event recordings mandalay bay / las … bay / las vegas, nv recorded session offerins ho to order...
TRANSCRIPT
J U L Y 2 5 - 2 7 , 2 0 1 7
MANDALAY BAY / LAS VEGAS, NV
RECO
RDED
SES
SIO
N O
FFER
ING
SH
OW
TO
ORD
ER
ORDER ONLINE AT blackhatbriefingsonline.com
OR AT EITHER SALES DESK LOCATION
Level 2, Mandalay Bay Convention Center
Black Hat Boulevard Level 3, Mandalay Bay Convention Center
Top of Escalators
On-Site Post-Con
$1499 (+ s/h)
(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Security Summer Camp Special: Annual Pass USB Drive Set $1299 (+ s/h)
$1399 (+ s/h)
(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set $1199 (+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25 & BSidesLV 2017
Security Summer Camp Special: USB Drive Set $799 (+ s/h) $1099 (+ s/h)
(+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25
Black Hat USA 2017 + DEF CON 25 USB Drive Set $699 (+ s/h) $999 (+ s/h)
(+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 Black Hat USA 2017 USB Drive $599 (+ s/h) $799 (+ s/h)
(+ s/h)
AMOUNT FOR PURCHASE $___________SHIPPING AND HANDLING $___________
SALES TAX (SEE RATES BELOW) $___________
TOTAL AMOUNT $___________
q VISA q MASTERCARD q AMEX q DISCOVER
CV CODE
BILLING ZIP CODE
EXPIRATION DATE
CREDIT CARD OR P.O. NUMBER
PLEASE PROVIDE BUSINESS CARD OR COMPLETE FORM
NAME:
COMPANY:
STREET (NO INT’L PO BOX):
CITY: ST: ZIP:
COUNTRY:
TEL: ( )
EMAIL:
2017-BHB
The sessions are being recorded at Black Hat USA 2013. The recordings are professional, unedited, live recordings that are guaranteed for life. PLEASE NOTE: Recording options may change. Some sessions may be omitted due to speaker or program revisions.
TAX RATES: CA 7.75% FL 6.5% NV 8.25% NY 8.13% TX 8.25%
ALL SALES ARE FINAL!
Signature:
HOW TO ORDERONLINE blackhatbriefingsonline.comEMAIL [email protected] Scan with a QR-Code Reader ON-SITE Bring this form with payment and shipping information to the Sales Desk
MAIL Send completed form & payment to Source of Knowledge 3137 West Tompkins Ave. Las Vegas, NV 89103 PHONE (702) 600-1990 8am-3pm (PST) M-F FAX (858) 408-9423
NAME:
COMPANY:
STREET (NO INT’L PO BOX):
CITY: ST: ZIP:
COUNTRY:
TEL: (
EMAIL:
The sessions are being recorded at Black Hat USA 2017. The recordings are professional, unedited, live recordings that are guaranteed for life. PLEASE NOTE: Recording options may change. Some sessions may be omitted due to speaker or program revisions.
SEE REVERSE SIDE FOR MORE PRODUCT OFFERINGS
ALL SALES ARE FINAL!
Signature:
The sessions are being recorded at Black Hat USA 2017. The recordings are professional, unedited, live recordings that are guaranteed for life. PLEASE NOTE: Recording options may change. Some sessions may be omitted due to speaker or program revisions.
Scan & Order Online SHIPPING AND HANDLING COSTS*
U.S. and U.S. TERRITORIES $10 PER ORDER EUROPE ‡, MEXICO, CANADA and AUSTRALIA $40 PER ORDER ASIA‡ $100 PER ORDER AFRICA, SOUTH AMERICA and MIDDLE EAST: STREAMING ONLY All U.S. orders shipped priority mail‡ Orders outside the U.S. shipped via trackable carrier
SEE REVERSE SIDE FOR MORE PRODUCT OFFERINGS
EVENTRECORDINGS
J U L Y 2 5 - 2 7 , 2 0 1 7
MANDALAY BAY / LAS VEGAS, NV
SEE REVERSE SIDE FOR SALES DESK LOCATIONS AND ORDERING INFORMATION
**Multi Seat Licenses Available (see flyer at sales desk)**
All “USB Drive” offerings include an Enterprise License & Online Streaming Access
Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25
Black Hat USA 2017 + DEF CON 25: Online Streaming $499 (+ s/h) $699 (+ s/h)
Online Streaming for: BlackHat Briefings USA 2017
Black Hat USA 2017: Online Streaming $399 (+ s/h) $599 (+ s/h)
$1499 (+ s/h)
(+ s/h)
$1399 (+ s/h)
(+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Security Summer Camp Special: Annual Pass USB Drive Set
Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set
$1299 (+ s/h)
$1199 (+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Black Hat USA 2017: Annual Pass USB Drive Set $799 (+ s/h) $999 (+ s/h)
(+ s/h)
On-Site
On-Site
On-Site
$1499 (+ s/h)
(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Security Summer Camp Special: Annual Pass USB Drive Set $1299 (+ s/h)
$1399 (+ s/h)
(+ s/h)USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Black Hat USA 2017 + DEF CON 25: Annual Pass USB Drive Set $1199 (+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017, Def Con 25 & BSidesLV 2017
Security Summer Camp Special: USB Drive Set $799 (+ s/h) $1099 (+ s/h)
(+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017 & Def Con 25
Black Hat USA 2017 + DEF CON 25 USB Drive Set $699 (+ s/h) $999 (+ s/h)
(+ s/h)
USB Drive + Enterprise License + Online Streaming for: BlackHat Briefings USA 2017
Black Hat USA 2017 USB Drive $599 (+ s/h) $799 (+ s/h)
(+ s/h)
Online Streaming for: BlackHat Briefings USA 2017, Def Con 25, BSidesLV 2017, BlackHat Briefings Europe 2017 & BlackHat Briefings Asia 2018
Security Summer Camp Special: Annual Pass Online Streaming $599 (+ s/h) $799 (+ s/h)
Post-Con
Post-Con
Post-Con
Most Popular Offerings
Annual Pass USB Drive Set Offerings
Streaming Only OfferingsRECO
RDED
SES
SIO
N A
DD
ITIO
NA
L O
FFER
ING
SEVENT
RECORDINGS
BHB_Z01 Where No Person Has Gone Before Ping Look, Security Awareness, Optiv Security
BHB_Z02 Don’t Panic: The Hitchhiker’s Guide to Black Hat Neil “Grifter” Wyler, Threat Hunting and Incident Response Specialist, RSA Security
BHB_Z03 Black Hat USA 2017 Briefings: What to Keep Track Of Daniel Cuthbert, COO, SensePost
BHB_Z04 Toolswatch and Black Hat Arsenal: A Virtuous Cycle Rachid Harrando, Office of the CISO, ServiceNow
BHB_Z05 Death by a Thousand Abstracts: How (Not) to Get Your Research into Black Hat Stefano Zanero, Associate Professor, Dipartimento di Elettronica, Informazione e Bioingegneria
tttBHB_01 Keynote Speaker
Alex StamosBHB_02 Adventures in Attacking Wind Farm Control Networks
Jason StaggsBHB_03 Wire Me Through Machine Learning by
Ankit Singh, Vijay ThawareBHB_04 Orange is the New Purple - How and Why to Integrate Development
Teams with Red/Blue Teams to Build More Secure Software April C. Wright
BHB_05 PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection, Traffic Analysis, and Beyond Stefan Prandl
BHB_06 Breaking Electronic Door Locks Like You’re on CSI: Cyber Colin O’Flynn
BHB_07 Ichthyology: Phishing as a Science Karla Burnett
BHB_08 Web Cache Deception Attack Omer Gil
BHB_09 All Your SMS & Contacts Belong to ADUPS & Others Ryan Johnson, Angelos Stavrou
BHB_10 They’re Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention John Ventura
BHB_11 Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid Robert Lee, Joe Slowik, Ben Miller, Robert Lipovsky, Anton Cherepanov
BHB_12 Real Humans, Simulated Attacks: Usability Testing with Attack Scenarios Lorrie Cranor
BHB_13 Many Birds, One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software Siji Feng, Zhi Zhou, Kun Yang
BHB_14 Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller Anna Trikalinou, Dan Lake
BHB_15 Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization Nathan Bates, Bryce Kunz
BHB_16 New Adventures in Spying 3G and 4G Users: Locate, Track & Monitor Ravishankar Borgaonkar, Lucca Hirschi, Altaf Shaik
BHB_17 FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches Nicholas Gray
BHB_18 When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices Billy Rios, Jonathan Butts
BHB_19 TBD TBD
BHB_20 Taking Windows 10 Kernel Exploitation to the Next Level - Leveraging Write-What-Where Vulnerabilities in Creators Update Morten Schenk
BHB_21 SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers’ Lives Much Harder on Mobile Networks Martin Kacer, Philippe Langlois
BHB_22 Challenges of Cooperation Across Cyberspace Jeff Moss, Marina Kaljurand, Joseph Nye, Bill Woodcock, Khoo Boon Hui, Wolfgang Kleinwächter
BHB_23 Delivering Javascript to World+Dog Kyle Randolph
BHB_24 Hacking Hardware with a $10 SD Card Reader Amir Etemadieh, Khoa Hoang, CJ Heres
BHB_25 The Active Directory Botnet Ty Miller, Paul Kalinin
BHB_26 Hacking Serverless Runtimes: Profiling AWS Lambda, Azure Functions, and More Andrew Krug, Graham Jones
BHB_27 Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network Omar Eissa
BHB_28 How We Created the First SHA-1 Collision and What it Means for Hash Security Elie Bursztein
BHB_29 Automated Testing of Crypto Software Using Differential Fuzzing Jean-Philippe Aumasson, Yolan Romailler
BHB_30 Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks Yuriy Bulygin, Mikhail Gorobets, Oleksandr Bazhaniuk, Andrew Furtak
BHB_31 ShieldFS: The Last Word in Ransomware Resilient File Systems Andrea Continella, Federico Maggi
BHB_32 So You Want to Market Your Security Product… Aaron Alva, Terrell McSweeny
BHB_33 The Art of Securing 100 Products Nir Valtman
BHB_34 Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game Kelly Shortridge
BHB_35 Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking Mateusz Jurczyk
BHB_36 An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Andy Robbins, Will Schroeder
BHB_37 What’s on the Wireless? Automating RF Signal Identification Michael Ossmann, Dominic Spill
BHB_120 Diversity Panel 2017: Making Diversity a Priority In Security Aubrey Blanche, Juliet “Jules” Okafor, Anthony Johnson, Rick Howard, Moderator Kelly Jackson Higgins
BHB_38 Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud) Haroon Meer, Marco Slaviero
BHB_39 Developing Trust and Gitting Betrayed Clint Gibler, Noah Beddome
BHB_40 Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev Harold Chun, Norman Barbosa
BHB_41 WSUSpendu: How to Hang WSUS Clients Romain Coltel, Yves Le Provost
BHB_42 White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data Karen Neuman, Jacob Osborn
BHB_43 Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface James Kettle
BHB_44 Go Nuclear: Breaking Radiation Monitoring Devices Ruben Santamarta
BHB_45 What They’re Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs Chaim Sanders, Rob Olson
BHB_46 Evilsploit - A Universal Hardware Hacking Toolkit Chui Yew Leong, Mingming Wan
BHB_47 Intercepting iCloud Keychain Alex Radocea
BHB_48 Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server Patrick Wardle
BHB_49 Fighting Targeted Malware in the Mobile Ecosystem Megan Ruthven, Andrew Blaich
BHB_50 (in)Security in Building Automation: How to Create Dark Buildings with Light Speed Thomas Brandstetter
BHB_51 Tracking Ransomware End to End Luca Invernizzi, Kylie McRoberts, Elie Bursztein
BHB_52 Protecting Pentests: Recommendations for Performing More Secure Tests Wesley McGrew
BHB_53 Protecting Visual Assets: Digital Image Counter-Forensics Nikita Mazurov, Kenneth Brown
BHB_54 Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits Lillian Ablon
BHB_55 Garbage In, Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data Hillary Sanders
BHB_56 Pwnie Awards
BLACK HAT USA 2017 RECORDED SESSIONS
WEDNESDAY JULY 26, 2017
TUESDAY JULY 25, 2017 WEDNESDAY JULY 26, 2017 (cont.)
BLACK HAT USA 2017 RECORDED SESSIONS (continued)
BHB_57 Skype & Type: Keystroke Leakage over VoIP Daniele Lain
BHB_58 The Industrial Revolution of Lateral Movement Tal Be’ery, Tal Maor
BHB_59 Influencing the Market to Improve Security Justine Bone, Chris Wysopal
BHB_60 OpenCrypto: Unchaining the JavaCard Ecosystem Vasilios Mavroudis
BHB_61 The Shadow Brokers - Cyber Fear Game-Changers Matt Suiche
BHB_62 Bot vs. Bot for Evading Machine Learning Malware Detection Hyrum Anderson
BHB_63 The Future of ApplePwn - How to Save Your Money Timur Yunusov
BHB_64 Escalating Insider Threats Using VMware’s API Ofri Ziv
BHB_65 The Epocholypse 2038: What’s in Store for the Next 20 Years Mikko Hypponen
BHB_66 Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity Justin Harvey
BHB_67 Fad or Future? Getting Past the Bug Bounty Hype Kymberlee Price, Angelo Prado, Charles Valentine
BHB_68 Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems Brian Knopf
BHB_69 rVMI: A New Paradigm for Full System Analysis Jonas Pfoh, Sebastian Vogl
BHB_70 Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets Nitay Artenstein
BHB_71 Ghost Telephonist’ Link Hijack Exploitations in 4G LTE CS Fallback Yuwei Zheng, Lin Huang, Qing Yang
BHB_72 Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound Zhengbo Wang, Wang Kang, Aimin Pan
BHB_73 Evading Microsoft ATA for Active Directory Domination Nikhil Mittal
BHB_74 Datacenter Orchestration Security and Insecurity: Assessing Kubernetes, Mesos, and Docker at Scale Dino Dai Zovi
BHB_75 Hunting GPS Jammers Vlad Gostomelsky
BHB_76 Practical Tips for Defending Web Applications in the Age of DevOps Zane Lackey
BHB_77 Breaking the Laws of Robotics: Attacking Industrial Robots Davide Quarta, Federico Maggi, Marcello Pogliani
BHB_78 Intel SGX Remote Attestation is Not Sufficient Yogesh Swami
BHB_79 Infecting the Enterprise: Abusing Office365+Powershell for Covert C2 Craig Dods
BHB_80 Why Most Cyber Security Training Fails and What We Can Do About it Arun Vishwanath
BHB_81 Bug Collisions Meet Government Vulnerability Disclosure Trey Herr, Jason Healey, Lillian Ablon, Kim Zetter, Katie Moussouris
BHB_82 Go to Hunt, Then Sleep David Bianco, Robert Lee
BHB_83 Don’t Trust the DOM: Bypassing XSS Mitigations via Script Gadgets Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela
BHB_84 Game of Chromes: Owning the Web with Zombie Chrome Extensions Tomer Cohen
BHB_85 Honey, I Shrunk the Attack Surface - Adventures in Android Security Hardening Nick Kralevich
BHB_86 Quantifying Risk in Consumer Software at Scale - Consumer Reports’ Digital Standard Sarah Zatko, Eason Goodale
BHB_87 kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse Marios Pomonis
BHB_88 AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically Jinho Jung, Chanil Jeon, Max Wolotsky, Taesoo Kim
BHB_89 Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization Jason Nichols
BHB_90 Exploitation of Kernel Pool Overflow on Microsoft Windows 10 DKOM/DKOHM is Back in DKOOHM! Direct Kernel Optional Object Header Manipulation Nikita Tarakanov
BHB_91 Free-Fall: Hacking Tesla from Wireless to CAN Bus Sen Nie, Ling Liu, Yuefeng Du
BHB_92 Attacking Encrypted USB Keys the Hard(ware) Way Jean-Michel Picod, Remi Audebert, Elie Bursztein
BHB_93 Evolutionary Kernel Fuzzing Richard Johnson
BHB_94 Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities Rodrigo Branco, Vincent Zimmer, Bruce Monroe
BHB_95 The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines Natalie Silvanovich
BHB_96 Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process Marina Krotofil
BHB_97 Friday the 13th: JSON Attacks Alvaro Munoz, Oleksandr Mirosh
BHB_98 Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices) Gabi Nakibly
BHB_99 Taking Over the World Through MQTT - Aftermath Lucas Lundgren
BHB_100 Exploit Kit Cornucopia Brad Antoniewicz, Matt Foley
BHB_101 Defeating Samsung KNOX with Zero Privilege Di Shen
BHB_102 WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake Mathy Vanhoef
BHB_103 Well, that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers Michael Cherny, Sagie Dulce
BHB_104 Intel AMT Stealth Breakthrough Dmitriy Evdokimov, Alexander Ermolov
BHB_105 Blue Pill for Your Phone Oleksandr Bazhaniuk, Yuriy Bulygin
BHB_106 Exploiting Network Printers Jens Muller
BHB_107 Lies, and Damn Lies: Getting Past the Hype of Endpoint Security Solutions Lidia Giuliano, Mike Spaulding
BHB_108 Electronegativity - A Study of Electron Security Luca Carettoni
BHB_109 And Then the Script-Kiddie Said, “Let There be No Light.” Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors? Anastasis Keliris, Mihalis Maniatakos, Charalambos Konstantinou
BHB_110 Digital Vengeance: Exploiting the Most Notorious C&C Toolkits Waylon Grange
BHB_111 IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices Tongbo Luo, Zhaoyan Xu
BHB_112 Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Yanick Fratantonio
BHB_113 Dealing the Perfect Hand - Shuffling Memory Blocks on z/OS Ayoub El Aassal
BHB_114 RBN Reloaded - Amplifying Signals from the Underground Dhia Mahjoub, David Rodriguez, Jason Passwaters
BHB_115 Breaking the x86 Instruction Set Christopher Domas
BHB_116 A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Orange Tsai
BHB_117 Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science Daniel Bohannon, Lee Holmes
BHB_118 Betraying the BIOS: Where the Gtttuardians of the BIOS are Failing Alex Matrosov
BHB_119 The Adventures of AV and the Leaky Sandbox Itzik Kotler, Amit Klein
THURSDAY JULY 27, 2017 THURSDAY JULY 27, 2017 (cont.)