Material Black Hat USA 2019

*Black Hat 2019* Ya podemos disfrutar también del material de muchas de las presentaciones de Black Hat USA 2019: Every Security Team is a Software Team Now Detecting Deep Fakes with Mice [Download Presentation Slides] (http://i.blackhat.com/USA-19/Wednesday/us-19-Williams-Detecting-Deep-Fakes-With-Mice.pdf) [Download White Paper] (http://i.blackhat.com/USA-19/Wednesday/us-19-Williams-Detecting-Deep-Fakes-With-Mice-wp.pdf) Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone [Download Presentation Slides] (http://i.blackhat.com/USA-19/Wednesday/us-19-Gong-Bypassing-The-Maginot-Line-Remotely-Exploit-The-Hardware-Decoder-On-Smartphone.pdf) [Download White Paper] (http://i.blackhat.com/USA-19/Wednesday/us-19-Gong-Bypassing-The-Maginot-Line-Remotely-Exploit-The-Hardware-Decoder-On-Smartphone-wp.pdf) A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works [Download Presentation Slides] (http://i.
Leer más

Presentaciones de Black Hat Europe 2016

Ya se encuentran disponibles las presentaciones de otra de las ediciones de Black Hat, la edición europea de 2016 en este caso. (Pen)Testing Vehicles with CANToolz eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf 50 Thousand Needles in 5 Million Haystacks: Understanding Old Malware Tricks to Find New Malware Families eu-16-Valeros-50-Thousand-Needles-In-5-Million-Haystacks-Understanding-Old-Malware-Tricks-To-Find-New-Malware-Families.pdf AI based Antivirus: Can AlphaAV Win the Battle in which Man Has Failed? eu-16-Wang-AI-Based-Antivirus-Can-Alphaav-Win-The-Battle-In-Which-Man-Has-Failed.pdf Another Brick Off the Wall: Deconstructing Web Application Firewalls Using Automata Learning eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning.
Leer más

Vídeos de Black Hat USA 2016

Ya también están disponibles de los vídeos de Black Hat USA 2016, así como el material presentado: Why This Internet Worked How We Could Lose It and the Role Hackers Play A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud Applied Machine Learning for Data Exfil and Other Fun Topics Canspy: A Platform for Auditing Can Devices Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization Over the Edge: Silently Owning Windows 10's Secure Browser How to Make People Click on a Dangerous Link Despite Their Security Awareness Certificate Bypass: Hiding and Executing Malware From a Digitally Signed Executable Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network Drone Attacks on Industrial Wireless: A New Front in Cyber Security Hackproofing Oracle Ebusiness Suite Using Undocumented CPU Behavior to See Into Kernel Mode and Break Kaslr in the Process Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Measuring Adversary Costs to Exploit Commercial Software Removing Roadblocks to Diversity HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows Memory Forensics Using Virtual Machine Introspection for Cloud Computing Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Towards a Holistic Approach in Building Intelligence to Fight Crimeware Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root The Remote Malicious Butler Did It!
Leer más

Material de Black Hat USA 2016

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016: $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.
Leer más

Material de Black Hat Asia 2016

Una de las conferencias sobre seguridad referente a nivel mundial, Black Hat, ya ha publicado el material de la edición Asia 2016. Devaluing Attack: Disincentivizing Threats Against the Next Billion Devices A New CVE-2015-0057 Exploit Technology asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology.pdf asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf Android Commercial Spyware Disease and Medication asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication.pdf asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication-wp.pdf Automated Detection of Firefox Extension-Reuse Vulnerabilities Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces-wp.pdf Break Out of the Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation asia-16-Sun-Break-Out-Of-The-Truman-Show-Active-Detection-And-Escape-Of-Dynamic-Binary-Instrumentation.
Leer más

Vídeos de Black Hat Europe 2015

Después de las diapositivas, ya se han puesto disponible los vídeos de Black Hat Europe 2015: Keynote: What Got Us Here Wont Get Us There Bypassing Self-Encrypting Drives (SED) in Enterprise Environments Breaking Access Controls with Blekey Cybersecurity for Oil and Gas Industries: How Hackers Can Manipulate Oil Stocks Panel: What You Need To Know About The Changing Regulatory Landscape In Information Security Attacking The XNU Kernel In El Capitain Automating Linux Malware Analysis Using Limon Sandbox Even The Lastpass Will Be Stolen, Deal With It!
Leer más

Presentaciones de Black Hat Europe 2015

Ya podemos acceder al material de la edición de este año de Black Hat celebrada en Amsterdam. What Got Us Here Wont Get Us There eu-15-Meer-What-Got-Us-Here-Wont-Get-Us-There.pdf (In-)Security of Backend-As-A-Service eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service-wp.pdf A Peek Under the Blue Coat eu-15-Rigo-A-Peek-Under-The-Blue-Coat.pdf All Your Root Checks Belong to Us: The Sad State of Root Detection AndroBugs Framework: An Android Application Security Vulnerability Scanner eu-15-Lin-Androbugs-Framework-An-Android-Application-Security-Vulnerability-Scanner.pdf Attacking the XNU Kernel in El Capitain eu-15-Todesco-Attacking-The-XNU-Kernal-In-El-Capitain.pdf Authenticator Leakage through Backup Channels on Android eu-15-Bai-Authenticator-Leakage-Through-Backup-Channels-On-Android.
Leer más

Vídeos de Black Hat USA 2015

Y después del material, ya podemos acceder también a los vídeos de las presentaciones de Black Hat USA 2015: ZigBee Exploited The Good, The Bad, And The Ugly WSUSpect Compromising The Windows Enterprise Via Windows Update Writing Bad @$$ Malware For OS X Winning The Online Banking War Why Security Data Science Matters & How It's Different Pitfalls And Promises Of Why Security Data Science Matters & How It's Different Pitfalls And Promises Of When IoT Attacks Hacking A Linux Powered Rifle Web Timing Attacks Made Practical Using Static Binary Analysis To Find Vulnerabilities And Backdoors In Firmware Unicorn Next Generation CPU Emulator Framework Understanding The Attack Surface & Attack Resilience Of Project Spartan's New E Understanding And Managing Entropy Usage TrustKit Code Injection On IOS 8 For The Greater Good ThunderStrike 2 Sith Strike THIS IS DeepERENT Tracking App Behaviors With Nothing Changed Phone These're Not Your Grand Daddy's CPU Performance Counters CPU Hardware Performa The Tactical Application Security Program Getting Stuff Done The NSA Playset A Year Of Toys And Tools The Node js Highway Attacks Are At Full Throttle The Memory Sinkhole Unleashing An X86 Design Flaw Allowing Universal Privilege The Little Pump Gauge That Could Attacks Against Gas Pump Monitoring Systems The Lifecycle Of A Revolution The Kali Linux Dojo Workshop #2 Kali USB Setups With Persistent Stores & LUKS N The Kali Linux Dojo Workshop #1 Rolling Your Own Generating Custom Kali Linux 2 The Battle For Free Speech On The Internet The Applications Of Deep Learning On Traffic Identification Taxonomic Modeling Of Security Threats In Software Defined Networking Targeted Takedowns Minimizing Collateral Damage Using Passive DNS Taking Event Correlation With You Take A Hacker To Work Day How Federal Prosecutors Use The CFAA Switches Get Stitches Subverting Satellite Receivers For Botnet And Profit Stranger Danger!
Leer más

Material de Black Hat USA 2015

Ya tenemos disponible la mayoría de las presentaciones de la Black Hat USA 2015. La lista es la siguiente: The Lifecycle of a Revolution us-15-Granick-The-Lifecycle-Of-A-Revolution.pdf Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection.pdf us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection-wp.pdf Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-WMIBackdoor.ps1 Abusing XSLT for Practical Attacks us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks.pdf us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks-wp.pdf Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.
Leer más

Presentaciones de la Black Hat 2011

Ya disponemos de las presentaciones que se dieron en la Black Hat 2011. Os dejo el listado de las charlas a las que han subido la documentación: How a Hacker Has Helped Influence the Government - and Vice Versa Video Faces Of Facebook-Or, How The Largest Real ID Database In The World Came To Be White Paper Slides Video Security When Nano-seconds Count White Paper Slides Automated Detection of HPP Vulnerabilities in Web Applications White Paper Slides Exploiting Siemens Simatic S7 PLCs White Paper Slides Femtocells: A poisonous needle in the operator's hay stack White Paper Post Memory Corruption Memory Analysis White Paper Beyond files undeleting: OWADE White Paper Slides Physical Memory Forensics for Cache White Paper Slides Lives On The Line: Defending Crisis Maps in Libya, Sudan, and Pakistan White Paper Slides Legal Aspects of Cybersecurity–(AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my (alleged) answers White Paper Slides Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption White Paper Slides Mobile Malware Madness, and How To Cap the Mad Hatters White Paper Slides USB: Undermining Security Barriers White Paper Slides Bit-squatting: DNS Hijacking without exploitation White Paper Slides Virtualization Under Attack: Breaking out of KVM White Paper Slides Exploiting the iOS Kernel White Paper Slides Spy-Sense: Spyware Tool for Executing Stealthy Exploits Against Sensor Networks White Paper Slides The Law of Mobile Privacy and Security Slides Smartfuzzing The Web: Carpe Vestra Foramina White Paper Slides Hacking Google Chrome OS White Paper Slides Don't Drop the SOAP: Real World Web Service Testing for Web Hackers White Paper Slides Archivo1 Archivo2 Chip & PIN is definitely broken White Paper Slides ARM exploitation ROPmap Slides Windows Hooks of Death: Kernel Attacks Through User-Mode Callbacks White Paper Slides SSL And The Future Of Authenticity Video Hacking .
Leer más