-only shared mappings in their own virtual…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:10pm — No Comments

Software Attacks on Hardware Wallets (Black Hat Conference 2018)

Almost all security research has a question often left unanswered: what would be the financial consequence, if a discovered vulnerability is maliciously exploited? The security community almost never knows, unless a real attack takes place and the damage becomes known to the public. Development of the cryptocurrencies made it even more difficult to control the impact of an attack since all the security relies on a single wallet's private key which needs to stay secure. Multiple…

Continue

Added by Shubham Gupta on September 27, 2018 at 3:02pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts