Top reports Black Hat USA 2016 Black Hat USA 2016 is a conference that brings together the best minds in the field of security (hackers and tsrushnikov) to determine what future we will live. What was in Vegas, then remains in Vegas. But still we got 120 video reports.
I was a little excited and chose a personal list of the top 18 most interesting reports, which may be worth translating into Russian and publish on Habré.
')
Social engineering, DDoS, linguistic features of telephone scams, insurance in the field of information security, Dragons & Dungeons for cybersecurity, attacks on third-party channels, a lot of (black) humor, drones.
Offer your options, which report is the most interesting, maybe I missed something.
List from DARKreading
10 Hottest Talks at Black Hat USA 2016
Advanced CAN Injection Techniques for Vehicle Networks Breaking FIDO: Are Exploits In There? Design Approaches for Security Automation Beyond Socks: Advanced Cross-Site Search Attacks Windows 10 Mitigation Improvements The Linux Kernel Hidden Inside Windows 10 1000 Ways to Die in Mobile OAuth GATTacking Bluetooth Smart Devices — Introducing a New BLE Proxy Tool Into The Core — An In-Depth Exploration Of Windows 10 IoT Core A Lightbulb Worm?
Dangerous Link Despite Their Security Awareness
slides
Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud
PDF slides
Drone Attacks on Industrial Wireless: A New Front in Cyber Security
slides
Using Undocumented CPU for Kaslr in the Process
slides
Secure Penetration Testing Operations: Demonstrated Websites in Learning Material and Tools
slides
1000 Ways to Die in Mobile Oauth
slides
Security and Security Guidelines
slides
Investigating DDOS - Architecture Actors and Attribution
Language Properties Of Phone Scammers: Cyberdefense At The Level Of The Human
slides
The Tao of Hardware
slides
Spear Phishing Weaponizing Data for Social Engineering Spear Phishing on Twitter
slides
Cyber War in Perspective: Analysis From the Crisis in Ukraine
slides
Security Through Design - Making Security
slides
Side-Channel Attacks on Everyday Applications
slides
Dungeons Dragons and Security
slides
VoIP Wars: the Phreakers Awaken
slides
Defensible Cyberspace Defense At Hyperscale: Technologies & Policies
slides
Brute-Forcing Lockdown Harddrive Pin Codes
slides
List of all reports
Playlist here:
Black Hat USA 2016 PlayList
How It Could Lose It And The Role Hackers Play A Journey From JNDI / LDAP Manipulation to Remote Code Execution Dream Land The Art of Defense - How To Vulnerabilities Help for Android Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud Applied Machine Learning for Data Exfil and Other Fun Topics Canspy: A Platform for Auditing Can Devices Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization Over the Edge: Silently Owning Windows 10's Secure Browser Dangerous Link Despite Their Security Awareness Certificate Bypass: Hiding and Executing Malware From a Digitally Signed Executable Beat the Curtain Drone Attacks on Industrial Wireless: A New Front in Cyber Security Hackproofing Oracle Ebusiness Suite Using Undocumented CPU for Kaslr in the Process Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Measuring Adversary Costs to Exploit Commercial Software Removing Roadblocks to Diversity HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows Memory Forensics Using Virtual Machine Introspection for Cloud Computing Secure Penetration Testing Operations: Demonstrated Websites in Learning Material and Tools Nonce-Disrespecting Adversaries: Practical Forces Attacks on GCM in TLS Towards a Holistic Approach in Crime Intelligence Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root The Remote Malicious Butler Did It! Xenpwn: Breaking Paravirtualized Devices Pwnie An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits Understanding HL7 2.X Standards, Pen Testing, and Defending HL7 2.X Messages 1000 Ways to Die in Mobile Oauth A Retrospective on the Use of Export Cryptography Windows 10 Segment Heap Internals Abusing Bleeding Edge Web Standards for Appsec Glory AMSI: How It Does It Analysis of the Attack Surface of Windows 10 Virtualization-Based Security Augmenting Static Analysis Using Pintool: Ablation Security and Security Guidelines Cunning With Cng: Soliciting Secrets From Schannel Beyond the Mcse: Active Directory for the Security Professional Does Usb Driving in Parking Lots and Other Places Really Work? Demystifying the Secure Enclave Processor I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache Breaking Payment Points of Interaction (POI) Into the Core: In-Depth Exploration of Windows 10 IoT Core Hacking Next-Gen Atms: From Capture to Cashout Can You Trust Me Now? An Exploration Into the Mobile Threat Landscape Investigating DDOS - Architecture Actors and Attribution Intra-Process Memory Protection for ARM and X86: Leveraging the ELF ABI Capturing 0Day Exploits With Perfectly Placed Hardware Traps Next-Generation Of Exploit Kit Detection By Building Simulated Obfuscators HTTP / 2 & Quic - Teaching Bad Things Pwning Your Java Messaging With Deserialization Vulnerabilities Language Properties Of Phone Scammers: Cyberdefense At The Level Of The Human Recover a RSA Private Key From a TLS Session With Perfect Forward Secrecy The Linux Kernel Hidden Inside Windows 10 O-Checker: Detection of Malicious Documents The Tao of Hardware Will Kill the Password Hell on Earth: From Browser to System Compromise Discovering and Exploiting Novel Security Vulnerabilities in Apple Zeroconf Badwpad Breaking Kernel Address Space Layout Randomization (Kaslr) With Intel TSX Airbnbeware: Short Term Rentals Long Term Pwnage Account Jumping Post Infection Persistency & Lateral Movement in AWS Captain Hook: Pirating Avs to Bypass Exploit Mitigations Hardening AWS Environments and Automating Incident Response for AWS Compromises Crippling HTTPs With Unholy PAC Horse Pill: A New Type of Linux Rootkit Design Approaches for Security Automation Greatfet: Making Goodfet Great Again SGX Secure Enclaves in Practice: Security and Crypto Review Using EMET to Disable EMET Spear Phishing Weaponizing Data for Social Engineering Spear Phishing on Twitter Viral Video - Exploiting Ssrf in Video Converters AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion Windows 10 Mitigation Improvements Brute-Forcing Lockdown Harddrive Pin Codes Building a Product Security Incident Response Team: Learnings From the Hivemind Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions Cyber War in Perspective: Analysis From the Crisis in Ukraine Breaking Fido: Are Exploits in There? Security Through Design - Making Security Iran's Soft-War for Internet Dominance Side-Channel Attacks on Everyday Applications The Risk Of G3 And The Interfere Attack Unleash the Infection Monkey: A Modern Alternative to Pen-Tests OSS Security Maturity: Time to Put on Your Big Boy Pants! Watching Commodity Malware Get Sold to a Targeted Actor PanGu 9 Internals A Lightbulb Worm? BadTunnel: How Do I Get Big Brother Power? PLC-Blaster: A Worm Living Solely in the PLC A Risk-Based Approach for Defining User Privileges Dungeons Dragons and Security The year in flash Dark Side of the DNS Force VoIP Wars: the Phreakers Awaken Keystone Engine: Next Generation Assembler Framework Pindemonium: A DBI-Based Generic Unpacker for Windows Executable Web Application Firewalls: Analysis of Detection Logic Defensible Cyberspace Defense At Hyperscale: Technologies & Policies Crumbling the Fcc Protects Your Internet Traffic Advanced Can Injection Techniques for Vehicle Networks What's the DFIRence for ICS? Samsung Pay: Tokenized Numbers Flaws and Issues Breaking Hardware-Enforced Security With Hypervisors Behind the Scenes of iOS Security HTTP Cookie Hijacking in the Wild: Security and Privacy Implications Ouroboros: Tearing Xen Hypervisor With the Snake Dptrace: Dual Purpose Trace for Exploitability Analysis of Crashes Program TCP Injection Attacks in the Wild - a Large Scale Study The Art of Reverse Engineering Flash Exploits Beyond Socks: Advanced Cross-Site Search Attacks Using An Expanded Cyber Kill Government Sponsored Malware Attacks Against Activists Lawyers and Journalists An Ai Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network Trademark for Key-Directory Encryption Systems Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking? Building Trust & Enabling Innovation for Voice Enabled IoT The Beast Within - Evading Dynamic Malware Analysis Using Microsoft.com Handling Technical Assistance Demands From Law Enforcement
Articles "based on" speeches in Russian
You found a USB flash drive. Should I use it?
Does Usb Driving in Parking Lots and Other Places Really Work?
slides
Researcher found gaps in the Samsung Pay payment system, but Samsung denies everything
Samsung Pay: Tokenized Numbers, Flaws and Issues
slides
Publication support is the Edison company, which develops an application for the design of prefabricated houses , as well as writes software for dispatching heavy trucks on a coal mine . Source: https://habr.com/ru/post/312752/
All Articles