Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)
(Source: Black Hat Conference USA 2018)
1) Detecting Credential Compromise in AWS
Speaker: William Bengtson
Credential compromise in the cloud is not a threat that one company faces, rather it is a widespread concern as more and more companies operate in the cloud. Credential compromise can lead to many different outcomes depending on the motive of the attacker who compromised the credentials. In some cases in the past, it has led to erroneous AWS service usage for bitcoin mining or other non-destructive yet costly abuse, and in others it has led to companies shutting down due to the loss of data and infrastructure.
This paper describes an approach for detection of compromised credentials in AWS without needing to know all IPs in your infrastructure beforehand.
2) Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
Speaker: Jay Little
This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.
Speakers: Ethan Heilman, Neha Narula
This talk presents attacks on the cryptography used in the cryptocurrency IOTA, developed practical differential cryptanalysis attacks on IOTA's cryptographic hash function Curl-P, allowing us to quickly generate short colliding messages of the same length. Finally, this talk shows that in a chosen message setting we can forge signatures on valid IOTA payments. This talk presents and demonstrates a practical attack (achievable in a few minutes) whereby an attacker could forge a signature on an IOTA payment, and potentially use this forged signature to steal funds from another IOTA user.
>>Go to Presentation
Speaker: Oliver Schranz
This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.
5) Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
Speakers: Bhargava Shastry, Dominik Maier, Vincent Ulitzsch
This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.
Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)
Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.
Comments