domingo, 4 de agosto de 2013

BlaCkHaT - USA 2013

 Antes de iniciar este post me gustaría enviar unos breves instantes de reflexión por nuestro compañero y amigo de BlaCk HaT Comunity Barnaby Jack, que lamentablemente ha fallecido por causas que aún no han sido a la luz. Bueno la comunidad BlaCk HaT and White HaT nunca te van a olvidar R.I.P Barnaby Jack.


Bueno la conferencia BlaCkHat USA 2013 se inicio el 27 de Julio y finalizo el 1 de Agosto del año presente.El recinto en la cual se albergaron los expertos en seguridad informática fue el Caesars Palace - Las Vegas - Nevada.

Bueno a continuación vamos a exponer las presentaciones que tuvieron lugar en dicha conferencia....Pues comenzemos.



1.- A Practical attack against MDM Solutions.

Presented By :

  • Daniel Brodie
  • Michael Shaulov


White Paper : https://media.blackhat.com/us-13/US-13-Brodie-A-Practical-Attack-against-MDM-Solutions-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Brodie-A-Practical-Attack-against-MDM-Solutions-Slides.pdf


2.- A Tale of one software bypass of windows 8 secure boot.

Presented By :


  • Yuriy Blygin
  • Andrew Furtak
  • Oleksandr Bazhaniuk


3.- Above my pay grade : Cyber response at the national level.

Presented By :


  • Jason Healey


White Paper : https://media.blackhat.com/us-13/US-13-Healey-Above-My-Pay-Grade-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Healey-Above-My-Pay-Grade-Slides.pdf


4.- Android : One root to own theM all.

Presented By :


  • Jeff Forristal 

Presentation : https://media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-to-Own-Them-All-Slides.pdf 


5.- Binarypig - Scalable malwre analytics in Hadoop.

Presented By :


  • Zachary Hanif
  • Telvis Calhoum
  • Jason Trost


White Paper : https://media.blackhat.com/us-13/US-13-Hanif-Binarypig-Scalable-Malware-Analytics-in-Hadoop-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Hanif-Binarypig-Scalable-Malware-Analytics-in-Hadoop-Slides.pdf

 Source : https://media.blackhat.com/us-13/US-13-Hanif-Binarypig-Scalable-Malware-Analytics-in-Hadoop-Code.tar.gz


 6.- Bios Security.

Presented By :


  • John Butterworth
  • Corey Kallenberg
  • Xeno Kovah


White Paper : https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf

 Source : https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Code.zip


7.- Black-Box Assessment of Pseudorandom algorithms.

Presented By :


  • Derek Soeder
  • Christopher Abad
  • Gabriel Acevedo


White Paper : https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-Pseudorandom-Algorithms-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-Pseudorandom-Algorithms-Slides.pdf

 Source : https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-Pseudorandom-Algorithms-Code.zip


8.- Blackberryos 10 form a Security Perspective 

Presented By :


  • Ralf-Philipp Weinmann


9.- Bluetooth Smart : The good, The bad ,The ugly and the Fix! 

Presented By :


  • Mike Ryan


10.- Bochspwn : Identifying 0-days via system-wide  memory access pattern analysis.

Presented By :


  • Mateusz Jurczyh
  • Gynvael Coldwind


11.- Bugalyze.com - Detecting Bugs using Decompulation and data Flow analysis.

Presented By :


  • Silvio Cesare


White Paper : https://media.blackhat.com/us-13/US-13-Cesare-Bugalyze.com-Detecting-Bugs-Using-Decompilation-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Cesare-Bugalyze.com-Detecting-Bugs-Using-Decompilation-Slides.pdf


12 .- Buying into the BIAS : Why vulnerability statistics suck.

Presented By :


  • Brian Martin 
  • Steve CHristey


White Paper : https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics-Suck-WP.pdf 

 Presentation : https://media.blackhat.com/us-13/US-13-Martin-Buying-Into-The-Bias-Why-Vulnerability-Statistics-Suck-Slides.pdf


13.- Combating the Insider threat at the FBI : Real world lessons learned.

Presented By :


  • Patrick Reidy


Presentation : https://media.blackhat.com/us-13/US-13-Reidy-Combating-the-Insider-Threat-At-The-FBI-Slides.pdf


14.- Compromising Industrial Facilities from 40 miles away.

Presented By :


  • Lucas Apa
  • Carlos Mario Penagos


White Paper : https://media.blackhat.com/us-13/US-13-Apa-Compromising-Industrial-Facilities-From-40-Miles-Away-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Apa-Compromising-Industrial-Facilities-From-40-Miles-Away-Slides.pdf


15.- Creepydol : Cheap, Distributed Stalking.

Presented By :


  • Brendan O'Connor


White Paper : https://media.blackhat.com/us-13/US-13-OConnor-CreepyDOL-Cheap-Distributed-Stalking-WP.pdf

Presentation : https://media.blackhat.com/us-13/US-13-OConnor-CreepyDOL-Cheap-Distributed-Stalking-Slides.pdf


16.- Defending Networks with incomplete information : A machine learning approach.

Presented By :


  • Alexandre Pinto


White Paper : https://media.blackhat.com/us-13/US-13-Pinto-Defending-Networks-with-Incomplete-Information-A-Machine-Learning-Approach-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Pinto-Defending-Networks-with-Incomplete-Information-A-Machine-Learning-Approach-Slides.pdf


17.- Dissecting CSRF Attacks & Countermeasures.

Presented By :


  • Mike Shema
  • Sergey Shekyan
  • Vaagn Toukharian


18.- End-to-end Analysis of a domain generating algorithm malware family.

Presented By :


  • Jason Geffner


White Paper :  https://media.blackhat.com/us-13/US-13-Geffner-End-To-End-Analysis-of-a-Domain-Generating-Algorithm-Malware-Family-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Geffner-End-To-End-Analysis-of-a-Domain-Generating-Algorithm-Malware-Family-Slides.pdf


19.- Enegry Fraud and orchestrated Blackouts : Issues with Wireless metering Protocols (WM-Bus).

Presented By :


  • Cyrill Brunschwiler.


White Paper : https://media.blackhat.com/us-13/US-13-Brunschwiler-Energy-Fraud-and-Orchestrated-Blackouts-Issues-with-Wireless-Metering-Protocols-WP.pdf 

 Presentation : https://media.blackhat.com/us-13/US-13-Brunschwiler-Energy-Fraud-and-Orchestrated-Blackouts-Issues-with-Wireless-Metering-Protocols-Slides.pdf


20.- Exploiting Network Surveillance Cameras like a Hollywood Hacker.

Presented By :


  • Craig Heffner


White Paper : https://media.blackhat.com/us-13/US-13-Heffner-Exploiting-Network-Surveillance-Cameras-Like-A-Hollywood-Hacker-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Heffner-Exploiting-Network-Surveillance-Cameras-Like-A-Hollywood-Hacker-Slides.pdf


21.- Evading Deep Inspection for fun and Shell.

Presented By :


  • Olli-Pekka Niemi
  • Antti Levomaki


White Paper : https://media.blackhat.com/us-13/US-13-Opi-Evading-Deep-Inspection-for-Fun-and-Shell-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Opi-Evading-Deep-Inspection-for-Fun-and-Shell-Slides.pdf

 Source :  https://media.blackhat.com/us-13/US-13-Opi-Evading-Deep-Inspection-for-Fun-and-Shell-Code.zip


22.- The factoring Dead : Preparing for the Cryptopocalypse.

Presented By :

Alex Stamos

  • Tom Ritter
  • Thomas Ptacek
  • Javed Samuel


Presentation : https://media.blackhat.com/us-13/us-13-Stamos-The-Factoring-Dead.pdf


23.- Fact and Fiction : Defending your Medical devices.

Presented By :


  • Jay Radcliffe


24.- Fully Arbitrary 802.3 Packet injection : Maximizing the Ethernet attack Surface.

Presented By :


  • Andrea Barisani
  • Daniele Bianco


White Paper : https://media.blackhat.com/us-13/US-13-Barisani-Fully-Arbitrary-802-3-Packet-Injection-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Barisani-Fully-Arbitrary-802-3-Packet-Injection-Slides.pdf 


25.- Funderbolt : Adventures in Thunderbolt DMA Attacks.

Presented By :


  • Russ Sevinsky


Presentation : https://media.blackhat.com/us-13/US-13-Sevinsky-Funderbolt-Adventures-in-Thunderbolt-DMA-Attacks-Slides.pdf


26.- Hacking Like int he movies : Visualizing Page Tables for local Exploitation.

Presented By :


  • Georg Wicherski
  • Alexandru Radocea 
  • Alex Ionescu


White Paper : https://media.blackhat.com/us-13/US-13-Wicherski-Hacking-like-in-the-Movies-Visualizing-Page-Tables-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Wicherski-Hacking-like-in-the-Movies-Visualizing-Page-Tables-Slides.pdf

 Source : https://media.blackhat.com/us-13/US-13-Wicherski-Hacking-like-in-the-Movies-Visualizing-Page-Tables-Pictures.zip


27.- Hacking, Surveilling, and deceiving Victims on.

Presented By :


  • Seunglin 'Beist' Lee


Presentation : https://media.blackhat.com/us-13/US-13-Lee-Hacking-Surveilling-and-Deceiving-Victims-on-Smart-TV-Slides.pdf


28.- Hiding @ Depth - Exploring, Subverting and Breaking nand flash Memory.

Presented By :


  • Josh 'm0nk' Thomas



29.- Home Invasion V.2.0 - Attacking Network - Controlled Hardware.

Presented By :


  • Daniel Crowley
  • David Bryan 
  • Jennifer Savage


White Paper : https://media.blackhat.com/us-13/US-13-Crowley-Home-Invasion-2-0-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Crowley-Home-Invasion-2-0-Slides.pdf

 Source : https://media.blackhat.com/us-13/US-13-Crowley-HomeInvasion2-0-Source-Code.zip


30.- Honey, I'm Home.!! - Hacking Z-Wave Home Automation Systems.

Presented By :


  • Behrang Fouladi
  • Sahand Ghanoun


31.- Hot Knives Through Butter : Bypassing Automated Analysis Systems.

Presented By :


  • Abhishek Singh
  • Zheng Bu


White Paper : https://media.blackhat.com/us-13/US-13-Singh-Hot-Knives-Through-Butter-Evading-File-based-Sandboxes-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Singh-Hot-Knives-Through-Butter-Evading-File-Based-Sandboxes-Slides.pdf


32.- How CVSS is Dossing your Patching Policy (and wasting your money)

Presented By :


  • Luca Allodi
  • Fabio Massacci


White Paper : https://media.blackhat.com/us-13/US-13-Allodi-HOW-CVSS-is-DOSsing-Your-Patching-Policy-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Allodi-HOW-CVSS-is-DOSsing-Your-Patching-Policy-Slides.pdf


33.- How to Build a Spyphone. 

Presented By :


  • Kevin McNamee


White Paper : https://media.blackhat.com/us-13/US-13-McNamee-How-To-Build-a-SpyPhone-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-McNamee-How-To-Build-a-SpyPhone-Slides.pdf


34.- How to Grow a Thee (Taint - Enabled Reverse Engineering Environmet) From CBASS (Cross - Platform Binary Automated Symbolic Execution System)

Presented  By :


  • Nathan Li
  • Loc Nguyen
  • Xing Li
  • James Just


Técnicas de análisis de binarios de la investigación académica se han introducido en la comunidad de ingeniería inversa, así como los laboratorios de investigación, que están equipadas con una gran cantidad de potencia de cálculo. Algunos análisis de programas que utilizan estas técnicas han comenzado a aparecer en las conferencias de hackers. Sin embargo, siguen existiendo importantes limitaciones:

 Source : https://media.blackhat.com/us-13/US-13-Li-How-to-Grow-a-TREE-Code.zip


35.- Hunting The Shadows : In Depth Analysis of Escalated APT Attacks.

Presented By :


  • Fyodor Yarochkin
  • Tsung Pei Kan
  • Ming - Chang Chiu
  • Ming - Wei Benson Wu


 White Paper : https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf 


36.- I can hear you now : Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell.

Presented By :


  • Tom Ritter
  • Doug DePerry
  • Andrew Rahimi


37.- The Outer Limits : Hacking The Samsung Smart TV.

Presented By :

  • Aaron Grattafiori
  • Josh Yavor




38.- Is that a Government in your Network or are you just Happy to see me.?

Presented By :


  • Eric Fiterman


Presetantion : https://media.blackhat.com/us-13/US-13-Fiterman-Is-that-a-Government-in-Your-Network-Slides.pdf


39.- Java Every - Days : Exploiting Software Running on 3 Billion Devices.

Presented By :


  • Brian Gorenc
  • Jasiel Spelman


Durante los últimos tres años, Oracle Java se ha convertido en el mejor amigo del exploit del autor, y por qué no? Java tiene una superficie rica ataque, amplia base instalada, y se ejecuta en múltiples plataformas que permiten a los atacantes maximizar su retorno de la inversión. El mayor énfasis en el descubrimiento de debilidades en el entorno de ejecución de Java (JRE) cambió investigación más allá de los problemas de corrupción de memoria clásicos sobre los abusos de las API de reflexión que permiten la ejecución remota de código. Esta charla se centra en las tendencias de vulnerabilidad en Java en los últimos tres años y que se cruza con los datos de vulnerabilidades públicas con las vulnerabilidades de Java presentados a la Iniciativa Día Cero (ZDI) programa. Comenzaremos por revisar la arquitectura de Java y las estadísticas de conexión para identificar un conjunto de componentes vulnerables de Java. A continuación, destacamos las cinco principales tipos de vulnerabilidad visto en ZDI presentaciones investigador que impactan estos componentes JRE y hacen hincapié en la reciente importancia histórica. La presentación continúa con una mirada en profundidad a las debilidades específicas en varios sub-componentes de Java, incluyendo detalles de la vulnerabilidad y ejemplos de cómo el manifiesto vulnerabilidades y lo que los investigadores de vulnerabilidades deben buscar al auditar el componente. Finalmente, se discute cómo los atacantes normalmente aprovechan debilidades en Java. Nos centramos en determinados tipos de vulnerabilidad y los atacantes explotar kits autores están utilizando y lo que están haciendo allá de la propia vulnerabilidad para comprometer máquinas. Concluimos con detalles sobre las vulnerabilidades que se utilizaron en la competencia Pwn2Own de este año y los pasos Oracle ha tomado para hacer frente a los últimos números descubiertos en Java opinión.

White Paper : https://media.blackhat.com/us-13/US-13-Gorenc-Java-Every-Days-Exploiting-Software-Running-on-3-Billion-Devices-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Gorenc-Java-Every-Days-Exploiting-Software-Running-on-3-Billion-Devices-Slides.pdf 


40.- Javascript Static Security Analysis Made Easy With JSPrime.

Presented By :


  • Nishant Das Patnaik
  • Sarathi Sabyasachi Sahoo


White Paper : https://media.blackhat.com/us-13/US-13-Patnaik-Javascript-Static-Security-Analysis-made-Easy-with-JSPrime-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Patnaik-Javascript-Static-Security-Analysis-made-easy-with-JSPrime-Slides.pdf


41.-Just - In - Time code reuse : The more Things change, the more they stay the same.

Presented By :


  • Kevin Snow
  • Lucas Davi


Presentation : https://media.blackhat.com/us-13/US-13-Snow-Just-In-Time-Code-Reuse-Slides.pdf 


42.- Lawful Access Panel.

Presented By :


  • Matt Blaze 
  • Brewster Kahle
  • Jennifer Valentino-DeVries
  • Alan Davidson



43.- Legal Aspects of full Spectrum Computer Network (Active) Defense.

Presented By :


  • Robert Clark


Presentation : https://media.blackhat.com/us-13/US-13-Clark-Legal-Aspects-of-Full-Spectrum-Computer-Network-Active-Defense-Slides.pdf 


44.- Legal Considerations for Cellular Research.

Presented By :


  • Marcia Hofmann
  • Kurt Opsahl



45.- Lessons from Surviving a 300 GBPS Denial of Service Attack.

Presented By :


  • Matthew Prince



46.- Let's get Physical : Breaking home security systems and bypassing Buildings Controls.

Presented By :


  • Drew Porter
  • Stephen Smith


47.- Mactans : Injecting Malware into IOS Devices Via Malicious Chargers.

Presented By :


  • Billy Lau
  • Yeongjin Jang
  • Chengyu Song


White Paper : https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf 

 Presentation : https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-Slides.pdf 


48.- Mainframes : The past will come back to haunt you.

Presented By :


  • Philip Young


White Paper : https://media.blackhat.com/us-13/US-13-Young-Mainframes-The-Past-Will-Come-Back-to-Haunt-You-WP.pdf

 Presentation : https://media.blackhat.com/us-13/US-13-Young-Mainframes-The-Past-Will-Come-Back-to-Haunt-You-Slides.pdf 


49.- Maltego Tungsten as a Collaborative Attack Platform.

Presented By :


  • Roelof Temmingh 
  • Andres MacPherson


White Paper : https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Collaborative-Attack-Platform-WP.pdf 

 Presentation : https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Collaborative-Attack-Platform-Slides.pdf


50.- Million Browser BoTneT.

Presented By :


  • Jeremiah Grossman
  • Matt Johansen



51.- Mobile Rootkits : Exploiting and Rootkitting ARM Trustzone.

Presented By :


  • Thomas Roth



52.- Multiplexed Wired Attack Surfaces. 

Presented By :


  • Michael Ossmann
  • Kyle Osborn


White Paper : https://media.blackhat.com/us-13/US-13-Ossmann-Multiplexed-Wired-Attack-Surfaces-WP.pdf
53.- Optirop : Hunting for rop Gadgets in Style.

 Presented By :


  • Nguyen Anh Quynh




54.- Out of control : Demostrating Scada Device Exploitation.


Presented By :


  • Eric Forner
  • Brian Meixell

55.- Implantable Medical Devices : Hacking Humans.

Presented By :

  • Barnaby Jack (R.I.P)



Bueno a esta lista aún le falta agregar muchos mas temas de las  presentaciones que tuvieron lugar en BlaCk HaT USA 2013. Pero antes de terminar esta lista quiero agradecer a las siguientes personas por su gran colaboración en la conferencia.

  • Gabi Nakibly
  • Mark Simon
  • Patrick Jungles
  • Alva Duckwall
  • Chris Campbel
  • Paul Stone
  • Jacob Williams
  • Collin O'Flynn
  • Chris Summer.
  • Randall Wald
  • Mario Vuksan 
  • Tomislav Pericin
  • Andy Davis.
  • Fran Brown.
  • Scott Fretheim
  • Johathan Neff
  • Jose Miguel Esparza.
  • Devdattta Akhawe
  • Roberts Masse
  • Takahiro Haruyama
  • Hiroshi Suzuki
  • Markus Jakobsson 
  • Guy Stewart
  • Wei Xu
  • Xinran Wang
  • Matthew Cole
  • Jean-Philippe Aumasson
  • Marc Blanchou
  • Jason Geffner
  • Ben Smyth 
  • Alfredo Pironti
  • Jon Chittenden
  • Anson Gomes
  • Greg Wroblewski
  • Ryan Barnett
  • Toby Kohlenberg
  • Mickey Shkatov
  • Tony Miu
  • Albert Hui
  • Wai Leng Lee
  • Marcia Hofmann
  • Dmitry Chastuhin
  • Alexander Bolshev


Y a todos los expositores de esta gran Conferencia. A todos ellos un gran saludo por su trabajo.

Bueno creo que con esto finalizo este triste post (R.I.P Barnaby Jack ). Espero que esta información les sea de utilidad para todos ustedes. Sin mas que decir me despido y será hasta la próxima.







Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)