­
Top 5 'Applied Security' Talks From Black Hat Conference 2018 (USA) - All Articles - CISO Platform

Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)

(Source: Black Hat Conference USA 2018)

8669821872?profile=original

1) Detecting Credential Compromise in AWS

Speaker: William Bengtson

Credential compromise in the cloud is not a threat that one company faces, rather it is a widespread concern as more and more companies operate in the cloud. Credential compromise can lead to many different outcomes depending on the motive of the attacker who compromised the credentials. In some cases in the past, it has led to erroneous AWS service usage for bitcoin mining or other non-destructive yet costly abuse, and in others it has led to companies shutting down due to the loss of data and infrastructure.

This paper describes an approach for detection of compromised credentials in AWS without needing to know all IPs in your infrastructure beforehand.

>>Go To Presentation

8669822458?profile=original

2) Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths

Speaker: Jay Little

This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.

>> Go To Presentation

8669822272?profile=original

3) A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme

Speakers: Ethan Heilman, Neha Narula  

This talk presents attacks on the cryptography used in the cryptocurrency IOTA, developed practical differential cryptanalysis attacks on IOTA's cryptographic hash function Curl-P, allowing us to quickly generate short colliding messages of the same length. Finally, this talk shows that in a chosen message setting we can forge signatures on valid IOTA payments. This talk presents and demonstrates a practical attack (achievable in a few minutes) whereby an attacker could forge a signature on an IOTA payment, and potentially use this forged signature to steal funds from another IOTA user.

>>Go to Presentation

8669822487?profile=original

4) ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware

Speaker: Oliver Schranz

This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.

>>Go To Presentation

8669822293?profile=original

5) Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina

Speakers: Bhargava Shastry, Dominik Maier, Vincent Ulitzsch

This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.

>> Go To Presentation

8669822687?profile=original

Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

City Round Table Meetup - Mumbai, Bangalore, Delhi, Chennai, Pune, Kolkata

  • Description:
    CISO Playbook Round Table Overview : 
    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology Implementation: From…
  • Created by: Biswajit Banerjee
  • Tags: ciso, playbook, round table

Round Table Dubai 2025 | GISEC

  • Description:
    CISO Playbook Round Table Overview : 

    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology…
  • Created by: Biswajit Banerjee

Fireside Chat With Dan Bowden (Global Business CISO, Marsh McLennan (Marsh, Guy Carpenter, Mercer, Oliver Wyman))

  • Description:

    We’re excited to bring you an insightful fireside chat on "Navigating the Cyber Insurance Landscape: Key Considerations for CISOs" with Dan Bowden (Global Business CISO, Marsh McLennan) and Erik Laird (Vice President - North America, FireCompass). In this fireside chat, we'll decode the complexities of cyber insurance from a CISO’s lens and uncover how to make smarter, security-aligned decisions when it comes to policy design, claims, and ROI.

    As cyberattacks grow in…

  • Created by: Biswajit Banerjee
  • Tags: ciso, cyber insurance, dan bowden

CISO Platform: CISO 100 Awards & Future CISO Awards @ Atlanta

  • Description:

    Nominate for the CISOPlatform CISO 100 Awards & Future CISO Awards - Recognizing Cybersecurity Leaders. Recommend someone you know deserving of this prestigious accolade....Nominate your colleague, mentor, someone you admire or yourself !

    CISO Platform is collaborating as a community partner with EC-Council’s Global CISO Forum, supporting initiatives such as the CISO Platform…

  • Created by: Biswajit Banerjee