BlackHat2021Asie
THURSDAY | 9:00AM
Lessons From 11 Billion Breached Records
Speaker:
Troy Hunt
Track
:
Keynote
Format
: 60-Minute Briefings
THURSDAY | 10:20AM
A Walk Through Historical Correlations Between Vulnerabilities & Stock Prices
Speaker:
Alejandro Hernández
Track
:
CorpSec
Format
: 40-Minute Briefings
Disappeared Coins: Steal Hashrate in Stratum Secretly
Speaker:
Xin Liu
,
Rui Chong
,
Yuanyuan Huang
,
Yingli Zhang
,
Qingguo Zhou
Tracks
:
Applied Security,
Network Security
Format
: 40-Minute Briefings
Pre-built JOP Chains with the JOP ROCKET: Bypassing DEP without ROP
Speaker:
Bramwell Brizendine
,
Austin Babcock
Tracks
:
Exploit Development,
Reverse Engineering
Format
: 40-Minute Briefings
Racing the Dark: A New TOCTTOU Story From Apple's Core
Speaker:
Yu Wang
Track
:
Cloud & Platform Security
Format
: 40-Minute Briefings
THURSDAY | 11:20AM
Give Me a SQL Injection, I Shall PWN IIS and SQL Server
Speaker:
Tao Yan
,
Qi Deng
,
Bo Qu
Tracks
:
Exploit Development,
Reverse Engineering
Format
: 40-Minute Briefings
Mining and Exploiting (Mobile) Payment Credential Leaks in the Wild
Speaker:
Shangcheng Shi
,
Xianbo Wang
,
Wing Cheong Lau
Tracks
:
Mobile,
AppSec
Format
: 40-Minute Briefings
The Rise of Potatoes: Privilege Escalations in Windows Services
Speaker:
Antonio Cocomazzi
Track
:
Cloud & Platform Security
Format
: 40-Minute Briefings
Vibe Check: IDK About This…. Why Students May Shy Away From Cyber in a Surveillance State
Speaker:
Mika Devonshire
Track
:
Community
Format
: 40-Minute Briefings
THURSDAY | 12:30PM
Domain Borrowing: Catch My C2 Traffic if You Can
Speaker:
Tianze Ding
,
Junyu Zhou
Tracks
:
Cloud & Platform Security,
Malware
Format
: 40-Minute Briefings
Stuxnet-in-a-Box: In-Field Emulation and Fuzzing of PLCs to Uncover the Next Zero-Day Threat in Industrial Control Systems
Speaker:
Dimitrios Tychalas
,
Michail Maniatakos
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
The Cost of Complexity: Different Vulnerabilities While Implementing the Same RFC
Speaker:
Daniel dos Santos
,
Shlomi Oberman
Tracks
:
Applied Security,
Network Security
Format
: 40-Minute Briefings
Threat Hunting in Active Directory Environment
Speaker:
Anurag Khanna
,
Thirumalai Natarajan Muthiah
Tracks
:
Data Forensics & Incident Response,
Applied Security
Format
: 40-Minute Briefings
THURSDAY | 1:30PM
(Un)protected Broadcasts in Android 9 and 10
Speaker:
Ryan Johnson
,
Mohamed Elsabagh
,
Angelos Stavrou
Tracks
:
Mobile,
AppSec
Format
: 30-Minute Briefings
How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?
Speaker:
Tsuyoshi Taniguchi
,
Christian Doerr
Tracks
:
Malware,
Data Forensics & Incident Response
Format
: 30-Minute Briefings
Wideshears: Investigating and Breaking Widevine on QTEE
Speaker:
Qi Zhao
Tracks
:
Exploit Development,
Mobile
Format
: 30-Minute Briefings
THURSDAY | 2:20PM
Alarm.DISARM - Remotely Exploiting and Disarming Popular Physical Security System from Public Internet
Speaker:
Omri Ben Bassat
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
Enter Sandbox
Speaker:
Claudio Canella
,
Mario Werner
,
Michael Schwarz
Track
:
Defense
Format
: 40-Minute Briefings
Hunting Vulnerabilities of gRPC Protocol Armed Mobile/IoT Applications
Speaker:
Shijie Cao
,
Hao Zhao
Tracks
:
Mobile,
Applied Security
Format
: 40-Minute Briefings
X-in-the-Middle: Attacking Fast Charging Piles and Electric Vehicles
Speaker:
Wu HuiYu
,
Yuxiang Li
Tracks
:
Hardware / Embedded,
Reverse Engineering
Format
: 40-Minute Briefings
THURSDAY | 3:20PM
Locknote: Conclusions and Key Takeaways from Day 1
Speaker:
Mika Devonshire
,
Ty Miller
,
Pamela O'Shea
,
Fyodor Yarochkin
Track
:
Format
: 40-Minute Briefings
FRIDAY | 9:00AM
Insights and Predictions: What's Next in InfoSec
Speaker:
Neil R. Wyler (A.K.A. Grifter)
,
Lidia Giuliano
,
Vandana Verma
,
Jeff Wilson
,
Vitaly Kamluk
Track
:
Keynote
Format
: 60-Minute Briefings
FRIDAY | 10:20AM
A General Approach to Bypassing Many Kernel Protections and its Mitigation
Speaker:
Yueqi Chen
,
Zhenpeng Lin
,
Xinyu Xing
Tracks
:
Exploit Development,
Defense
Format
: 40-Minute Briefings
Anti-Forensics: Reverse Engineering a Leading Phone Forensic Tool
Speaker:
Matt Bergin
Tracks
:
Data Forensics & Incident Response,
Cryptography
Format
: 40-Minute Briefings
Apple Neural Engine Internal: From ML Algorithm to HW Registers
Speaker:
Wish Wu
Tracks
:
Reverse Engineering,
AI, ML, & Data Science
Format
: 40-Minute Briefings
How I Can Unlock Your Smart Door: Security Pitfalls in Cross-Vendor IoT Access Control
Speaker:
Bin Yuan
,
Yan Jia
,
Dongfang Zhao
,
Luyi Xing
Tracks
:
Cyber-Physical Systems,
Cloud & Platform Security
Format
: 40-Minute Briefings
FRIDAY | 11:20AM
"We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
Speaker:
Jhih-Lin Kuo
,
Zih-Cing Liao
Tracks
:
Data Forensics & Incident Response,
Malware
Format
: 40-Minute Briefings
A New Era of One-Click Attacks: How to Break Install-Less Apps
Speaker:
Zhiyang Zeng
,
Bo Liu
,
Yimin Wu
Tracks
:
Mobile,
Applied Security
Format
: 40-Minute Briefings
New Attack Surface in Safari: Using Just One Web Audio Vulnerability to Rule Safari
Speaker:
JunDong Xie
Track
:
Exploit Development
Format
: 40-Minute Briefings
Scavenger: Misuse Error Handling Leading to Qemu/KVM Escape
Speaker:
Gaoning Pan
,
Xingwei Lin
,
Xinlei Ying
,
Jiashui Wang
,
Chunming Wu
Tracks
:
Cloud & Platform Security,
Exploit Development
Format
: 40-Minute Briefings
FRIDAY | 12:30PM
Hiding Objects from Computer Vision by Exploiting Correlation Biases
Speaker:
Yin Minn Pa Pa
,
Paul Ziegler
,
Masaki Kamizono
Tracks
:
AI, ML, & Data Science,
Applied Security
Format
: 40-Minute Briefings
In-Depth Analyzing and Fuzzing for Qualcomm Hexagon Processor
Speaker:
Xiling Gong
,
Bo Zhang
Track
:
Mobile
Format
: 40-Minute Briefings
The Price of Compatibility: Defeating macOS Kernel Using Extended File Attributes
Speaker:
Zuozhi Fan
Tracks
:
Exploit Development,
Cloud & Platform Security
Format
: 40-Minute Briefings
FRIDAY | 1:30PM
A Mirage of Safety: Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps
Speaker:
Xiangqian Zhang
,
Huiming Liu
Tracks
:
Mobile,
AppSec
Format
: 30-Minute Briefings
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Speaker:
Aragorn Tseng
,
Charles Li
Tracks
:
AI, ML, & Data Science,
Malware
Format
: 30-Minute Briefings
The B-MAD Approach to Threat Modeling
Speaker:
Adam Shostack
Tracks
:
Defense,
Human Factors
Format
: 30-Minute Briefings
The Tangled Webview ----- Javascriptinterface Once More
Speaker:
Ce Qin
Track
:
Mobile
Format
: 30-Minute Briefings
FRIDAY | 2:20PM
Hey, You, Get off My Private Data: Do Apps Respect Your Privacy as They Claim?
Speaker:
Guangdong Bai
,
Qing Zhang
Tracks
:
Policy,
Mobile
Format
: 40-Minute Briefings
Reverse Engineering Compliance
Speaker:
Adam Shostack
Tracks
:
Applied Security,
AppSec
Format
: 40-Minute Briefings
The Motion Sensor Western: The Good (Automatic Functionality Support), the Bad (Security Risks to Devices), and the Ugly (Privacy Risks to Individuals)
Speaker:
Ben Nassi
Tracks
:
Human Factors,
AI, ML, & Data Science
Format
: 40-Minute Briefings