XPost: comp.misc

From the «crushing smartcards for the win» department:
Title: Some PDFs from Blackhat 2015
Author: Anonymous Coward
Date: Tue, 11 Aug 2015 02:08:50 -0400
Link: http://pipedot.org/story/2015-08-11/some-pdfs-from-blackhat-2015

The Black Hat Conference of 2015 just concluded in Las Vegas, and they've got a lot to show for it. If you're not familiar with Black Hat, they are:

the most technical and relevant global information security event series in
the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to
bring together the best minds in the industry. Black Hat inspires
professionals at all career levels, encouraging growth and collaboration
among academia, world-class researchers, and leaders in the public and
private sectors.

From its inception in 1997, Black Hat has grown from a single annual
conference in Las Vegas to the most respected information security event
series internationally. Today, the Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.

Here are links for PDFs provided as part of the 2015 event (don't read them in Firefox's built-in PDF reader; it's got a vulnerability):

How to build an asychronous and fileless back door[1],

Reverse Engineering a Smart Card[2],

Automated Human Vulnerability Scanning with AVA[3],

Big Game Hunting: Nation-state malware research[4],

https://www.blackhat.com/docs/us-15/materials/us-15-Davis-Deep-Learning-On-Disassembly.pdf[5]

Toward Automated Scalable Analysis of Graphical Images Embedded in Malware[6],

Hidden risks of biometric identifiers and how to avoid them[7],

Internet Facing PLCs: a new back orifice[8],

Internet-scale file analysis[9],

The ELK: Obtaining context from security events[10],

Conti Pen testing a city[11],

Modern Active Directory attacks: detection and protection[12],

Remote physical damage 101 Bread and Butter attacks[13],

Sharing more than just your files[14],

The memory sinkhole: unleashing an X86 design flaw allowing univeral privilege escalation[15],

The NSA Playset: a year of toys and tools[16],

Understanding and managing entropy usage[17],

Using static binary analysis to find vulnerabilities and backdoors in firmware[18]
, and

Web timing attacks made practical[19].

Editor's note: For what it's worth, the Black Hat Review Board[20] oversees the entire organization and is supposed to be a selection of the industry's best and brightest. I don't recognize any names, which probably says more about your editor than about the Board. What is |.'s opinion of Black Hat and its annual conferences?

Links:
[1]: https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor.pdf (link)
[2]: https://www.blackhat.com/docs/us-15/materials/us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf (link)
[3]: https://www.blackhat.com/docs/us-15/materials/us-15-Bell-Automated-Human-Vulnerability-Scanning-With-AVA.pdf (link)
[4]: https://www.blackhat.com/docs/us-15/materials/us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf (link)
[5]: https://www.blackhat.com/docs/us-15/materials/us-15-Davis-Deep-Learning-On-Disassembly.pdf (link)
[6]: https://www.blackhat.com/docs/us-15/materials/us-15-Long-Graphic-Content-Ahead-Towards-Automated-Scalable-Analysis-Of-Graphical-Images-Embedded-In-Malware.pdf (link)
[7]: https://www.blackhat.com/docs/us-15/materials/us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them.pdf (link)
[8]: https://www.blackhat.com/docs/us-15/materials/us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice.pdf (link)
[9]: https://www.blackhat.com/docs/us-15/materials/us-15-Hanif-Internet-Scale-File-Analysis.pdf (link)
[10]: https://www.blackhat.com/docs/us-15/materials/us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events.pdf (link)
[11]: https://www.blackhat.com/docs/us-15/materials/us-15-Conti-Pen-Testing-A-City.pdf (link)
[12]: https://www.blackhat.com/docs/us-15/materials/us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf (link)
[13]: https://www.blackhat.com/docs/us-15/materials/us-15-Larsen-Remote-Physical-Damage-101-Bread-And-Butter-Attacks.pdf (link)
[14]: https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf (link)
[15]: https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf (link)
[16]: https://www.blackhat.com/docs/us-15/materials/us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf (link)
[17]: https://www.blackhat.com/docs/us-15/materials/us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf (link)
[18]: https://www.blackhat.com/docs/us-15/materials/us-15-Kruegel-Using-Static-Binary-Analysis-To-Find-Vulnerabilities-And-Backdoors-In-Firmware.pdf (link)
[19]: https://www.blackhat.com/docs/us-15/materials/us-15-Morgan-Web-Timing-Attacks-Made-Practical.pdf (link)
[20]: https://www.blackhat.com/review-board.html (link)


--
Posting to comp.misc, sci.misc, and misc.news.internet.discuss

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)