'Enter Sandbox': Automating Linux Seccomp for Better AppSec: Linux seccomp is a powerful way to build secure applications, but it’s a grueling manual process. At Black Hat Asia, security researchers (slash Metallica fans) show how they’ve now automated the process to expand its use. Claudio Canella, phD candidate at Graz University of Technology tells Dark Reading about the session "Enter Sandbox," co-presented by Graz University of Technology postdoctoral researcher Mario Werner and Hemoltz Center for Information Security faculty Michael Schwarz.
How to Find Big Stacks of TCP/IP Stack Bugs: Forescout security researcher Daniel Dos Santos discusses the latest crop of TCP/IP bugs they’ve discovered, and what they've discovered about discovering bugs. At Black Hat Asia, Dos Santos and JSOF CEO Shlomi Oberman present "The Cost of Complexity: Different Vulnerabilities While Implementing the Same RFC."
How I Can Unlock Your Smart Door: Security Flaws in IoT Access Control : Mainstream IoT vendors support the ability to delegate device access across clouds and users. Security researchers at Black Hat Asia who examined the security implications of this capability will demonstrate how authorization could easily go wrong. Luyi Xing, Assistant Professor of Computer Science at Indiana University Bloomington; Yan Jia, Research Associate at Nankai University, and Bin Yuan, Postdoc at Huazhong University of Science and Technology and Indiana University Bloomington, tell Dark Reading about their research.
Reverse Engineering Compliance for Better Security (and More Fun): Regulatory compliance could be a dry exercise in checking boxes and meeting irrelevant standards of security that have little to do with genuine risk. But it doesn’t have to be. Adam Shostack, president of Shostack and Associates presents a different way of breaking down the compliance challenge.
Android Vuln Makes ‘Protected’ Broadcasts Unprotected: Ryan Johnson, VP of Research at Kryptowire describes how a firmware vulnerability in Android 9 and 10 would allow third-party applications to exercise privileges they were not meant to have.
Tangling With Attackers on the Bitcoin Blockchain: Christian Doerr and Tsuyoshi Taniguchi discuss the cat-and-mouse game they played with attackers using the Bitcoin blockchain for command-and-control communication.