All Blog Posts (1,007)

The Finest Penetration Testing Framework for Software-Defined Networks (Black Hat Conference 2018)

Software-Defined Networking (SDN) is getting attention for the next-generation networking today. The key concept of SDN is to decouple the control logic from the traditional network devices so that network developers can design innovative network functions in a more flexible and programmable way. However, SDN is not always bringing advantages to us. Security experts have constantly raised security concerns about SDN, and some vulnerabilities have been uncovered in the real…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:51pm — No Comments

Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars (Black Hat Conference 2018)

We, Keen Security Lab of Tencent, have successfully implemented two remote attacks on the Tesla Model S/X in year 2016 and 2017. Last year, at Black Hat USA, we presented the details of our first attack chain. At that time, we showed a demonstration video of our second attack chain, but without technical aspects. This year, we are willing to share our full, in-depth details on this research.



In this presentation, we will explain the inner workings of…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:44pm — No Comments

DeepLocker - Concealing Targeted Attacks with AI Locksmithing (Black Hat Conference 2018)

In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.

DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:39pm — No Comments

IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies (Black Hat Conference 2018)

Computer malware in all its forms is nearly as old as the first PCs running commodity OSes, dating back at least 30 years. However, the number and the variety of "computing devices" dramatically increased during the last several years. Therefore, the focus of malware authors and operators slowly but steadily started shifting or expanding towards Internet of Things (IoT) malware.

Unfortunately, at present there is no publicly available comprehensive study and methodology that…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:16pm — No Comments

From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities (Black Hat Conference 2018)

Writing a working exploit for a vulnerability is generally challenging, time-consuming, and labor-intensive. To address this issue, automated exploit generation techniques can be adopted. In practice, existing techniques however exhibit an insufficient ability to craft exploits, particularly for the kernel vulnerabilities. On the one hand, this is because their technical approaches explore exploitability only in the context of a crashing process whereas generating an exploit…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:07pm — No Comments

Lowering the Bar: Deep Learning for Side Channel Analysis (Black Hat Conference 2018)

Deep learning can help automate the signal analysis process in power side channel analysis. So far, power side channel analysis relies on the combination of cryptanalytic science, and the art of signal processing. Deep learning is essentially a classification algorithm, but instead of training it on cats, we train it to recognize different leakages in a chip. Even more so, we do this such that typical signal processing problems such as noise reduction and re-alignment are automatically…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:00pm — No Comments

Legal Liability for IOT Cybersecurity Vulnerabilities (Black Hat Conference 2018)

There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon. 



The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the…

Continue

Added by Shubham Gupta on October 1, 2018 at 2:00pm — No Comments

Exploitation of a Modern Smartphone Baseband (Black Hat Conference 2018)

In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. As a case study, we will explain in details our 2017 Mobile Pwn2Own entry, where we gained RCE (Remote Code Execution) with a 0-day on the baseband of a smartphone, which was among the target of the competition. We exploited successfully the phone…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:53pm — No Comments

Automated Discovery of Deserialization Gadget Chains (Black Hat Conference 2018)

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:30pm — No Comments

Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities (Black Hat Conference 2018)

2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security boundaries that web browsers, operating systems, and cloud providers rely on for isolation to protect customer data. Now, rewind back to the summer of 2017. This disclosure and the industry response were months in the making. A new…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:21pm — No Comments

WebAssembly: A New World of Native Exploits on the Browser (Black Hat Conference 2018)

WebAssembly (WASM) is a new technology being developed by the major browser vendors through the W3C. A direct descendent of NaCl and Asm.js, the idea is to allow web developers to run native (e.g. C/C++) code in a web page at near-native performance. WASM is already widely supported in the latest versions of all major browsers, and new use case examples are constantly popping up in the wild. Notable examples include 3D model rendering, interface design, visual data processing, and…

Continue

Added by Shubham Gupta on October 1, 2018 at 1:15pm — No Comments

Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks (Black Hat Conference 2018)

Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Researchers have been able to successfully attack deep learning models used to classify malware to completely change their predictions by only accessing the output label of the model for the input samples fed by the attacker. Moreover, we've also seen attackers attempting to poison our training data for ML models by sending fake telemetry…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:36pm — No Comments

Outsmarting the Smart City (Black Hat Conference 2018)

The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:19pm — No Comments

Stealth Mango and the Prevalence of Mobile Surveillanceware (Black Hat Conference 2018)

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:13pm — No Comments

Stealth Mango and the Prevalence of Mobile Surveillanceware (Black Hat Conference 2018)

In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:13pm — No Comments

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs (Black Hat Conference 2018)

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the…

Continue

Added by Shubham Gupta on October 1, 2018 at 12:05pm — No Comments

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (Black Hat Conference 2018)

OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryptographic standards. The belief in email security is likely based on the fact that email is non-interactive and thus an attacker cannot directly exploit vulnerability types present in TLS, SSH, or IPsec.



We…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:27pm — No Comments

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities (Black Hat Conference 2018)

Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:23pm — No Comments

A Deep Dive into macOS MDM (and How it can be Compromised) (Black Hat Conference 2018)

On macOS, DEP (Device Enrollment Program) and MDM (Mobile Device Management) are the recommended methods for automating the initial setup & configuration of new devices. MDM can offer sophisticated system configuration options, including privileged operations such as adding new trusted root CA certificates to the System Keychain. Apple's MDM implementation has gained popularity in the enterprise world recently due to their richer feature set.

The recent introduction of…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:15pm — No Comments

AI & ML in Cyber Security - Why Algorithms are Dangerous (Black Hat Conference 2018)

Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.



Guess what. It's all baloney. We have entered a state in cyber security that…

Continue

Added by Shubham Gupta on September 28, 2018 at 1:00pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service