event recordings mandalay bay / las … bay / las vegas, nv recorded session offerins ho to order...

J U L Y 2 5 - 2 7 , 2 0 1 7

MANDALAY BAY / LAS VEGAS, NV

RECO

RDED

SES

SIO

N O

FFER

ING

SH

OW

TO

ORD

ER

ORDER ONLINE AT blackhatbriefingsonline.com

OR AT EITHER SALES DESK LOCATION

Level 2, Mandalay Bay Convention Center

Black Hat Boulevard Level 3, Mandalay Bay Convention Center

Top of Escalators

On-Site Post-Con

$1499 (+ s/h)

(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

Security Summer Camp Special: Annual Pass USB Drive Set $1299 (+ s/h)

$1399 (+ s/h)

(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set $1199 (+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25 & BSidesLV 2017

Security Summer Camp Special: USB Drive Set $799 (+ s/h) $1099 (+ s/h)

(+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25

Black Hat USA 2017 + DEF CON 25 USB Drive Set $699 (+ s/h) $999 (+ s/h)

(+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 Black Hat USA 2017 USB Drive $599 (+ s/h) $799 (+ s/h)

(+ s/h)

AMOUNT FOR PURCHASE $___________SHIPPING AND HANDLING $___________

SALES TAX (SEE RATES BELOW) $___________

TOTAL AMOUNT $___________

q VISA q MASTERCARD q AMEX q DISCOVER

CV CODE

BILLING ZIP CODE

EXPIRATION DATE

CREDIT CARD OR P.O. NUMBER

PLEASE PROVIDE BUSINESS CARD OR COMPLETE FORM

NAME:

COMPANY:

STREET (NO INT’L PO BOX):

CITY: ST: ZIP:

COUNTRY:

TEL: ( )

EMAIL:

2017-BHB

The sessions are being recorded at Black Hat USA 2013. The recordings are professional, unedited, live recordings that are guaranteed for life. PLEASE NOTE: Recording options may change. Some sessions may be omitted due to speaker or program revisions.

TAX RATES: CA 7.75% FL 6.5% NV 8.25% NY 8.13% TX 8.25%

ALL SALES ARE FINAL!

Signature:

HOW TO ORDERONLINE blackhatbriefingsonline.comEMAIL [email protected] Scan with a QR-Code Reader ON-SITE Bring this form with payment and shipping information to the Sales Desk

MAIL Send completed form & payment to Source of Knowledge 3137 West Tompkins Ave. Las Vegas, NV 89103 PHONE (702) 600-1990 8am-3pm (PST) M-F FAX (858) 408-9423

NAME:

COMPANY:

STREET (NO INT’L PO BOX):

CITY: ST: ZIP:

COUNTRY:

TEL: (

EMAIL:


SEE REVERSE SIDE FOR MORE PRODUCT OFFERINGS

ALL SALES ARE FINAL!

Signature:


Scan & Order Online SHIPPING AND HANDLING COSTS*

U.S. and U.S. TERRITORIES $10 PER ORDER EUROPE ‡, MEXICO, CANADA and AUSTRALIA $40 PER ORDER ASIA‡ $100 PER ORDER AFRICA, SOUTH AMERICA and MIDDLE EAST: STREAMING ONLY All U.S. orders shipped priority mail‡ Orders outside the U.S. shipped via trackable carrier

SEE REVERSE SIDE FOR MORE PRODUCT OFFERINGS

EVENTRECORDINGS

J U L Y 2 5 - 2 7 , 2 0 1 7

MANDALAY BAY / LAS VEGAS, NV

SEE REVERSE SIDE FOR SALES DESK LOCATIONS AND ORDERING INFORMATION

**Multi Seat Licenses Available (see flyer at sales desk)**

All “USB Drive” offerings include an Enterprise License & Online Streaming Access

Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25

Black Hat USA 2017 + DEF CON 25: Online Streaming $499 (+ s/h) $699 (+ s/h)

Online Streaming for: BlackHat Briefings USA 2017

Black Hat USA 2017: Online Streaming $399 (+ s/h) $599 (+ s/h)

$1499 (+ s/h)

(+ s/h)

$1399 (+ s/h)

(+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

Security Summer Camp Special: Annual Pass USB Drive Set

Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set

$1299 (+ s/h)

$1199 (+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

Black Hat USA 2017: Annual Pass USB Drive Set $799 (+ s/h) $999 (+ s/h)

(+ s/h)

On-Site

On-Site

On-Site

$1499 (+ s/h)


Security Summer Camp Special: Annual Pass USB Drive Set $1299 (+ s/h)

$1399 (+ s/h)


Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set $1199 (+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25 & BSidesLV 2017

Security Summer Camp Special: USB Drive Set $799 (+ s/h) $1099 (+ s/h)

(+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25

Black Hat USA 2017 + DEF CON 25 USB Drive Set $699 (+ s/h) $999 (+ s/h)

(+ s/h)

USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017

Black Hat USA 2017 USB Drive $599 (+ s/h) $799 (+ s/h)

(+ s/h)

Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018

Security Summer Camp Special: Annual Pass Online Streaming $599 (+ s/h) $799 (+ s/h)

Post-Con

Post-Con

Post-Con

Most Popular Offerings

Annual Pass USB Drive Set Offerings

Streaming Only OfferingsRECO

RDED

SES

SIO

N A

DD

ITIO

NA

L O

FFER

ING

SEVENT

RECORDINGS

BHB_Z01 Where No Person Has Gone Before Ping Look, Security Awareness, Optiv Security

BHB_Z02 Don’t Panic: The Hitchhiker’s Guide to Black Hat Neil “Grifter” Wyler, Threat Hunting and Incident Response Specialist, RSA Security

BHB_Z03 Black Hat USA 2017 Briefings: What to Keep Track Of Daniel Cuthbert, COO, SensePost

BHB_Z04 Toolswatch and Black Hat Arsenal: A Virtuous Cycle Rachid Harrando, Office of the CISO, ServiceNow

BHB_Z05 Death by a Thousand Abstracts: How (Not) to Get Your Research into Black Hat Stefano Zanero, Associate Professor, Dipartimento di Elettronica, Informazione e Bioingegneria

tttBHB_01 Keynote Speaker

Alex StamosBHB_02 Adventures in Attacking Wind Farm Control Networks

Jason StaggsBHB_03 Wire Me Through Machine Learning by

Ankit Singh, Vijay ThawareBHB_04 Orange is the New Purple - How and Why to Integrate Development

Teams with Red/Blue Teams to Build More Secure Software April C. Wright

BHB_05 PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection, Traffic Analysis, and Beyond Stefan Prandl

BHB_06 Breaking Electronic Door Locks Like You’re on CSI: Cyber Colin O’Flynn

BHB_07 Ichthyology: Phishing as a Science Karla Burnett

BHB_08 Web Cache Deception Attack Omer Gil

BHB_09 All Your SMS & Contacts Belong to ADUPS & Others Ryan Johnson, Angelos Stavrou

BHB_10 They’re Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention John Ventura

BHB_11 Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid Robert Lee, Joe Slowik, Ben Miller, Robert Lipovsky, Anton Cherepanov

BHB_12 Real Humans, Simulated Attacks: Usability Testing with Attack Scenarios Lorrie Cranor

BHB_13 Many Birds, One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software Siji Feng, Zhi Zhou, Kun Yang

BHB_14 Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller Anna Trikalinou, Dan Lake

BHB_15 Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization Nathan Bates, Bryce Kunz

BHB_16 New Adventures in Spying 3G and 4G Users: Locate, Track & Monitor Ravishankar Borgaonkar, Lucca Hirschi, Altaf Shaik

BHB_17 FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches Nicholas Gray

BHB_18 When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices Billy Rios, Jonathan Butts

BHB_19 TBD TBD

BHB_20 Taking Windows 10 Kernel Exploitation to the Next Level - Leveraging Write-What-Where Vulnerabilities in Creators Update Morten Schenk

BHB_21 SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers’ Lives Much Harder on Mobile Networks Martin Kacer, Philippe Langlois

BHB_22 Challenges of Cooperation Across Cyberspace Jeff Moss, Marina Kaljurand, Joseph Nye, Bill Woodcock, Khoo Boon Hui, Wolfgang Kleinwächter

BHB_23 Delivering Javascript to World+Dog Kyle Randolph

BHB_24 Hacking Hardware with a $10 SD Card Reader Amir Etemadieh, Khoa Hoang, CJ Heres

BHB_25 The Active Directory Botnet Ty Miller, Paul Kalinin

BHB_26 Hacking Serverless Runtimes: Profiling AWS Lambda, Azure Functions, and More Andrew Krug, Graham Jones

BHB_27 Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network Omar Eissa

BHB_28 How We Created the First SHA-1 Collision and What it Means for Hash Security Elie Bursztein

BHB_29 Automated Testing of Crypto Software Using Differential Fuzzing Jean-Philippe Aumasson, Yolan Romailler

BHB_30 Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks Yuriy Bulygin, Mikhail Gorobets, Oleksandr Bazhaniuk, Andrew Furtak

BHB_31 ShieldFS: The Last Word in Ransomware Resilient File Systems Andrea Continella, Federico Maggi

BHB_32 So You Want to Market Your Security Product… Aaron Alva, Terrell McSweeny

BHB_33 The Art of Securing 100 Products Nir Valtman

BHB_34 Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game Kelly Shortridge

BHB_35 Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking Mateusz Jurczyk

BHB_36 An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Andy Robbins, Will Schroeder

BHB_37 What’s on the Wireless? Automating RF Signal Identification Michael Ossmann, Dominic Spill

BHB_120 Diversity Panel 2017: Making Diversity a Priority In Security Aubrey Blanche, Juliet “Jules” Okafor, Anthony Johnson, Rick Howard, Moderator Kelly Jackson Higgins

BHB_38 Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud) Haroon Meer, Marco Slaviero

BHB_39 Developing Trust and Gitting Betrayed Clint Gibler, Noah Beddome

BHB_40 Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev Harold Chun, Norman Barbosa

BHB_41 WSUSpendu: How to Hang WSUS Clients Romain Coltel, Yves Le Provost

BHB_42 White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data Karen Neuman, Jacob Osborn

BHB_43 Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface James Kettle

BHB_44 Go Nuclear: Breaking Radiation Monitoring Devices Ruben Santamarta

BHB_45 What They’re Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs Chaim Sanders, Rob Olson

BHB_46 Evilsploit - A Universal Hardware Hacking Toolkit Chui Yew Leong, Mingming Wan

BHB_47 Intercepting iCloud Keychain Alex Radocea

BHB_48 Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server Patrick Wardle

BHB_49 Fighting Targeted Malware in the Mobile Ecosystem Megan Ruthven, Andrew Blaich

BHB_50 (in)Security in Building Automation: How to Create Dark Buildings with Light Speed Thomas Brandstetter

BHB_51 Tracking Ransomware End to End Luca Invernizzi, Kylie McRoberts, Elie Bursztein

BHB_52 Protecting Pentests: Recommendations for Performing More Secure Tests Wesley McGrew

BHB_53 Protecting Visual Assets: Digital Image Counter-Forensics Nikita Mazurov, Kenneth Brown

BHB_54 Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits Lillian Ablon

BHB_55 Garbage In, Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data Hillary Sanders

BHB_56 Pwnie Awards

BLACK HAT USA 2017 RECORDED SESSIONS

WEDNESDAY JULY 26, 2017

TUESDAY JULY 25, 2017 WEDNESDAY JULY 26, 2017 (cont.)

BLACK HAT USA 2017 RECORDED SESSIONS (continued)

BHB_57 Skype & Type: Keystroke Leakage over VoIP Daniele Lain

BHB_58 The Industrial Revolution of Lateral Movement Tal Be’ery, Tal Maor

BHB_59 Influencing the Market to Improve Security Justine Bone, Chris Wysopal

BHB_60 OpenCrypto: Unchaining the JavaCard Ecosystem Vasilios Mavroudis

BHB_61 The Shadow Brokers - Cyber Fear Game-Changers Matt Suiche

BHB_62 Bot vs. Bot for Evading Machine Learning Malware Detection Hyrum Anderson

BHB_63 The Future of ApplePwn - How to Save Your Money Timur Yunusov

BHB_64 Escalating Insider Threats Using VMware’s API Ofri Ziv

BHB_65 The Epocholypse 2038: What’s in Store for the Next 20 Years Mikko Hypponen

BHB_66 Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity Justin Harvey

BHB_67 Fad or Future? Getting Past the Bug Bounty Hype Kymberlee Price, Angelo Prado, Charles Valentine

BHB_68 Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems Brian Knopf

BHB_69 rVMI: A New Paradigm for Full System Analysis Jonas Pfoh, Sebastian Vogl

BHB_70 Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets Nitay Artenstein

BHB_71 Ghost Telephonist’ Link Hijack Exploitations in 4G LTE CS Fallback Yuwei Zheng, Lin Huang, Qing Yang

BHB_72 Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound Zhengbo Wang, Wang Kang, Aimin Pan

BHB_73 Evading Microsoft ATA for Active Directory Domination Nikhil Mittal

BHB_74 Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale Dino Dai Zovi

BHB_75 Hunting GPS Jammers Vlad Gostomelsky

BHB_76 Practical Tips for Defending Web Applications in the Age of DevOps Zane Lackey

BHB_77 Breaking the Laws of Robotics: Attacking Industrial Robots Davide Quarta, Federico Maggi, Marcello Pogliani

BHB_78 Intel SGX Remote Attestation is Not Sufficient Yogesh Swami

BHB_79 Infecting the Enterprise: Abusing Office365+Powershell for Covert C2 Craig Dods

BHB_80 Why Most Cyber Security Training Fails and What We Can Do About it Arun Vishwanath

BHB_81 Bug Collisions Meet Government Vulnerability Disclosure Trey Herr, Jason Healey, Lillian Ablon, Kim Zetter, Katie Moussouris

BHB_82 Go to Hunt, Then Sleep David Bianco, Robert Lee

BHB_83 Don’t Trust the DOM: Bypassing XSS Mitigations via Script Gadgets Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela

BHB_84 Game of Chromes: Owning the Web with Zombie Chrome Extensions Tomer Cohen

BHB_85 Honey, I Shrunk the Attack Surface - Adventures in Android Security Hardening Nick Kralevich

BHB_86 Quantifying Risk in Consumer Software at Scale - Consumer Reports’ Digital Standard Sarah Zatko, Eason Goodale

BHB_87 kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse Marios Pomonis

BHB_88 AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically Jinho Jung, Chanil Jeon, Max Wolotsky, Taesoo Kim

BHB_89 Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization Jason Nichols

BHB_90 Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation Nikita Tarakanov

BHB_91 Free-Fall: Hacking Tesla from Wireless to CAN Bus Sen Nie, Ling Liu, Yuefeng Du

BHB_92 Attacking Encrypted USB Keys the Hard(ware) Way Jean-Michel Picod, Remi Audebert, Elie Bursztein

BHB_93 Evolutionary Kernel Fuzzing Richard Johnson

BHB_94 Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities Rodrigo Branco, Vincent Zimmer, Bruce Monroe

BHB_95 The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines Natalie Silvanovich

BHB_96 Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process Marina Krotofil

BHB_97 Friday the 13th: JSON Attacks Alvaro Munoz, Oleksandr Mirosh

BHB_98 Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices) Gabi Nakibly

BHB_99 Taking Over the World Through MQTT - Aftermath Lucas Lundgren

BHB_100 Exploit Kit Cornucopia Brad Antoniewicz, Matt Foley

BHB_101 Defeating Samsung KNOX with Zero Privilege Di Shen

BHB_102 WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake Mathy Vanhoef

BHB_103 Well, that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers Michael Cherny, Sagie Dulce

BHB_104 Intel AMT Stealth Breakthrough Dmitriy Evdokimov, Alexander Ermolov

BHB_105 Blue Pill for Your Phone Oleksandr Bazhaniuk, Yuriy Bulygin

BHB_106 Exploiting Network Printers Jens Muller

BHB_107 Lies, and Damn Lies: Getting Past the Hype of Endpoint Security Solutions Lidia Giuliano, Mike Spaulding

BHB_108 Electronegativity - A Study of Electron Security Luca Carettoni

BHB_109 And Then the Script-Kiddie Said, “Let There be No Light.” Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors? Anastasis Keliris, Mihalis Maniatakos, Charalambos Konstantinou

BHB_110 Digital Vengeance: Exploiting the Most Notorious C&C Toolkits Waylon Grange

BHB_111 IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices Tongbo Luo, Zhaoyan Xu

BHB_112 Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Yanick Fratantonio

BHB_113 Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS Ayoub El Aassal

BHB_114 RBN Reloaded - Amplifying Signals from the Underground Dhia Mahjoub, David Rodriguez, Jason Passwaters

BHB_115 Breaking the x86 Instruction Set Christopher Domas

BHB_116 A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Orange Tsai

BHB_117 Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science Daniel Bohannon, Lee Holmes

BHB_118 Betraying the BIOS: Where the Gtttuardians of the BIOS are Failing Alex Matrosov

BHB_119 The Adventures of AV and the Leaky Sandbox Itzik Kotler, Amit Klein

THURSDAY JULY 27, 2017 THURSDAY JULY 27, 2017 (cont.)

event recordings mandalay bay / las … bay / las vegas, nv recorded session offerins ho to order...

Documents