Get expert insight into stopping пїЅdeep fakesпїЅ, blockchain attacks, and Windows 10 vulnerabilities.

Black Hat Staff, Contributor

September 24, 2018

4 Min Read

Black Hat returns to London in early December and it promises to be the place to be if you’re after the very latest in information security research, development, training, and trends.

To give you a sense of what’s in store for you at the show, take a moment to check out the cutting-edge briefings described below. From blockchain security to "deep fake" detection, these briefings are designed to equip you with the tools and techniques you need to deal with today’s top threats.

In AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace, Symantic’s Niranjan Agnihotri and Vijay Thaware will walk you through some of the many aspects of the AI-driven "deep fake" tech that’s been used to blend human appearances in images and video.

This technology poses a real threat to anyone who values their image, and in their talk Agnihotri and Thaware will demonstrate how to identify "deep fake" videos using deep learning. They’ll show you how this can be achieved using a pre-trained FaceNet model, and how that model can be trained on image data of people of importance or concern. After training, the output of the final layer is stored in a database. A set of sampled images from a video will be passed through the neural network and the output of the final layer from the neural network will be compared to values stored in the database to confirm their authenticity. Don’t miss it!

MIT security researcher Takuya Watanabe’s Black Hat Europe 2018 briefing - I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor - is an exciting presentation of a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. As user pages and profiles in social web services generally include his/her name and activities, the anonymity of a website visitor can be easily destroyed by identifying the social account.

This is a big deal for the privacy-minded, and Watanabe plans to show you how the attack achieves 100 percent accuracy - and finishes within a sufficiently short time in a practical setting. He claims the team behind it has verified it works against at least 12 major sites (including Facebook, Instagram, Tumblr, Google+, Twitter, eBay, PornHub, and Xbox Live), though at least some have been able to safeguard against the attack and after they were provided with details and potential counter-measures. See for yourself by coming to the briefing!

If you have any interest in Windows vulnerabilities, make sure to make time for When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence. Presented by Illusive Networks security researcher Magal Baz, this session will reveal an effective approach attackers can use to hold on to ill-gotten domains, exploiting new opportunities offered by the Windows 10 security questions feature.

You’ll want to attend this briefing because the new feature, introduced this April, is a good example of how a well-intended idea can become a security nightmare. It allows a user to provide security questions and answers which he can later use to regain access to a local account. Baz and her team dug into the implementation of this feature and discovered that it can be abused to create a very durable, low-profile backdoor. Once an attacker compromises a network, this backdoor can be remotely distributed to any Win 10 machine in the network - without even executing code on the targeted machine. Be sure to make time and see Baz present this method, and the challenges faced while implementing it!

Last but not least, Kudelski Security vice president of of technology Jean-Philippe Aumasson will  deliver an intriguing talk on Attacking and Defending Blockchains: From Horror Stories to Secure Wallets. He’ll review some of the most spectacular security failures in blockchain systems, describe how millions of dollars’ worth of tokens could have been stolen (but weren’t), and present examples of bugs found in popular Bitcoin software utilities.

He’ll also review the different types of wallets and discuss the pros, cons, risks and benefits of hardware-based wallets for individuals, organizations, and trading platforms. Aumasson is an experienced blockchain systems auditor and security professional, and in this talk he plans to demonstrate how you can mitigate your blockchain risks.

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on how to register, check out the Black Hat website.

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights