• Facebook
• Twitter
• Reddit
• LinkedIn

Aquí tenéis la list de las presentaciones de Black Hat USA de este año, con enlace a las diapositivas y documentos que se han hecho públicos:

• Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
• Finding Xori: Malware Analysis Triage with Automated Disassembly
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Rousseau-Finding-Xori-Malware-Analysis-Triage-With-Automated-Disassembly.pdf)
• Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Malmquist-Exposing-The-Bait-A-Qualitative-Look-At-The-Impact-Of-Autonomous-Peer-Communication-To-Enhance-Organizational-Phishing-Detection.pdf)
• Software Attacks on Hardware Wallets
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets-wp.pdf)
• Dissecting Non-Malicious Artifacts: One IP at a Time
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Goland-Dissecting-Non-Malicious-Artifacts-One-IP-At-A-Time.pdf)
• Detecting Credential Compromise in AWS
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS-wp.pdf)
• How I Learned to Stop Worrying and Love the SBOM
• Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking-wp.pdf)
• Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race-wp.pdf)
• Holding on for Tonight: Addiction in InfoSec
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Tomasello-Holding-On-For-Tonight-Addiction-In-Infosec.pdf)
• TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf)
• Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Paul-Stress-and-Hacking.pdf)
• From Bot to Robot: How Abilities and Law Change with Physicality
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality-wp.pdf)
• Miasm: Reverse Engineering Framework
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-DesclauxMougey-Miasm-Reverse-Engineering-Framework.pdf)
• New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Groß-New-Trends-In-Browser-Exploitation-Attacking-Client-Side-JIT-Compilers.pdf)
• Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-saxe-Deep-Learning-For-Hackers-Methods-Applications-and-Open-Source-Tools.pdf)
• KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
• Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Little-Blockchain-Autopsies-Analyzing-Ethereum-Smart-Contract-Deaths.pdf)
• A Dive in to Hyper-V Architecture & Vulnerabilities
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Joly-Bialek-A-Dive-in-to-Hyper-V-Architecture-&-Vulnerabilities.pdf)
• No Royal Road … Notes on Dangerous Game
• There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Milburn-There-Will-Be-Glitches-Extracting-And-Analyzing-Automotive-Firmware-Efficiently.pdf)
• Compression Oracle Attacks on VPN Networks
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Nafeez-Compression-Oracle-Attacks-On-Vpn-Networks.pdf)
• CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
• Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers-wp.pdf)
• Remotely Attacking System Firmware
• Reversing a Japanese Wireless SD Card - From Zero to Code Execution
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Valadon-Reversing-a-Japanese-Wireless-SD-Card-From-Zero-to-Code-Execution.pdf)
• Deep Dive into an ICS Firewall, Looking for the Fire Hole
• Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
• Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf)
• From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure.pdf)
• An Attacker Looks at Docker: Approaching Multi-Container Applications
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf)
• The Unbearable Lightness of BMC’s
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC-wp.pdf)
• Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Dameff-Mental-Health-Hacks-Fighting-Burnout-Depression-And-Suicide-In-The-Hacker-Community.pdf)
• WireGuard: Next Generation Secure Network Tunnel
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Network-Tunnel.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Nework-Tunnel-wp.pdf)
• Threat Modeling in 2018: Attacks, Impacts and Other Updates
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Shostack-Threat-Modeling-in-2018.pdf)
• Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology-wp.pdf)
• Don’t @ Me: Hunting Twitter Bots at Scale
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected])
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected])
• A Brief History of Mitigation: The Path to EL1 in iOS 11
  • [] ()
• ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
• Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
• Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf)
• LTE Network Automation Under Threat
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat-wp.pdf)
• Why so Spurious? How a Highly Error-Prone x86/x64 CPU “Feature” can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious-wp.pdf)
• Open Sesame: Picking Locks with Cortana
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Beery-Open-Sesame-Picking-Locks-with-Cortana.pdf)
• Breaking the IIoT: Hacking industrial Control Gateways
• Squeezing a Key through a Carry Bit
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit-wp.pdf)
• I, for One, Welcome Our New Power Analysis Overlords
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards-wp.pdf)
• How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Peterson-How-Can-Communities-Move-Forward-After-Incidents-Of-Sexual-Harassment-Or-Assault.pdf)
• AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Li-AFLs-Blindspot-And-How-To-Resist-AFL-Fuzzing-For-Arbitrary-ELF-Binaries.pdf)
• Is the Mafia Taking Over Cybercrime?
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime-wp.pdf)
• The Air-Gap Jumpers
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf)
• Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure-wp.pdf)
• InfoSec Philosophies for the Corrupt Economy
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Munro-Infosec-Philosophies-For-The-Corrupt-Economy.pdf)
• Back to the Future: A Radical Insecure Design of KVM on ARM
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM-wp.pdf)
• A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P-wp.pdf)
• ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware-wp.pdf)
• Stop that Release, There’s a Vulnerability!
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gadsby-Stop-That-Release,-There's-A-Vulnerability!.pdf)
• Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not-A-Two-Phase-Usability.pdf)
• Fire & Ice: Making and Breaking macOS Firewalls
• The Problems and Promise of WebAssembly
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Silvanovich-The-Problems-and-Promise-of-WebAssembly.pdf)
• Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims-wp.pdf)
• Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Schürmann-Carsten-A-Comparative-Forensic-Analysis-of-WinVote-Voting-Machines.pdf)
• Demystifying PTSD in the Cybersecurity Environment
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Slowik-Demystifying-PTSD-In-The-Cybersecurity-Environment.pdf)
• Real Eyes, Realize, Real Lies: Beating Deception Technologies
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Hart-Real-Eyes-Realize-Real-Lies-Beating-Deception-Technologies.pdf)
• Kernel Mode Threats and Practical Defenses
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Desimone-Kernel-Mode-Threats-and-Practical-Defenses.pdf)
• Snooping on Cellular Gateways and Their Critical Role in ICS
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Shattuck-Snooping-on-Cellular-Gateways-and-Their-Critical-Role-in-ICS.pdf)
• Your Voice is My Passport
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport-wp.pdf)
• Identity Theft: Attacks on SSO Systems
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Ludwig-Identity-Theft-Attacks-On-SSO-Systems.pdf)
• Black Box is Dead. Long Live Black Box!
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Stennikov-Blackbox-is-dead--Long-live-Blackbox!.pdf)
• Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Kobayashi-Reconstruct-The-World-From-Vanished-Shadow-Recovering-Deleted-VSS-Snapshots.pdf)
• The Science of Hiring and Retaining Female Cybersecurity Engineers
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Holtz-The-Science-Of-Hiring-And-Retaining-Female-Cybersecurity-Engineers.pdf)
• The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
• New Norms and Policies in Cyber-Diplomacy
• Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages_Threaten-Patient-Lives.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf)
• AI & ML in Cyber Security - Why Algorithms are Dangerous
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Marty-AI-and-ML-in-Cybersecurity.pdf)
• GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs-wp.pdf)
• Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Geesaman-Detecting-Malicious-Cloud-Account-Behavior-A-Look-At-The-New-Native-Platform-Capabilities.pdf)
• Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Mueller-Dresen-EFAIL-Breaking-SMIME-And-OpenPGP-Email-Encryption-Using-Exfiltration-Channels.pdf)
• Decompiler Internals: Microcode
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode-wp.pdf)
• Stealth Mango and the Prevalence of Mobile Surveillanceware
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Blaich-Stealth-Mango-and-the-Prevalence-of-Mobile-Surveillanceware.pdf)
• A Deep Dive into macOS MDM (and How it can be Compromised)
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised-wp.pdf)
• Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies-wp.pdf)
• Playback: A TLS 1.3 Story
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-GarciaAlguacil-MurilloMoya-Playback-A-TLS-1.3-Story.pdf)
• Outsmarting the Smart City
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Savage-Paredes-Outsmarting-The-Smart-City.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Outsmarting-The-Smart-City-wp.pdf)
• Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
• So I became a Domain Controller
• None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Hui-None-Of-My-Pixel-Is-Your-Business-Active-Watermarking-Cancellation-Against-Video-Streaming-Service.pdf)
• WebAssembly: A New World of Native Exploits on the Browser
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web-wp.pdf)
• Applied Self-Driving Car Security
  • [] ()
• TLBleed: When Protecting Your CPU Caches is Not Enough
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough-w.pdf)
• Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf)
• Another Flip in the Row
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-in-the-Row.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-In-The-Row-wp.pdf)
• Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf)
• Legal Liability for IOT Cybersecurity Vulnerabilities
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Palansky-Legal-Liability-For-IoT-Vulnerabilities.pdf)
• How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
• Exploitation of a Modern Smartphone Baseband
• Last Call for SATCOM Security
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security-wp.pdf)
• Automated Discovery of Deserialization Gadget Chains
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp.pdf)
• Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can–Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can–Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time-wp.pdf)
• From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf)
• SDL That Won’t Break the Bank
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Lipner-SDL-For-The-Rest-Of-Us.pdf)
• Lowering the Bar: Deep Learning for Side Channel Analysis
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis-wp.pdf)
• Mainframe [z/OS] Reverse Engineering and Exploit Development
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development.pdf)
• Hardening Hyper-V through Offensive Security Research
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf)
• Practical Web Cache Poisoning: Redefining ‘Unexploitable’
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable-wp.pdf)
• For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
• SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
• Understanding and Exploiting Implanted Medical Devices
• IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies-wp.pdf)
• The Finest Penetration Testing Framework for Software-Defined Networks
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Lee-The-Finest-Penetration-Testing-Framework-for-Software-Defined-Networks.pdf)
• It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It-wp.pdf)
• Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Stone-Unpacking-The-Packed-Unpacker.pdf)
• Return of Bleichenbacher’s Oracle Threat (ROBOT)
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat-wp.pdf)
• Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars.pdf)
  • [Download White Paper] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars-wp.pdf)
• DeepLocker - Concealing Targeted Attacks with AI Locksmithing
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Kirat-DeepLocker-Concealing-Targeted-Attacks-with-AI-Locksmithing.pdf)
• Meltdown: Basics, Details, Consequences
• Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
  • [Download Presentation Slides] (http://i.blackhat.com/us-18/Thu-August-9/us-18-Ulitzsch-Follow-The-White-Rabbit-Simplifying-Fuzz-Testing-Using-FuzzExMachina.pdf)
• Lessons and Lulz: The 4th Annual Black Hat USA NOC Report

• Facebook
• Twitter
• Reddit
• LinkedIn

Cómo ya nos adelantó Chema en su blog, la editorial 0xWord acaba de publicar un nuevo libro sobre Docker y su uso en entornos SecDevOps.

El libro ha sido escrito por Fran Ramírez (@Cybercaronte), Elías Grande (@3grander) y el que escribe, Rafael Troncoso (@tuxotron).

El libro contiene material tanto para los no iniciados, como para los que ya conocen Docker. Aunque Docker no es la única opción en el ámbito de los contenedores de aplicaciones, es sin duda alguna la más conocida y extendida hasta la fecha.

En éste podemos encontrar desde un poco de historia sobre Docker (¿Cómo no? ;)), hasta una introducción al Proyecto Moby, pasando por una intrducción detallada de la creación de imágenes, el manejo de las mismas, el manejo de contenedores, redes, instroducción a Docker Swarm e indagando en temas de seguridad y buenas prácticas.

Para que os hagáis una idea, aquí podéis ver el índice (se lo robo a Chema):

Nota: en este índice hay un pequeño error y no aparece el último capítulo sobre el Proyecto Moby, pero éste está incluido en el libro.

El libro está además lleno de ejemplos para que no todo quede sólo en teoría, sino que además el lector tenga una guía práctica para ir probando lo que se lee.

Esperamos que el libro guste y más importante, que sea útil.

Happy Dockering! (¡Ya me inventé otra palabra!)

• Facebook
• Twitter
• Reddit
• LinkedIn

Ya están disponibles la mayoría de las presentaciones de Black Hat Asi 2018 celebrada el pasado 20-23 de marzo:

• A Short Course in Cyber Warfare
• National Cyber-Aggression and Private-Sector Internet Infrastructure
• A Deal with the Devil: Breaking Smart Contracts
  • Wong-Hemmel-A-Deal-with-the-Devil-Breaking-Smart-Contracts.pdf
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
  • Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages_update_Thursday.pdf
• AES Wireless Keyboard – Template Attack for Eavesdropping
  • Kim-AES-Wireless-Keyboard-Template-Attack-for-Eavesdropping.pdf
• All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS.pdf
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS-wp.pdf
• Analyzing & Breaking Exploit Mitigations and PRNGs on QNX for Automotive Industrial Medical and other Embedded Systems
  • Wetzels_Abassi_dissecting_qnx__PPT.pdf
  • Wetzels_Abassi_dissecting_qnx__WP.pdf
• Back To The Epilogue: How to Evade Windows’ Control Flow Guard with Less than 16 Bytes
  • Lain-Back-To-The-Epilogue-How-To-Evade-Windows-Control-Flow-Guard-With-Less-Than-16-Bytes.pdf
• Breach Detection At Scale With AWS Honey Tokens
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens.pdf
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens-wp.pdf
• Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis.pdf
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis-wp.pdf
• Breaking the Attack Graph: How to Leverage Graphs to Strengthen Security in a Domain Environment
  • Simakov-Marina-Breaking-The-Attack-Graph.pdf
• Counter-Infiltration: Future-Proof Counter Attacks Against Exploit Kit Infrastructure
  • papa-Future-Proof%20Counter%20Attacks%20Against%20Exploit%20Kit%20Infrastructure.pdf
• Cyber Comrades: Alliance-Building in Cyberspace
  • Geers-Cyber%20Comrades%20Alliance%20Building%20in%20Cyberspace.pdf
• Death Profile
  • Zhu%20and%20Li-Death%20Profile.pdf
  • Zhu%20and%20Li-Death%20Profile-wp.pdf
• Documenting the Undocumented: The Rise and Fall of AMSI
  • Tal-Liberman-Documenting-the-Undocumented-The-Rise-and-Fall-of-AMSI.pdf
• eMMC & UFS: Security Vulnerabilities Rootkits
• Hourglass Model 2.0: Case Study of Southeast Asia Underground Services Abusing Global 2FA
  • [Asia-18-CHUNG-Hourglass 2.0.pdf](https://www.blackhat.com/docs/asia-18/Asia-18-CHUNG-Hourglass 2.0.pdf)
• I Don’t Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep
  • Seunghun-I_Dont_Want_to_Sleep_Tonight_Subverting_Intel_TXT_with_S3_Sleep.pdf
• International Problems: Serialized Fuzzing for ICU Vulnerabilities
  • Deng-International-Problems-Serialized-Fuzzing-for-ICU-Vulnerabilities.pdf
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation.pdf
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation-wp.pdf
• KSMA: Breaking Android Kernel Isolation and Rooting with ARM MMU Features
  • WANG-KSMA-Breaking-Android-kernel-isolation-and-Rooting-with-ARM-MMU-features.pdf
• Locknote: Conclusions and Key Takeaways from Black Hat Asia 2018
• Mac-A-Mal: An Automated Platform for Mac Malware Hunting
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting.pdf
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting-wp.pdf
• Nation-State Moneymule’s Hunting Season – APT Attacks Targeting Financial Institutions
  • Shen-Nation-State%20Moneymule%20hunting%20season_Thursday%20.pdf
• New Compat Vulnerabilities in Linux Device Drivers
  • Ding-New-Compat-Vulnerabilities-In-Linux-Device-Drivers.pdf
• Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs
• return-to-csu: A New Method to Bypass 64-bit Linux ASLR
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR.pdf
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf
• RustZone: Writing Trusted Applications in Rust
• Securing Your In-Ear-Fitness Coach: Challenges in Hardening Next Generation Wearables
• Server Tailgating - A Chosen-PlainText Attack on RDP
  • Karni-Zinar-Blachman-Server-Tailgating-A-Chosen-Plaintext-Attack-on-RDP.pdf
• Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM
  • Seunghun-Shadow-Box_v2_The_Practical_and_Omnipotent_Sandbox_for_ARM.pdf
• Tales from the NOC: Going Public in Asia
• UbootKit: A Worm Attack for the Bootloader of IoT Devices
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices.pdf
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices-wp.pdf
• VSPMiner: Detecting Security Hazards in SEAndroid Vendor Customizations via Large-Scale Supervised Machine Learning
• When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins.pdf
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins-wp.pdf
• XOM-switch: Hiding Your Code from Advanced Code Reuse Attacks In One Shot
  • Zhang-xom-switch-mingwei-v1.2.pptx