Blackhat - All Articles - CISO Platform2024-03-29T09:00:32Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/BlackhatSoftware Attacks on Hardware Wallets (Black Hat Conference 2018)https://www.cisoplatform.com/profiles/blogs/software-attacks-on-hardware-wallets-black-hat-conference-20182018-09-27T09:30:00.000Z2018-09-27T09:30:00.000ZShubham Guptahttps://www.cisoplatform.com/members/ShubhamGupta<div><p><span>Almost all security research has a question often left unanswered: what would be the financial consequence, if a discovered vulnerability is maliciously exploited? The security community almost never knows, unless a real attack takes place and the damage becomes known to the public. Development of the cryptocurrencies made it even more difficult to control the impact of an attack since all the security relies on a single wallet's private key which needs to stay secure. Multiple breaches of private wallets and public currency exchange services are well-known, and to address the issue a few companies have come up with secure hardware storage devices to preserve the wallet's secrets at all costs.</span><br /> <br /> <span>But, how secure are they? In this research, we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by an attacker. The number of identified vulnerabilities in the hardware wallet show how software vulnerabilities in the TEE operating system can lead to a compromise of the memory isolation and a reveal of secrets of the OS and other user applications. Finally, based on the identified vulnerabilities an attack is proposed which allows anyone with only physical access to the hardware wallet to retrieve secret keys and data from the device. Additionally, a supply chain attack on a device allowing an attacker to bypass security features of the device and have full control of the installed wallets on the device.</span></p><p></p><p><span class="font-size-5">Speakers</span></p><p></p><p><span><strong>Alyssa Milburn</strong><br /> <br /> Alyssa Milburn is a Security Analyst at Riscure where you can trust here to break stuff. She enjoys low-level computing, particularly compilers (including working with LLVM/gcc), kernel-level work and embedded platforms. She is fascinated by old computer games. She is also involved in various open source projects in this vein, in particular ScummVM, GemRB and openc2e. Reverse engineering is great fun too; as well as taking apart old computer games, she has also applied her skills for analyzing embedded firmware, and for security work.</span></p><p></p><p><span><strong>Sergei Volokitin</strong><br /> <br /> Sergei Volokitin is a security analyst at Riscure in the Netherlands where his work is mostly focused on security evaluation of embedded systems and security testing of smart card platforms and TEE based solutions. He has a number of publications on Java Card platform attacks and conference presentations on hardware security.</span></p><p></p><p></p><p></p><p><span class="font-size-5">Detailed Presentation:</span></p><p><iframe src="//www.slideshare.net/slideshow/embed_code/key/KPrdIhLjwNtQj2" width="595" height="485" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/software-attacks-on-hardware-wallets-116860623" title="Software Attacks on Hardware Wallets" target="_blank">Software Attacks on Hardware Wallets</a></strong> from <strong><a href="https://www.slideshare.net/cisoplatform7" target="_blank">Priyanka Aash</a></strong></div><p></p><div><p><strong>(Source: Black Hat USA 2018, Las Vegas)</strong></p><p></p><p><strong><a href="http://www.cisoplatform.com/main/authorization/signUp?" target="_blank"><img src="{{#staticFileLink}}8669820464,original{{/staticFileLink}}" width="750" class="align-full" alt="8669820464?profile=original" /></a></strong></p></div><p></p><p></p><p></p><p><span> </span></p></div>Top 9 'Malware' Talks From Black Hat Conference 2018 (USA)https://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa2018-10-03T16:30:00.000Z2018-10-03T16:30:00.000ZShubham Guptahttps://www.cisoplatform.com/members/ShubhamGupta<div><p>Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.</p><p>Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)</p><p></p><p>(Source: Black Hat Conference USA 2018)</p><p></p><p></p><p><span style="font-weight:400;"><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img width="750" src="{{#staticFileLink}}8669823292,original{{/staticFileLink}}" class="align-full" alt="8669823292?profile=original" /></a></span></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/dissecting-non-malicious-artifacts-one-ip-at-a-time-black-hat-con" target="_blank">1) Dissecting Non-Malicious Artifacts: One IP at a Time</a></span></p><p><b>Speaker: Dani Goland, Ido Naor</b></p><p><span style="font-weight:400;">In our research, we dived into these malware-scanning giants and built sophisticated Yara rules to capture non-malicious artifacts and dissect them from secrets you've never thought possible of getting out of their chamber. But that's not all. We will show the audience how we built an intelligence tool, that upon insertion of an API key, will auto-dissect a full dataset. In our talk, we reveal the awful truth about allowing internally installed security products to be romantically involved with online scanners.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/dissecting-non-malicious-artifacts-one-ip-at-a-time-black-hat-con" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669825889,original{{/staticFileLink}}" width="750" class="align-full" alt="8669825889?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/finding-xori-malware-analysis-triage-with-automated-disassembly-b" target="_blank">2) Finding Xori: Malware Analysis Triage with Automated Disassembly</a></span></p><p><b>Speaker: Amanda Rousseau, Richard Seymour</b></p><p><span style="font-weight:400;">In a world of high volume malware and limited researchers, we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately, what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the white hat community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/finding-xori-malware-analysis-triage-with-automated-disassembly-b" target="_blank">>>Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669826272,original{{/staticFileLink}}" width="750" class="align-full" alt="8669826272?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/measuring-the-speed-of-the-red-queen-s-race-adaption-and-evasion-" target="_blank">3) Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware</a></span></p><p><b>Speaker: Felipe Ducau, Richard Harang</b></p><p><span style="font-weight:400;">Security is a constant cat-and-mouse game between those trying to keep abreast of and detect novel malware, and the authors attempting to evade detection. The introduction of the statistical methods of machine learning into this arms race allows us to examine an interesting question: how fast is malware being updated in response to the pressure exerted by security practitioners? The ability of machine learning models to detect malware is now well known; we introduce a novel technique that uses trained models to measure "concept drift" in malware samples over time as old campaigns are retired, new campaigns are introduced, and existing campaigns are modified. Through the use of both simple distance-based metrics and Fisher Information measures, we look at the evolution of the threat landscape over time, with some surprising findings. In parallel with this talk, we will also release the PyTorch-based tools we have developed to address this question, allowing attendees to investigate concept drift within their own data.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/measuring-the-speed-of-the-red-queen-s-race-adaption-and-evasion-" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669826656,original{{/staticFileLink}}" width="750" class="align-full" alt="8669826656?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/miasm-reverse-engineering-framework-black-hat-conference-2018" target="_blank">4) Miasm: Reverse Engineering Framework</a></span></p><p><b>Speakers:</b> <b>Camille Mougey, Fabrice Desclaux</b> <span style="font-weight:400;"> </span></p><p>Miasm is a reverse engineering framework created in 2006 and first published in 2011 (GPL). Since then, it has been continuously improved through a daily use. The framework is made of several parts, including an assembler/disassembler for several architectures (x86, aarch64, arm, etc.), an human readable intermediate language describing their instructions' semantic, or sandboxing capabilities of Windows/Linux environment. On top of these foundations, higher level analysis are provided to address more complex tasks, such as variable backtracking and dynamic symbolic execution. In this talk, we will introduce some of these features. The journey will start with the basics of the framework, go through symbolic emulation and function divination (Sibyl), and end with various components useful for malware analysis.<span style="font-weight:400;"><br /></span> <span class="font-size-4"><br /> <a href="http://www.cisoplatform.com/profiles/blogs/miasm-reverse-engineering-framework-black-hat-conference-2018" target="_blank">>>Go to Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669823872,original{{/staticFileLink}}" width="750" class="align-full" alt="8669823872?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/kernel-mode-threats-and-practical-defenses-black-hat-conference-2" target="_blank">5) Kernel Mode Threats and Practical Defenses</a></span></p><p><b>Speaker: Gabriel Landau, Joe Desimone</b></p><p><span style="font-weight:400;">While attacker techniques have evolved to evade endpoint protections, the current state of the art in kernel malware detection has also advanced to hinder these new kernel mode threats. We will discuss these new defensive techniques to counter kernel mode threats, including real-time detection techniques that leverage hypervisors along with an innovative hardware assisted approach that utilizes performance monitoring units. In addition, we will discuss on-demand techniques that leverage page table entry remapping to hunt for kernel malware at scale.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/kernel-mode-threats-and-practical-defenses-black-hat-conference-2" target="_blank">>>Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669826467,original{{/staticFileLink}}" width="750" class="align-full" alt="8669826467?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/stealth-mango-and-the-prevalence-of-mobile-surveillanceware-black" target="_blank">6) Stealth Mango and the Prevalence of Mobile Surveillanceware</a></span></p><p><b>Speakers: Andrew Blaich, Michael Flossman</b><b><br /></b> <span style="font-weight:400;"><br /></span> <span style="font-weight:400;">In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who primarily release commodity spouse-ware but moonlight by selling their own custom surveillanceware to state actors. One such state actor has been observed deploying Stealth Mango and this presentation will unveil the depth and breadth of their campaigns, detailing not only how we watched them grow and develop, test, QA, and deploy their offensive tooling, but also how operation security mistakes ultimately led to their attribution.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/stealth-mango-and-the-prevalence-of-mobile-surveillanceware-black" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669826484,original{{/staticFileLink}}" width="750" class="align-full" alt="8669826484?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/protecting-the-protector-hardening-machine-learning-defenses-agai" target="_blank">7) Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks</a></span></p><p><b>Speakers: Holly Stewart , Jugal Parikh, Randy Treit</b><b><br /></b> <span style="font-weight:400;"><br /></span> <span style="font-weight:400;">We'll discuss several strategies to make machine learning models more tamper resilient. We'll compare the difficulty of tampering with cloud-based models and client-based models. We'll discuss research that shows how singular models are susceptible to tampering, and some techniques, like stacked ensemble models, can be used to make them more resilient. We also talk about the importance of diversity in base ML models and technical details on how they can be optimized to handle different threat scenarios. Lastly, we'll describe suspected tampering activity we've witnessed using protection telemetry from over half a billion computers, and whether our mitigations worked.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/protecting-the-protector-hardening-machine-learning-defenses-agai" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669825673,original{{/staticFileLink}}" width="750" class="align-full" alt="8669825673?profile=original" /></a></p><p style="text-align:right;"><span class="font-size-1"><span> </span></span></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/iot-malware-comprehensive-survey-analysis-framework-and-case-stud" target="_blank">8) IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies</a><br /></span></p><p><span class="font-size-4">Speaker:</span> <span class="font-size-4">Andrei Costin, Jonas Zaddach</span></p><p><span class="font-size-3">In this talk, We start with mostly manual collection, archival, meta-information extraction and cross-validation of more than 637 unique resources related to IoT malware families. These resources relate to 60 1 IoT malware families, and include 260 resources related to 48 unique vulnerabilities used in the disclosed or detected IoT malware attacks. We then use the extracted information to establish as accurately as possible the timeline of events related to each IoT malware family and relevant vulnerabilities, and to outline important insights and statistics.Finally, to help validate our work as well as to motivate its continuous growth and improvement by the research community, we open-source our datasets and release our IoT malware analysis framework and our IoT malware analysis framework.</span></p><p><span class="font-size-4">>><a href="http://www.cisoplatform.com/profiles/blogs/iot-malware-comprehensive-survey-analysis-framework-and-case-stud" target="_blank">Go To Presentation</a></span></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/top-9-malware-talks-from-black-hat-conference-2018-usa" target="_blank"><img src="{{#staticFileLink}}8669824471,original{{/staticFileLink}}" width="750" class="align-full" alt="8669824471?profile=original" /></a></p><p></p><p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/deeplocker-concealing-targeted-attacks-with-ai-locksmithing-black" target="_blank">9) DeepLocker - Concealing Targeted Attacks with AI Locksmithing</a></span></p><p><b>Speakers: Dhilung Kirat, Jiyong Jang, Marc Ph. Stoecklin</b><b><br /></b> <span style="font-weight:400;"><br /></span> <span style="font-weight:400;">In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.</span></p><p><span class="font-size-4"><a href="http://www.cisoplatform.com/profiles/blogs/deeplocker-concealing-targeted-attacks-with-ai-locksmithing-black" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p><a href="https://event.cisoplatform.com/black-hat-2018-guide/" target="_blank"><img src="{{#staticFileLink}}8669822687,original{{/staticFileLink}}" width="750" class="align-full" alt="8669822687?profile=original" /></a></p><p><a href="https://event.cisoplatform.com/black-hat-2018-guide/" target="_blank" style="font-size:20pt;">Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)</a></p><p><span class="font-size-3">Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.<br /></span></p><p><strong><span class="font-size-3"><a href="https://event.cisoplatform.com/black-hat-2018-guide/" target="_blank" style="font-size:15pt;">>>Click Here To Get Your FREE Guide</a></span></strong></p><p></p></div>