Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world. 

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4).

(Source: Black Hat Conference USA 2016)

8669806257?profile=original

1)HTTP cookie hijacking in the wild: security and privacy implications

Speaker: Suphannee Sivakorn, Jason Polakis

In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies.

>>Go To Presentation


8669801079?profile=original

2) Timing attacks have never been so practical: Advance cross site search attacks

Speaker: Nethanel Gelernter

This work focuses on the response inflation technique that increases the size of the response; as the difference in the sizes of the responses increases, it becomes easier to distinguish between them. We begin with browser-based XS-search attack and demonstrate its use in extracting users' private data from Gmail and Facebook. The browser-based XS-search attack exploits the differences in the sizes of HTTP responses, and works even when significant inflation of the response is impossible.

>>Go To Presentation

8669812277?profile=original

 

3) Abusing bleeding edge web standards for appsec glory

Speaker: Bryant Zadegan ( @eganist ), Ryan Lester ( @TheRyanLester )

In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios.

>>Go To Presentation


8669813469?profile=original

 

4) The year in Flash

Speaker: Natalie Silvanovich ( @natashenka )

This talk describes notable vulnerabilities and exploits that have been discovered in Flash in the past year. It will start with an overview of the attack surface of Flash, and then discuss how the most common types of vulnerabilities work. It will then go through the year with regards to bugs, exploits and mitigations. It will end with a discussion of the future of Flash attacks: likely areas for new bugs, and the impact of existing mitigations.

>>Go To Presentation

zw0wgz.png?width=750

Your Complete Guide To Top Talks @Black Hat Conference 2016 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at the Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform