Top 7 'Exploit Development' Talks From Black Hat Conference 2018 (USA)

Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)

(Source: Black Hat Conference USA 2018)

1) KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can b...

Speaker: Liang Chen

n this talk, we will introduce the concepts essential to our bugs, which includes: - Indirect DMA features exposed to iOS userland - The implementation of IOMMU memory protection - Notification mechanism between GPU and Apple Graphics driver The next part will cover two bug details: one in DMA handling with host virtual memory, and another out-of-bound write issue caused by potentially untrusted userland read-only memory. Lastly we talk about how we combine two flaws across different Apple Graphics components to achieve reliable kernel code execution from iOS application sandbox.

>>Go To Presentation

2) The Problems and Promise of WebAssembly

Speaker: Natalie Silvanovich

This presentation gives an overview of the features of WebAssembly, as well as examples of vulnerabilities that occur in each feature. It will also discuss the future of WebAssembly, and emerging areas of security concern. Learn to find bugs in one of the newest and fastest growing parts of the browser!

>>Go To Presentation


3) Automated Discovery of Deserialization Gadget Chains

Speaker: Ian Haken

In this talk, we present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion, we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

>>Go To Presentation

4) Exploitation of a Modern Smartphone Baseband

Speaker: Marco Grassi, Muqing Liu, Tianyi Xie

In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. As a case study, we will explain in details our 2017 Mobile Pwn2Own entry, where we gained RCE (Remote Code Execution) with a 0-day on the baseband of a smartphone, which was among the target of the competition. We exploited successfully the phone remotely over the air without any user interaction and won $100,000 for this competition target.

>> Go To Presentation

5) From Thousands of Hours to a Couple of Minutes: Automating Explo...

Speaker: Jimmy Su, Wei Wu, Xinyu Xing

In this talk, we will introduce and release a new exploitation framework to fully automate the exploitation of kernel vulnerabilities. Technically speaking, our framework utilizes a kernel fuzzing technique to diversify the contexts of a kernel panic and then leverages symbolic execution to explore exploitability under different contexts. We demonstrate that this new exploitation framework facilitates exploit crafting from many aspects.

>>Go To Presentation

6) DeepLocker - Concealing Targeted Attacks with AI Locksmithing

Speakers: Dhilung Kirat, Jiyong Jang, Marc Ph. Stoecklin

In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.

>> Go To Presentation


7) Over-the-Air: How we Remotely Compromised the Gateway, BCM, and ...

Speaker: Ling Liu, Sen Nie, Wenkai Zhang , Yuefeng Du

In this presentation, we will explain the inner workings of this technology and showcase the new capability that was developed in the Tesla hacking 2017. Multiple 0-days of different in-vehicle components are included in the new attack chain. We will also present an in-depth analysis of the critical components in the Tesla car, including the Gateway, BCM(Body Control Modules), and the Autopilot ECUs. For instance, we utilized a code-signing bypass vulnerability to compromise the Gateway ECU; we also reversed and then customized the BCM to play the Model X "Holiday Show" Easter Egg for entertainment. Finally, we will talk about a remote attack we carried out to successfully gain an unauthorized user access to the Autopilot ECU on the Tesla car by exploiting one more fascinating vulnerability. To the best of our knowledge, this presentation will be the first to demonstrate hacking into an Autopilot module.

>>Go To Presentation

Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Views: 298

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service