10 Hottest Sessions At Black Hat Europe 2016
A sneak-peek at some of the more intriguing Briefings at the upcoming conference in London.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt08310b605909ba65/64f0d94d17fe28063dfa1379/SeanEuropeslide1.png?width=700&auto=webp&quality=80&disable=upscale)
The Black Hat Europe 2016 Conference kicks off November 1 in London.
The Briefings section -- where researchers present new findings and insights -- includes topics from critical infrastructure and Internet of things (IoT) security; human factors in security; vulnerabilities targeting multiple platforms, operating systems, and devices; and the latest in automation and orchestration in detection and response.
Here are 10 hot sessions that must not be missed, with two from each category:
Overall
AppSec
Internet of Things & Smart Grid
Mobility
Human Factors
50 Thousand Needles in 5 Million Haystacks: Understanding Old Malware Tricks to Find New Malware Families | In this 50-minute briefing, Karel Bartos, Lukas Machlica, and Veronica Valeros (all representing Cisco Systems) join forces to dissect and discuss the malware landscape as it is characterized by its rapid and constant evolution. In this talk, the group addresses key challenges related to automatic malware detection in the network traffic: how to detect malware changing its network behavior over time, how to mitigate potential mislabeling of the training data, and how to perform large scale multi-class detection.
Automating Incident Response: Sit Back and Relax, Bots Are Taking Over | Elvis Hovor, and Mohamed El-Sharkawi, both from Accenture, will take advantage of their 50-minute session to illustrate the value of automating functions and processes within incident response. The duo will present their research which describes their approach to leveraging orchestration of cyber architectures and open-source IR tools to help security operations center (SOC) teams that typically encounter large swaths of security alerts with a high level of frequency, have a (relatively mature) IR process, and are seeking to adopt a more proactive detection, triage, and response capability.
Inside Web Attacks: The Real Payloads | In this 25-minute session, John Graham-Cumming , chief technology officer of CloudFlare, will share some insight into the actual payloads that attackers are using through their exploitation of vulnerabilities like ShellShock or ImageTragick.
Backslash Powered Scanning: Hunting Unknown Vulnerability Classes | Server-side injections continue to be a topic of discussion, and James Kettle, of Portswigger Web Security, will continue the conversation by sharing some of his entertaining findings and lessons learned from unleashing his new prototype on a few thousand sites, showing how it can be taken far beyond injection hunting, leaving attendees with numerous leads for future research.
Breaking Bhad: Abusing Belkin Home Automation Devices | Invincea Labs researchers, Joe Tanen and Scott Tenaglia, team up in this 50-minute briefing to revisit Belkin's WeMo line of home automation devices of IoT products to see how they could break or abuse them. What they found are multiple vulnerabilities in both the device and the Android app that can be used to obtain a root shell on the device, run arbitrary code on the phone paired with the device, deny service to the device, and launch DoS attacks without rooting the device. Stick around and they will show you how to make your IoT hack your phone.
How To Fool An ADC, Part II Or Hiding Destruction Of Turbine With A Little Help Of Signal Processing | In this 50-minute briefing, Alexander Bolshev and Gabriel Gonzalez, both from IOActive, look at the ADC mechanisms from a security perspective, focusing on its features, "design vulnerabilities" and attacks leading to the misinterpretations of the analog signal. Various exploit signal variants and crafting methods will be shown, and the duo will review some of the popular "industry standard" ADC behaviors in case of such attacks.
Pocket-Sized Badness: Why Ransomware Comes As a Plot Twist in the Cat-Mouse Game | Two assistant professors from Politecnico di Milano, Federico Maggi and Stefano Zanero, will use their 50-minute briefing to describe the technical impact of disruptive malware and its game-changing approach, which made them rethink their incident response plans. The pair will focus on mobile ransomware as a representative, extreme case study, showing how threatening messages can be recognized from normal text using a language analysis technique, which classifies text based on the appearance of key terms frequently found in ransomware samples but not in benign sources.
Signing Into One Billion Mobile App Accounts Effortlessly with Oauth2.0 | Representing the Department of Information Engineering at The Chinese University of Hong Kong, Ronghai Yang and Wing Cheong Lau have 25 minutes to present their discovery of a new type of widespread but incorrect usage of OAuth. They'll describe how an attacker can remotely exploit the vulnerability by covertly signing into a victim's mobile app account without any action on the victim's part. To confirm the widespread nature of the vulnerability, the two engineers have developed an exploit for this new vulnerability among three top-tier IDPs which support SSO services for many 3rd party mobile apps and serve billions of registered users worldwide. Their empirical findings could be alarming to those that attend this session.
Hottest Briefings: Overall
50 Thousand Needles in 5 Million Haystacks: Understanding Old Malware Tricks to Find New Malware Families | In this 50-minute briefing, Karel Bartos, Lukas Machlica, and Veronica Valeros (all representing Cisco Systems) join forces to dissect and discuss the malware landscape as it is characterized by its rapid and constant evolution. In this talk, the group addresses key challenges related to automatic malware detection in the network traffic: how to detect malware changing its network behavior over time, how to mitigate potential mislabeling of the training data, and how to perform large scale multi-class detection.
Automating Incident Response: Sit Back and Relax, Bots Are Taking Over | Elvis Hovor, and Mohamed El-Sharkawi, both from Accenture, will take advantage of their 50-minute session to illustrate the value of automating functions and processes within incident response. The duo will present their research which describes their approach to leveraging orchestration of cyber architectures and open-source IR tools to help security operations center (SOC) teams that typically encounter large swaths of security alerts with a high level of frequency, have a (relatively mature) IR process, and are seeking to adopt a more proactive detection, triage, and response capability.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024