Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Log In

Log In

Create Account  |  Retrieve Password

posted by Fnord666 on Sunday July 16, @12:34AM   Printer-friendly
from the chris-hemsworth-not-invited dept.

How much do you worry about security? For me, it's a risk/value assessment. How much is my stuff worth? How much am I willing to be inconvenienced to protect it? How well do the protections actually work? Periodically, that last one comes up for reassessment. New threats are revealed and suddenly what seemed reasonable behavior undergoes a major reappraisal.

Well, here we go again. The Blackhat USA 2017 conference is coming to the Mandalay Bay in Las Vegas, Nevada on July 22-27. There are 118 briefings scheduled — the result of 225 researcher's work. I've extracted the titles (and provided links) to these briefings and provided them below.

Just reading the titles of these 118 presentations seems overwhelming. On first try, I skimmed through the briefings on about half of them and then my eyes started glazing over. One thing I am sure of, after these presentations are made public, there will be a surge of implementations that will affect our daily activities. On the internet, of course, but also in other areas such as power grid security, home/office automation, and GPS jammers.

On the other hand, there are presentations geared to improving security of devices and applications, as well.

And these are the ones that are being publicized — how many more are known and NOT published? Is there any hope for genuine privacy and security these days? Building a cabin in the woods and eschewing all technology may be one effective, albeit draconian, response. Just go along and hope that any problems are going to include a bunch of other folks and I'll just end up doing what they do to recover from the breach? What about friends and family who are even less technology-savvy? What practical warnings and cautions can one realistically offer to them?

1 Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
2 'Ghost Telephonist' Link Hijack Exploitations in 4G LTE CS Fallback
3 (in)Security in Building Automation: How to Create Dark Buildings with Light Speed
4 A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
5 Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
6 Adventures in Attacking Wind Farm Control Networks
7 All Your SMS & Contacts Belong to ADUPS & Others
8 An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
9 And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
10 Attacking Encrypted USB Keys the Hard(ware) Way
11 Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
12 Automated Testing of Crypto Software Using Differential Fuzzing
13 AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
14 Betraying the BIOS: Where the Guardians of the BIOS are Failing
15 Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
16 Blue Pill for Your Phone
17 Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
18 Bot vs. Bot for Evading Machine Learning Malware Detection
19 Breaking Electronic Door Locks Like You're on CSI: Cyber
20 Breaking the Laws of Robotics: Attacking Industrial Robots
21 Breaking the x86 Instruction Set
22 Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
23 Bug Collisions Meet Government Vulnerability Disclosure
24 Challenges of Cooperation Across Cyberspace
25 Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
26 Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
27 Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
28 Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale
29 Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS
30 Defeating Samsung KNOX with Zero Privilege
31 Delivering Javascript to World+Dog
32 Developing Trust and Gitting Betrayed
33 Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
34 Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
35 Electronegativity - A Study of Electron Security
36 Escalating Insider Threats Using VMware's API
37 Evading Microsoft ATA for Active Directory Domination
38 Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
39 Evilsploit – A Universal Hardware Hacking Toolkit
40 Evolutionary Kernel Fuzzing
41 Exploit Kit Cornucopia
42 Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation
43 Exploiting Network Printers
44 Fad or Future? Getting Past the Bug Bounty Hype
45 Fighting Targeted Malware in the Mobile Ecosystem
46 Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
47 Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
48 FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
49 Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
50 Free-Fall: Hacking Tesla from Wireless to CAN Bus
51 Friday the 13th: JSON Attacks
52 Game of Chromes: Owning the Web with Zombie Chrome Extensions
53 Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data
54 Go Nuclear: Breaking Radiation Monitoring Devices
55 Go to Hunt Then Sleep
56 Hacking Hardware with a $10 SD Card Reader
57 Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More
58 Honey I Shrunk the Attack Surface - Adventures in Android Security Hardening
59 How We Created the First SHA-1 Collision and What it Means for Hash Security
60 Hunting GPS Jammers
61 Ichthyology: Phishing as a Science
62 Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid
63 Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
64 Influencing the Market to Improve Security
65 Intel AMT Stealth Breakthrough
66 Intel SGX Remote Attestation is Not Sufficient
67 Intercepting iCloud Keychain
68 IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
69 kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
70 Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
71 Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
72 Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network
73 New Adventures in Spying 3G and 4G Users: Locate Track & Monitor
74 Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
75 Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
76 OpenCrypto: Unchaining the JavaCard Ecosystem
77 Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software
78 PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond
79 Practical Tips for Defending Web Applications in the Age of DevOps
80 Protecting Pentests: Recommendations for Performing More Secure Tests
81 Protecting Visual Assets: Digital Image Counter-Forensics
82 Quantifying Risk in Consumer Software at Scale - Consumer Reports' Digital Standard
83 RBN Reloaded - Amplifying Signals from the Underground
84 Real Humans Simulated Attacks: Usability Testing with Attack Scenarios
85 Redesigning PKI to Solve Revocation Expiration and Rotation Problems
86 Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
87 rVMI: A New Paradigm for Full System Analysis
88 ShieldFS: The Last Word in Ransomware Resilient File Systems
89 Skype & Type: Keystroke Leakage over VoIP
90 So You Want to Market Your Security Product...
91 Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
92 Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
93 SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers' Lives Much Harder on Mobile Networks
94 Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller
95 Taking Over the World Through MQTT - Aftermath
96 Taking Windows 10 Kernel Exploitation to the Next Level - Leveraging Write-What-Where Vulnerabilities in Creators Update
97 The Active Directory Botnet
98 The Adventures of AV and the Leaky Sandbox
99 The Art of Securing 100 Products
100 The Avalanche Takedown: Landslide for Law Enforcement
101 The Epocholypse 2038: What's in Store for the Next 20 Years
102 The Future of ApplePwn - How to Save Your Money
103 The Industrial Revolution of Lateral Movement
104 The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
105 The Shadow Brokers - Cyber Fear Game-Changers
106 They're Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
107 Tracking Ransomware End to End
108 Web Cache Deception Attack
109 Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
110 What They're Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs
111 What's on the Wireless? Automating RF Signal Identification
112 When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
113 White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data
114 Why Most Cyber Security Training Fails and What We Can Do About it
115 WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
116 Wire Me Through Machine Learning
117 WSUSpendu: How to Hang WSUS Clients
118 Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday July 16, @01:58AM (1 child)

    by Anonymous Coward on Sunday July 16, @01:58AM (#539740)

    Whatever happened to the good old days of The Internet For Good Old Boys when rich-as-fuck suburban WASPs advocated the death penalty for spammers who spammed shitloads of Link Spam?

    • (Score: 0) by Anonymous Coward on Sunday July 16, @05:48AM

      by Anonymous Coward on Sunday July 16, @05:48AM (#539813)

      This belongs here more than at least 95% of the articles we have.

  • (Score: 0) by Anonymous Coward on Sunday July 16, @02:10AM (1 child)

    by Anonymous Coward on Sunday July 16, @02:10AM (#539742)

    shut up.
    take your soma.
    love big brother.

    • (Score: 0) by Anonymous Coward on Sunday July 16, @02:22AM

      by Anonymous Coward on Sunday July 16, @02:22AM (#539749)

      Big brother doesn't approve of my soma.

  • (Score: 3, Interesting) by kaszz on Sunday July 16, @02:19AM

    by kaszz (4211) on Sunday July 16, @02:19AM (#539746) Journal

    Building a cabin in the woods and eschewing all technology may be one effective, albeit draconian, response.

    Making your house or parts of it a RF Faraday cage is not that hard. It probably don't need to be perfect. Then add some firewall, redundant power+comms and have your own house property. That gets you quite far on the path to have some personal space.

    Replacing all binary blob and undocumented hardware is another step.

  • (Score: 1, Informative) by Anonymous Coward on Sunday July 16, @03:24AM (1 child)

    by Anonymous Coward on Sunday July 16, @03:24AM (#539771)

    more info []

  • (Score: 0) by Anonymous Coward on Sunday July 16, @06:08AM

    by Anonymous Coward on Sunday July 16, @06:08AM (#539815)

    17 Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking

    21 Breaking the x86 Instruction Set

    40 Evolutionary Kernel Fuzzing

    118 Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits

  • (Score: 2) by linkdude64 on Sunday July 16, @07:40PM

    by linkdude64 (5482) Subscriber Badge on Sunday July 16, @07:40PM (#539984)

    This took an incredible amount of effort to assemble. Thank you!

  • (Score: 1, Informative) by Anonymous Coward on Sunday July 16, @07:45PM

    by Anonymous Coward on Sunday July 16, @07:45PM (#539987)