Black Hat USA 2024
The world's leading information security conference featuring enterprise, APT, and vulnerability research briefings.
→ See editor’s top picks at Black Hat USA 2024
- Practical LLM Security: Takeaways From a Year in the Trenches — Unknown
This talk, "Practical LLM Security: Takeaways From a Year in the Trenches," delves into the pragmatic challenges and lessons learned from securing Large Language Model (LLM) integrations over the…
- Living off Microsoft Copilot — Unknown
The rapid integration of sophisticated AI models into enterprise environments, particularly through tools like Microsoft Copilot, introduces a new frontier of security challenges that often outpace…
- Keynote: Fireside Chat with Moxie Marlinspike — Unknown
This Black Hat USA keynote, framed as a "Fireside Chat" with legendary privacy advocate and Signal founder Moxie Marlinspike, began with a compelling and thought-provoking "pitch" delivered by…
- Locknote: Conclusions & Key Takeaways from Black Hat USA 2024 — Unknown
This article delves into the "Locknote" session from Black Hat USA 2024, a unique panel discussion featuring members of the conference's review board. These individuals, responsible for curating the…
- Project Zero: Ten Years of 'Make 0-Day Hard' — Unknown
This talk commemorates the 10th anniversary of Google's Project Zero, a dedicated security research team established with the singular mission to "make 0-day hard." Presented by a Project Zero team…
- Main Stage: Let Me Tell You a Story: Technology and the 4 Vs — Unknown
This Black Hat USA talk, "Let Me Tell You a Story: Technology and the 4 Vs," delivered by an unnamed speaker, presents a compelling and critical examination of the prevailing narrative within the…
- A Framework for Evaluating National Cybersecurity Strategies — Unknown
In an era where the cyber threat landscape is constantly evolving, driven by advancements like Artificial Intelligence, the efficacy of national cybersecurity strategies has become paramount. This…
- ACE Up the Sleeve: Hacking Into Apple's New USB-C Controller — Unknown
This talk, "ACE Up the Sleeve," presented by Thomas Roth (aka StaxMushing), delves into the intricate world of Apple's proprietary USB-C controller, codenamed "Ace." The presentation unveils a…
- Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution — Unknown
This talk, "Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution," delves into the evolving landscape of browser security, with a particular focus on vulnerabilities within…
- All Your Secrets Belong to Us: Leveraging Firmware Bugs to Break TEEs — Unknown
In "All Your Secrets Belong to Us: Leveraging Firmware Bugs to Break TEEs," Tom Dorman delves into the critical security vulnerabilities residing within **Trusted Execution Environments (TEEs)**…
- Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V — Unknown
This talk, presented by Fabian Thomas and Lauren Satterish, PhD students from the CISPA Helmholtz Center for Information Security, unveils a critical hardware vulnerability dubbed **GhostWrite**…
- Are Your Backups Still Immutable, Even Though You Can't Access Them? — Unknown
In an era where ransomware attacks are not just encrypting data but actively seeking to cripple recovery efforts, the integrity and accessibility of backup systems have become paramount. This talk…
- Attention Is All You Need for Semantics Detection: A Novel Transformer on Neural-Symbolic Approach — Unknown
In an era defined by the escalating sophistication of cyber threats, the prevalence of highly obfuscated and packed malware presents a formidable challenge for blue teams worldwide. This talk…
- Becoming Cybersecurity Bilingual: Effective Communication for Hackers — Unknown
This talk addresses a critical, often overlooked challenge in cybersecurity: the communication gap between highly technical security professionals and non-technical business leaders. The speaker…
- Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels — Unknown
In "Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels," Vagelis, CTO and co-founder of Atropos, delivers a raw and candid exploration into the challenging world of actively probing…
- Breaching AWS Accounts Through Shadow Resources — Unknown
This Black Hat USA talk, "Breaching AWS Accounts Through Shadow Resources," presented by Yakir Kadkoda, Michael Katchinskiy, and Ofek Itach from Aqua Security Team Nautilus, delves into a critical…
- Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities — Unknown
In a critical presentation at Black Hat USA, a researcher known as Chiwan, or Aki, unveiled groundbreaking work on the automated discovery of **protocol-level evasion vulnerabilities** in **Web…
- Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor — Unknown
This talk, "Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor," delivered by Zisis from Census at Black Hat USA, chronicles the speaker's initial foray into VMware exploitation…
- Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack — Unknown
ARM's Memory Tagging Extension (MTE) has been hailed as a transformative hardware-based defense against memory corruption attacks, promising to revolutionize software security with its speed and…
- Bytecode Jiu-Jitsu: Choking Interpreters to Force Execution of Malicious Bytecode — Unknown
This talk introduces a groundbreaking new code injection attack dubbed **Bytecode Jiu-Jitsu**. Presented by Toshinori and Yuto Otsuki, research scientists from NTT Security Holdings, this technique…
- Compromising Confidential Compute, One Bug at a Time — Unknown
This talk, presented by Max from Microsoft's Offensive Research and Security Engineering team, delves into a comprehensive security review of **Intel TDX** (Trust Domain Extensions), an emerging…
- Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! — Unknown
This talk, presented by Orange, Principal Security Researcher at DEVCORE, delves into a pervasive class of vulnerabilities termed **confusion attacks** within the Apache HTTP Server ecosystem. The…
- Cracking the 5G Fortress: Peering Into 5G's Vulnerability Abyss — Unknown
This talk, "Cracking the 5G Fortress: Peering Into 5G's Vulnerability Abyss," delivered by Kai and Yilu from Penn State University's SynSec Lab, addresses the critical security posture of **5G…
- Crashing the Party: Vulnerabilities in RPKI Validation — Unknown
This talk, titled "Crashing the Party: Vulnerabilities in RPKI Validation," delves into the critical but often overlooked security posture of the Resource Public Key Infrastructure (RPKI) protocol…
- Cyber Claims Outlook 2024: Trends, Threats, and Tomorrow's Challenges — Unknown
In this insightful Black Hat USA presentation, Katherine Lyle, Head of Cyber Incident Response and Claims at Tokio Marine HCC for CPLG, delivers a comprehensive "Cyber Claims Outlook 2024." Lyle…
- Deep Backdoors in Deep Reinforcement Learning Agents — Unknown
This talk delves into the emerging and critical threat of backdoors in **Deep Reinforcement Learning (DRL) agents**, a domain rapidly expanding beyond games into real-world, high-stakes…
- Driving Forces Behind Industry 4.0 and Digital Transformation for Critical Infrastructure — Unknown
Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, delivered a compelling talk at Black Hat USA, dissecting the profound digital transformation currently reshaping the energy delivery…
- AI Safety and You: Perspectives on Evolving Risks and Impacts — Unknown
This Black Hat USA session, "AI Safety and You: Perspectives on Evolving Risks and Impacts," delves into the critical and often misunderstood domain of **AI safety** from the perspective of…
- Foreign Information Manipulation and Interference (Disinformation 2.0) — Unknown
This talk delves into the evolving landscape of information warfare, specifically focusing on **Foreign Information Manipulation and Interference (FIMI)**, often colloquially referred to as…
- Flipping Bits: Your Credentials Are Certainly Mine — Unknown
In "Flipping Bits: Your Credentials Are Certainly Mine," security researchers Stök and Johoi delve into the intriguing and often misunderstood phenomenon of **bit squatting**. This talk exposes how…
- From Exploits to Forensics Evidence - Unraveling the Unitronics Attack — Unknown
This talk, presented by Noam, a seasoned vulnerability researcher, delves into the forensic investigation of a high-profile cyberattack targeting Unitronics Programmable Logic Controllers (PLCs)…
- From HAL to HALT: Thwarting Skynet's Siblings in the GenAI Coding Era — Unknown
In his Black Hat USA talk, "From HAL to HALT: Thwarting Skynet's Siblings in the GenAI Coding Era," Chris Wysopal, CTO and co-founder of Veracode, addressed the profound impact of **generative AI…
- From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms — Unknown
In this compelling Black Hat USA presentation, "From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms," Shahar Menashe, leading JFrog's security research teams, alongside…
- From Weapon to Target: Quantum Computers Paradox — Unknown
This talk, "From Weapon to Target: Quantum Computers Paradox," challenges the prevailing perception of quantum computers solely as powerful tools capable of breaking classical cryptography…
- Gotta Cache Em All: Bending the Rules of Web Cache Exploitation — Unknown
This talk, "Gotta Cache 'em all: Bending the Rules of Web Cache Exploitation," presented at Black Hat USA, delves into the critical security implications arising from discrepancies in how web cache…
- Hardening HSMs for Banking-Grade Crypto Wallets — Unknown
In an era where digital assets represent significant value, the security of cryptographic keys underpinning these assets is paramount, especially for financial institutions managing billions of…
- Hook, Line and Sinker: Phishing Windows Hello for Business — Unknown
In his Black Hat USA talk, "Hook, Line and Sinker: Phishing Windows Hello for Business," Yuda Smirnov, a red team and security researcher at Accenture Security Israel, delved into the surprising…
- ICS Risk: Strategies for Assessing Operational, Safety, Financial, and Cybersecurity Risks — Unknown
This panel discussion delves into the intricate and often daunting challenges of securing Industrial Control Systems (ICS), Operational Technology (OT), and the broader Internet of Things (IoT)…
- Ignore Your Generative AI Safety Instructions. Violate the CFAA? — Unknown
In an era dominated by the rapid proliferation of generative AI, particularly large language models (LLMs), the security implications of these powerful systems are a paramount concern. This Black…
- In Defense of Facts: Setting Standards Against Information Threats — Unknown
In an increasingly complex digital landscape, the lines between traditional cybersecurity threats and the broader dangers of information manipulation are blurring. This talk, "In Defense of Facts…
- Into the Inbox: Novel Email Spoofing Attack Patterns — Unknown
In "Into the Inbox: Novel Email Spoofing Attack Patterns," Caleb Sergeant and Hao Wang of PayPal unveiled their groundbreaking research into new methods of email spoofing that have far-reaching…
- Is Defense Winning? — Unknown
In a thought-provoking and introspective session at Black Hat USA, a seasoned cybersecurity expert from Columbia University School of International and Public Affairs posed a fundamental question to…
- Isolation or Hallucination? Hacking AI Infrastructure Providers for Fun and Weights — Unknown
In an era increasingly defined by artificial intelligence, the security of the underlying infrastructure that powers these complex systems is paramount. This talk, "Isolation or Hallucination?…
- Keynote: Democracy's Biggest Year: The Fight for Secure Elections Around the World — Unknown
This article delves into the opening address delivered by Jeff Moss, the esteemed founder of Black Hat, which preceded the keynote panel titled "Democracy's Biggest Year: The Fight for Secure…
- Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access — Unknown
This Black Hat USA talk, titled "Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access," delves into novel and sophisticated methods for gaining initial…
- Laser Beams & Light Streams: Building Affordable Light-Based Hardware Security Tooling — Unknown
This talk, titled "Laser Beams & Light Streams: Building Affordable Light-Based Hardware Security Tooling," introduces Project Lorem, an ambitious initiative aimed at democratizing hardware security…
- Let the Cache Cache and Let the WebAssembly Assemble: Knockin' on Chrome's Shell — Unknown
This talk, presented at Black Hat USA, details a sophisticated exploit chain that successfully compromised Google Chrome and Microsoft Edge during the Pwn2Own Vancouver 2024 competition. Delivered…
- Listen to the Whispers: Web Timing Attacks that Actually Work — Unknown
In "Listen to the Whispers: Web Timing Attacks that Actually Work," the speaker delves into the often-misunderstood realm of **web timing attacks**, an attack class notorious for its theoretical…
- Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap — Unknown
This talk, presented by Robert Herrera and Alex Pasket of NCC Group, delves into critical security vulnerabilities discovered in Sonos smart speakers. The primary focus is on a sophisticated…
- Living off Microsoft Copilot — Unknown
In his Black Hat USA talk, "Living off Microsoft Copilot," Michael Bargury, CTO and Co-founder of Zenity, presented a critical examination of the burgeoning security landscape surrounding enterprise…
- Main Stage: From the Office of the CISO: Smarter, Faster, Stronger Security in the Age of AI — Unknown
This Black Hat USA keynote, delivered by Ann from Microsoft's Office of the CISO and Sherod from the Microsoft Threat Intelligence Center (MSTIC), offered a candid and deeply insightful look into…
- Main Stage: Solving the Cyber Hard Problems: A View into Problem Solving from the White House — Unknown
This Black Hat USA main stage talk featured Director Harry Coker of the White House’s Office of the National Cyber Director (ONCD) in a candid discussion about the United States’ **National Cyber…
- Main Stage: Understanding and Reducing Supply Chain and Software Vulnerability Risks — Unknown
This talk delves into the multifaceted challenges of **supply chain and software vulnerability risks**, urging a shift from conventional, often superficial, security assessments to a more proactive…
- Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth — Unknown
In an increasingly electrified world, Electric Vehicle (EV) charging infrastructure is rapidly expanding, bringing with it a new frontier for cybersecurity research. This talk, "Low Energy to High…
- Locked Down but Not Out: Fighting the Hidden War in Your Bootloader — Unknown
In this insightful Black Hat USA presentation, Bill Demirkapa, Emerging Threats Lead at the Microsoft Security Response Center, shed light on the critical state of Secure Boot security. The talk…
- Moral Hazards and Ethical Considerations in Cyber-Insurance — Unknown
This Black Hat USA panel delves into the often-debated intersection of cybersecurity and insurance, specifically addressing the **moral hazards** and ethical considerations that arise within the…
- Modern Anti-Abuse Mechanisms in Competitive Video Games — Unknown
This Black Hat USA talk delves into the multifaceted challenge of combating both cheating and abusive behavior within competitive video games. The speaker, whose identity was not explicitly stated…
- Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies — Unknown
- MaLDAPtive: Diving Deep Into LDAP Obfuscation, Deobfuscation & Detection — Unknown
This talk, "MaLDAPtive," delivered by Daniel Bohen (Divo) and Sabata (Sabi), delves into the often-overlooked realm of LDAP search request obfuscation, deobfuscation, and detection within Active…
- Microarchitecture Vulnerabilities: Past, Present, and Future — Unknown
In this insightful talk at Black Hat USA, renowned security researchers Daniel Gruss and Anders Fogh take the audience on a journey through the evolution of microarchitecture vulnerabilities…
- Navigating the Complex Challenges of Setting Up Efficient and Robust OT SOC Capabilities — Unknown
Piotr Ciepiela's Black Hat USA presentation, "Navigating the Complex Challenges of Setting Up Efficient and Robust OT SOC Capabilities," delves into the unique and often underestimated difficulties…
- Nope, S7ill Not Secure: Stealing Private Keys From S7 PLCs — Unknown
This talk, presented by Alon Dankner and Nadav Adir from the Technion, delves into the continued security vulnerabilities of Siemens S7 Programmable Logic Controllers (PLCs), specifically the S7…
- One Hack to Rule Them All: Pervasive Account Takeovers in Integration Platforms — Unknown
This talk, presented by K from the Chinese University of Hong Kong and Samsung Research America, unveils a critical new class of authorization attacks that lead to pervasive account takeovers across…
- Ops! It is JTAG's Fault: Journey to Unlocking Automotive Grade IC — Unknown
This talk delves into the critical security challenges surrounding **JTAG** (Joint Test Action Group) interfaces in automotive-grade microcontrollers (MCUs), specifically focusing on the…
- Overcoming State: Finding Baseband Vulnerabilities by Fuzzing Layer-2 — Unknown
In this insightful talk at Black Hat USA, Marius and Dion unveiled their pioneering research into uncovering vulnerabilities within the cellular basebands of modern smartphones. Titled "Overcoming…
- OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints — Unknown
This talk unveils a critical kernel vulnerability discovered across multiple popular Virtual Private Network (VPN) clients, including ExpressVPN, Proton VPN, and those leveraging the widely adopted…
- PageJack: A Powerful Exploit Technique With Page-Level UAF — Unknown
This talk introduces PageJack, a sophisticated exploit technique designed to achieve privilege escalation within operating system kernels, particularly focusing on Linux and Android. Presented by…
- Predict, Prioritize, Patch: How Microsoft Harnesses LLMs for Security Response — Unknown
In this Black Hat USA 2024 talk, Bill Demirkapi, who leads Emerging Threats at the Microsoft Security Response Center (MSRC), presented an insightful exploration into how large language models…
- Project 0xA11C: Deoxidizing the Rust Malware Ecosystem — Unknown
The proliferation of malware written in modern, memory-safe languages like Rust presents an escalating challenge for reverse engineers and cybersecurity defenders. This talk, "Project 0xA11C…
- PyLingual: A Python Decompilation Framework for Evolving Python Versions — Unknown
In the rapidly evolving landscape of cybersecurity, the ability to analyze and understand malicious software is paramount. Josh Wimer's Black Hat USA talk, "PyLingual: A Python Decompilation…
- Quantum Security: Myths, Facts, and Realities — Unknown
This Black Hat USA forward-focus panel, "Quantum Security: Myths, Facts, and Realities," delves into the often-hyped world of quantum computing, aiming to demystify its true implications for…
- Reinforcement Learning for Autonomous Resilient Cyber Defense — Unknown
This talk, presented by Sarah and Ian from Dstl, delves into the critical and rapidly evolving field of **Autonomous Resilient Cyber Defense (ADR)**, particularly focusing on the application of…
- Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang — Unknown
In "Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang," Jean Camp and Dalia Manatova present a compelling argument for a paradigm shift in how the…
- Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface — Unknown
This article delves into a groundbreaking security research presentation that unveiled a critical, previously under-explored attack surface on Android smartphones, specifically targeting Samsung…
- Secure Shells in Shambles — Unknown
This talk, "Secure Shells in Shambles," delves into the complex and often fragmented ecosystem of **Secure Shell (SSH)**, a protocol critical for internet administration. Presented by HD and Rob…
- Securing Network Appliances: New Technologies and Old Challenges — Unknown
In this Black Hat USA talk, Vladislav Babkin, a security researcher at Eclipsium, sheds light on the evolving threat landscape for network appliances, arguing that these critical infrastructure…
- Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction — Unknown
This talk, "Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction," delivered by Adnan Khan and John Stawinski at Black Hat USA, exposes a critical and systemic…
- Skirting the Tornado: Essential Strategies for CISOs to Sidestep Government Fallout — Unknown
In an era of escalating cyber threats and increasingly stringent regulatory oversight, the role of a Chief Information Security Officer (**CISO**) has become one of immense responsibility and…
- SnailLoad: Anyone on the Internet Can Learn What You're Doing — Unknown
The "SnailLoad" talk at Black Hat USA unveiled a potent new form of remote side-channel attack that allows an attacker to infer a user's online activities, such as which websites they are visiting…
- Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls — Unknown
- Surveilling the Masses with Wi-Fi Positioning Systems — Unknown
In his Black Hat USA talk, "Surveilling the Masses with Wi-Fi Positioning Systems," Eric Rye, a third-year PhD student specializing in network security and privacy at the University of Maryland…
- Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign — Unknown
This presentation, "Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government," delivered by Sophos MDR Operations team members Morgan Demboski and…
- Super Hat Trick: Exploit Chrome and Firefox Four Times — Unknown
This talk, "Super Hat Trick: Exploit Chrome and Firefox Four Times," presented at Black Hat USA, delves into the intricate world of browser vulnerability research and exploitation. The speakers…
- Strengthen Cyber-security by Leveraging Cyber-Insurance — Unknown
This Black Hat USA talk delves into the evolving landscape of **cyber insurance**, positioning it not merely as a financial safety net but as a crucial component for strengthening an organization's…
- Stop! Sandboxing Exploitable Functions and Modules Using In-Kernel Machine Learning — Unknown
This talk introduces a novel approach to addressing a critical vulnerability window in kernel security: the period between a vulnerability's discovery and the deployment of an official patch…
- Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps — Unknown
This talk, "Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps," delves into the critical privacy vulnerabilities inherent in popular location-based…
- Terrapin Attack: Breaking SSH Channel Integrity by Sequence Number Manipulation — Unknown
This talk introduces the **Terrapin Attack**, a novel prefix truncation attack that compromises the integrity of the Secure Shell (SSH) protocol's encrypted channel. Presented at Black Hat USA, the…
- That Gambling Site? It's Fueled by Chinese Organized Crime — Unknown
In a revealing presentation at Black Hat USA, DNS threat researchers Renee Burton and Mael Letouz unveiled the intricate and disturbing operations of a Chinese organized crime syndicate they've…
- The 10th Annual Black Hat USA Network Operations Center (NOC) Report — Unknown
This talk provides an introductory look into the Black Hat USA Network Operations Center (NOC) report, a crucial annual presentation that details the operational and security landscape observed…
- The Fundamentals of Cyber-Insurance — Unknown
This talk delves into the often-misunderstood world of cyber insurance, providing a foundational understanding of its purpose, scope, and evolving role within the cybersecurity landscape. Presented…
- The Way to Android Root: Exploiting Your GPU on Smartphone — Unknown
This talk, presented by members of the Android Red team, delves into the critical security implications of Qualcomm Adreno GPU drivers on Android smartphones. The speakers reveal their discovery and…
- The Hidden Treasure of Crash Reports? — Unknown
Patrick Wardle's talk, "The Hidden Treasure of Crash Reports?", challenges the conventional perception of **crash reports** as mere debugging tools for developers. Wardle, a prominent figure in…
- The GCP Jenga Tower: Hacking Millions of Google's Servers With a Single Package (and more) — Unknown
In this compelling Black Hat USA talk, Liv Matan, a Senior Security Researcher at Tenable and recognized as Microsoft's Most Valuable Researcher, unveiled two critical vulnerabilities impacting…
- The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition — Unknown
This talk, "The Hack@DAC Story," delves into the genesis, evolution, and impact of Hack@DAC, the world's largest **hardware hacking competition**. Presented by Arun from Intel, representing a…
- The Overlooked Attack Surface: Diving into Windows Client Components for RCE Vulnerabilities — Unknown
This talk, presented by researchers from the University of Chinese Academy of Sciences, sheds light on a frequently overlooked yet critical attack surface within the Windows ecosystem: **privileged…
- Threat Hunting with LLM: From Discovering APT SAAIWC to Tracking APTs with AI — Unknown
In an era defined by an exponential surge in cyber threats and the sheer volume of data generated daily, traditional threat hunting methodologies are increasingly strained. This talk by Hongfei and…
- Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC — Unknown
This Black Hat USA presentation, delivered by John and a senior security researcher from the don.com security lab, delves into the intricate world of macOS userland security, with a specific focus…
- Unraveling the Mind Behind the APT - Analyzing the Role of Pretexting in CTI and Attribution — Unknown
In the ever-evolving landscape of cyber threats, attributing sophisticated attacks to specific Advanced Persistent Threat (APT) groups remains a formidable challenge. While traditional methods of…
- Uncovering Supply Chain Attack with Code Genome Framework — Unknown
In an era where software supply chain attacks are increasingly sophisticated and impactful, this Black Hat USA talk introduces the **Code Genome Framework**, an innovative approach developed by IBM…
- Tunnel Vision: Exploring VPN Post-Exploitation Techniques — Unknown
In a compelling presentation at Black Hat USA 2024, Olid, a security researcher at Akamai, challenged the conventional understanding of Virtual Private Network (VPN) security. Titled "Tunnel Vision…
- UnOAuthorized: A Technique to Privilege Escalation to Global Administrator — Unknown
In the realm of modern cloud identity management, achieving **Global Administrator** privileges within a Microsoft Entra ID (formerly Azure Active Directory) tenant represents the ultimate…
- Tracing Origins: Navigating Content Authenticity in the Deepfake Era — Unknown
In an era increasingly plagued by sophisticated digital forgeries, Peleus Uhley, a Principal Scientist at Adobe and co-chair of the Threats and Harms Working Group for the Coalition for Content…
- TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities — Unknown
The "TuDoor Attack" presentation at Black Hat USA unveiled a novel class of DNS cache poisoning attacks that systematically exploit logic vulnerabilities in how DNS resolvers process malformed…
- Use Your Spell Against You: Threat Prevention of Smart Contract Exploit By Reusing Opcode Trace — Unknown
Decentralized Finance (DeFi) platforms have become a prime target for malicious actors, with billions of dollars lost annually due to sophisticated exploits. Despite advancements in pre-launch…
- You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM? — Unknown
This talk, presented by Kazuki Matsuo, delves into the often-overlooked security implications of **Option ROMs (OROMs)** found on PCIe devices. The core premise is that these small, embedded…
- What Lies Beneath the Surface? Evaluating LLMs for Offensive Cyber Capabilities — Unknown
The rapid proliferation and increasing sophistication of large language models (LLMs) have sparked critical questions within the cybersecurity community: To what extent do these models possess…
- Will We Survive the Transitive Vulnerability Locusts? — Unknown
In an era where software development increasingly relies on assembling existing components like "Lego," the proliferation of **open-source dependencies** has introduced a pervasive and often…
- How Hackers Changed the Media (and the Media Changed Hackers) — Unknown
This Black Hat USA talk delves into the profound, evolving, and often contentious relationship between cybercriminals and the mainstream media. Featuring a panel of seasoned journalists and a…
- From Doxing to Doorstep: Exposing Privacy Intrusion Techniques used by Hackers for Extortion — Unknown
In a stark presentation at Black Hat USA, Jacob Larson unveiled the chilling evolution of doxing, demonstrating how online privacy intrusions have escalated from digital harassment to severe…
- We R in a Right Pickle With All These Insecure Serialization Formats — Unknown
In this compelling Black Hat USA talk, Casmir Schultz and Tom Bonner from HiddenLayer delve into the persistent and evolving threats posed by insecure deserialization, focusing on two widely used…
- Windows Downdate: Downgrade Attacks Using Windows Updates — Unknown
In this compelling talk, security researcher Alon from Safe Reach unveils a novel class of attack dubbed "Windows Downdate," demonstrating how Windows's own update mechanisms can be subverted to…
- Attacking Samsung Galaxy A* Boot Chain, and Beyond — Unknown
This talk, presented by Rafael and Maxime at Black Hat USA, delves into a sophisticated chain of vulnerabilities discovered in Samsung Galaxy A-series devices based on MediaTek System-on-Chips…
- 15 Ways to Break Your Copilot — Unknown
In an era where every product seemingly needs a "Copilot," Microsoft's ambitious push to integrate AI assistants across its ecosystem has brought forth powerful new tools like **Copilot Studio**…