BlackHat2021USA
WEDNESDAY | 9:00AM
Keynote: Supply Chain Infections and the Future of Contactless Deliveries
Speaker:
Matt Tait
Track
:
Keynote
Format
: 60-Minute Briefings
Location
: Oceanside CD / Virtual
WEDNESDAY | 10:20AM
20+ Ways to Bypass Your macOS Privacy Mechanisms
Speaker:
Wojciech Reguła
,
Csaba Fitzl
Tracks
:
Cloud & Platform Security,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
A Broken Chain: Discovering OPC UA Attack Surface and Exploiting the Supply Chain
Speaker:
Eran Jacob
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Virtual
A Hole in the Tube: Uncovering Vulnerabilities in Critical Infrastructure of Healthcare Facilities
Speaker:
Ben Seri
,
Barak Hadad
Tracks
:
Cyber-Physical Systems,
Network Security
Format
: 40-Minute Briefings
Location
: South Seas CD
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
Speaker:
Marcus Brinkmann
,
Juraj Somorovsky
Tracks
:
Cryptography,
AppSec
Format
: 40-Minute Briefings
Location
: Virtual
A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms
Speaker:
Shir Tamari
,
Ami Luttwak
Tracks
:
CorpSec,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Do You Speak My Language? Make Static Analysis Engines Understand Each Other
Speaker:
Ibrahim Elsayed
,
Manuel Fahndrich
Track
:
AppSec
Format
: 40-Minute Briefings
Location
: Virtual
hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day
Speaker:
Peleg Hadar
,
Ophir Harpaz
Tracks
:
Reverse Engineering,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: South Seas AB
Security Analysis of CHERI ISA
Speaker:
Saar Amar
,
Nicolas Joly
Tracks
:
Defense,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
The Ripple Effect: Building a Diverse Security Research Team
Speaker:
Oryan De Paz
,
Omer Yair
Track
:
Community
Format
: 40-Minute Briefings
Location
: Virtual
Timeless Timing Attacks
Speaker:
Tom Van Goethem
,
Mathy Vanhoef
Tracks
:
Network Security,
AppSec
Format
: 40-Minute Briefings
Location
: Virtual
Use & Abuse of Personal Information
Speaker:
Alan Michaels
,
Kiernan George
Tracks
:
Policy,
Human Factors
Format
: 40-Minute Briefings
Location
: Lagoon HI
Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip
Speaker:
Jiska Classen
,
Alexander Heinrich
Tracks
:
Hardware / Embedded,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
Zero - The Funniest Number in Cryptography
Speaker:
Quan Thoi Minh Nguyen
Track
:
Cryptography
Format
: 40-Minute Briefings
Location
: Lagoon FL
WEDNESDAY | 11:20AM
Breaking the Isolation: Cross-Account AWS Vulnerabilities
Speaker:
Shir Tamari
,
Ami Luttwak
Tracks
:
Cloud & Platform Security,
AppSec
Format
: 40-Minute Briefings
Location
: Virtual
Crashing Your Way to Medium-IL: Exploiting the PDB Parser for Privilege Escalation
Speaker:
Gal De Leon
Tracks
:
Exploit Development,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
Defeating a Secure Element with Multiple Laser Fault Injections
Speaker:
Olivier Heriveaux
Track
:
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Virtual
Hacking a Capsule Hotel - Ghost in the Bedrooms
Speaker:
Kya Supa
Track
:
Cyber-Physical Systems
Format
: 40-Minute Briefings
Location
: Virtual
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Speaker:
Erik Rye
,
Rob Beverly
Track
:
Network Security
Format
: 40-Minute Briefings
Location
: South Seas CD
Let's Attack Let's Encrypt
Speaker:
Haya Shulman
Tracks
:
Network Security,
Defense
Format
: 30-Minute Briefings
Location
: Virtual
MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets
Speaker:
Tal Be'ery
,
Matan Hamilis
Tracks
:
CorpSec,
Defense
Format
: 40-Minute Briefings
Location
: Virtual
Reverse Engineering the M1
Speaker:
Stan Skowronek
Track
:
Reverse Engineering
Format
: 40-Minute Briefings
Location
: South Seas AB
Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution
Speaker:
Daniele Cono D'Elia
,
Lorenzo Invidia
Tracks
:
Malware,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
Speaker:
Alexander Tereshkin
,
Alexander Matrosov
,
Adam Zabrocki
Tracks
:
Hardware / Embedded,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Lagoon HI
The Dark Age of Memory Corruption Mitigations in the Spectre Era
Speaker:
Andrea Mambretti
,
Alexandra Sandulescu
Tracks
:
Cloud & Platform Security,
Exploit Development
Format
: 40-Minute Briefings
Location
: Lagoon FL
Windows Heap-backed Pool: The Good, the Bad, and the Encoded
Speaker:
Yarden Shafir
Tracks
:
Reverse Engineering,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Zerologon: From Zero to Domain Admin by Exploiting a Crypto Bug
Speaker:
Tom Tervoort
Tracks
:
Cryptography,
CorpSec
Format
: 40-Minute Briefings
Location
: Virtual
WEDNESDAY | 1:30PM
Anatomy of Native IIS Malware
Speaker:
Zuzana Hromcova
Tracks
:
Applied Security,
Malware
Format
: 40-Minute Briefings
Location
: Virtual
A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms
Speaker:
Shir Tamari
,
Ami Luttwak
Tracks
:
CorpSec,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Lagoon HI
Another Road Leads to the Host: From a Message to VM Escape on Nvidia vGPU
Speaker:
Wenxiang Qian
Tracks
:
Exploit Development,
Network Security
Format
: 40-Minute Briefings
Location
: Virtual
Bypassing Windows Hello for Business and Pleasure
Speaker:
Omer Tsarfati
Tracks
:
Cloud & Platform Security,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Lagoon FL
Disinformation At Scale: Using GPT-3 Maliciously for Information Operations
Speaker:
Andrew Lohn
Tracks
:
AI, ML, & Data Science,
Policy
Format
: 40-Minute Briefings
Location
: Virtual
ERROR: BadAlloc! - Broken Memory Allocators Led to Millions of Vulnerable IoT and Embedded Devices
Speaker:
Omri Ben-Bassat
,
Tamir Ariel
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: South Seas AB
hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day
Speaker:
Peleg Hadar
,
Ophir Harpaz
Tracks
:
Reverse Engineering,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Next-Gen DFIR: Mass Exploits & Supplier Compromise
Speaker:
Sherri Davidoff
,
Matt Durrin
Track
:
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Virtual
President's Cup Cyber Competition: Finding the Best Cyber Talent in the US Government
Speaker:
Harry Mourtos
,
Matt Kaar
Tracks
:
Community,
Policy
Format
: 40-Minute Briefings
Location
: South Seas CD
Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros
Speaker:
Giovanni Vigna
,
Nicola Ruaro
,
Fabio Pagani
,
Stefano Ortolani
Tracks
:
Defense,
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Virtual
The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker
Speaker:
Allison Wikoff
,
Richard Emerson
Tracks
:
Human Factors,
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Virtual
Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
Speaker:
Hongli Han
,
Rong Jian
,
Xiaodong Wang
,
Peng Zhou
Tracks
:
Mobile,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Whoops, I Accidentally Helped Start the Offensive Intel Branch of a Foreign Intel Service
Speaker:
David Evenden
Tracks
:
Community,
Human Factors
Format
: 40-Minute Briefings
Location
: Virtual
WEDNESDAY | 2:30PM
Arm'd and Dangerous
Speaker:
Patrick Wardle
Tracks
:
Malware,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: South Seas AB
A Survivor-Centric, Trauma-Informed Approach to Stalkerware
Speaker:
Lodrina Cherne
,
Martijn Grooten
Tracks
:
Human Factors,
Community
Format
: 30-Minute Briefings
Location
: Virtual
Can You Roll Your Own SIEM?
Speaker:
Ethan Christ
,
Bret Rubin
Tracks
:
CorpSec,
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Virtual
Diving Into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer
Speaker:
Zhiniang Peng
,
XueFeng Li
,
Lewis Lee
Tracks
:
Applied Security,
Exploit Development
Format
: 30-Minute Briefings
Location
: Virtual
Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing
Speaker:
Andrew Case
,
Golden Richard
Tracks
:
Data Forensics & Incident Response,
Malware
Format
: 30-Minute Briefings
Location
: Virtual
How To Tame Your Unicorn - Exploring and Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
Speaker:
Daniel Komaromy
,
Lorant Szabo
Tracks
:
Mobile,
Exploit Development
Format
: 40-Minute Briefings
Location
: Lagoon HI
Internal Affairs: Hacking File System Access from the Web
Speaker:
Matthew Weeks
Track
:
AppSec
Format
: 30-Minute Briefings
Location
: Virtual
Legal Pitfalls to Avoid in Security Incidents
Speaker:
Nick Merker
Tracks
:
Data Forensics & Incident Response,
Human Factors
Format
: 30-Minute Briefings
Location
: South Seas CD
Mobius Band: Explore Hyper-V Attack Interface through Vulnerabilities Internals
Speaker:
Zhenhao Hong
,
Chuanjian Liao
Tracks
:
Cloud & Platform Security,
Reverse Engineering
Format
: 30-Minute Briefings
Location
: Virtual
Siamese Neural Networks for Detecting Brand Impersonation
Speaker:
Justin Grana
,
Yuchao Dai
,
Nitin Kumar Goel
,
Jugal Parikh
Tracks
:
AI, ML, & Data Science,
Applied Security
Format
: 30-Minute Briefings
Location
: Virtual
The Case for a National Cybersecurity Safety Board
Speaker:
Scott Shackelford
,
Christopher Hart
Track
:
Policy
Format
: 30-Minute Briefings
Location
: Virtual
Your Software IS/NOT Vulnerable: CSAF, VEX, and the Future of Advisories
Speaker:
Allan Friedman
,
Thomas Schmidt
Tracks
:
Policy,
AppSec
Format
: 30-Minute Briefings
Location
: Virtual
WEDNESDAY | 3:20PM
Breaking the Isolation: Cross-Account AWS Vulnerabilities
Speaker:
Shir Tamari
,
Ami Luttwak
Tracks
:
Cloud & Platform Security,
AppSec
Format
: 40-Minute Briefings
Location
: Lagoon FL
Bridging Security Infrastructure Between the Data Center and AWS Lambda
Speaker:
Michael Weissbacher
Tracks
:
Defense,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: South Seas CD
Certified Pre-Owned: Abusing Active Directory Certificate Services
Speaker:
Will Schroeder
,
Lee Christensen
Tracks
:
CorpSec,
Applied Security
Format
: 40-Minute Briefings
Location
: Virtual
Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild
Speaker:
Doug Bienstock
,
Josh Madeley
Tracks
:
Data Forensics & Incident Response,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
CnCHunter: An MITM-Approach to Identify Live CnC Servers
Speaker:
Ali Davanian
,
Ahmad Darki
,
Michalis Faloutsos
Tracks
:
Malware,
Network Security
Format
: 40-Minute Briefings
Location
: Virtual
DBREACH: Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics
Speaker:
Mathew Hogan
,
Saba Eskandarian
,
Yan Michalevsky
Tracks
:
Applied Security,
Cryptography
Format
: 40-Minute Briefings
Location
: Lagoon HI
Deepfake Social Engineering: Creating a Framework for Synthetic Media Social Engineering
Speaker:
Matthew Canham
Tracks
:
Human Factors,
Defense
Format
: 40-Minute Briefings
Location
: South Seas AB
Hack Different: Pwning iOS 14 with Generation Z Bugz
Speaker:
Zhi Zhou
,
JunDong Xie
Tracks
:
Mobile,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain
Speaker:
Hao Xing
,
Zekai Wu
Tracks
:
Exploit Development,
Applied Security
Format
: 40-Minute Briefings
Location
: Virtual
Put in One Bug and Pop Out More: An Effective Way of Bug Hunting in Chrome
Speaker:
Leecraso
,
Rong Jian
,
Guang Gong
Tracks
:
AppSec,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Sleight of ARM: Demystifying Intel Houdini
Speaker:
Brian Hong
Tracks
:
Reverse Engineering,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Smashing the ML Stack for Fun and Lawsuits
Speaker:
Ram Shankar Siva Kumar
,
Kendra Albert
,
Bruce Schneier
,
Jonathon Penney
Tracks
:
Policy,
AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Virtual
The Mass Effect: How Opportunistic Workers Drift into Cybercrime
Speaker:
Masarah Paquet-Clouston
,
Serge-Olivier Paquette
,
Sebastian Garcia
,
Maria Jose Erquiaga
Tracks
:
Human Factors,
AI, ML, & Data Science
Format
: 40-Minute Briefings
Location
: Virtual
WEDNESDAY | 4:20PM
Locknote: Conclusions and Key Takeaways from Day 1
Speaker:
Jeff Moss
,
Stephanie Domas
,
Jason Healey
,
Kymberlee Price
,
Neil Wyler
Track
:
Keynote
Format
: 40-Minute Briefings
Location
: Oceanside CD / Virtual
THURSDAY | 9:00AM
Keynote: Hacking the Cybersecurity Puzzle
Speaker:
Jen Easterly
Track
:
Keynote
Format
: 60-Minute Briefings
Location
: Oceanside CD / Virtual
THURSDAY | 10:20AM
5G IMSI Catchers Mirage
Speaker:
Ravishankar Borgaonkar
,
Altaf Shaik
Tracks
:
Network Security,
Mobile
Format
: 40-Minute Briefings
Location
: Virtual
A Hole in the Tube: Uncovering Vulnerabilities in Critical Infrastructure of Healthcare Facilities
Speaker:
Ben Seri
,
Barak Hadad
Tracks
:
Cyber-Physical Systems,
Network Security
Format
: 40-Minute Briefings
Location
: Virtual
Breaking Secure Bootloaders
Speaker:
Christopher Wade
Tracks
:
Hardware / Embedded,
Mobile
Format
: 40-Minute Briefings
Location
: Virtual
Bridging Security Infrastructure Between the Data Center and AWS Lambda
Speaker:
Michael Weissbacher
Tracks
:
Defense,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Can You Roll Your Own SIEM?
Speaker:
Ethan Christ
,
Bret Rubin
Tracks
:
CorpSec,
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Lagoon FL
Chip Chop - Smashing the Mobile Phone Secure Chip for Fun and Digital Forensics
Speaker:
Gunnar Alendal
Tracks
:
Mobile,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Virtual
Come to the Dark Side, We Have Apples: Turning macOS Management Evil
Speaker:
Luke Roberts
,
Calum Hall
Track
:
CorpSec
Format
: 40-Minute Briefings
Location
: Virtual
Crashing Your Way to Medium-IL: Exploiting the PDB Parser for Privilege Escalation
Speaker:
Gal De Leon
Tracks
:
Exploit Development,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: South Seas CD
Disinformation At Scale: Using GPT-3 Maliciously for Information Operations
Speaker:
Andrew Lohn
Tracks
:
AI, ML, & Data Science,
Policy
Format
: 40-Minute Briefings
Location
: South Seas AB
FragAttacks: Breaking Wi-Fi through Fragmentation and Aggregation
Speaker:
Mathy Vanhoef
Tracks
:
Cryptography,
Network Security
Format
: 40-Minute Briefings
Location
: Virtual
Greybox Program Synthesis: A New Approach to Attack Dataflow Obfuscation
Speaker:
Robin David
Tracks
:
Malware,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
Reverse Engineering the M1
Speaker:
Stan Skowronek
Track
:
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
The Devil is in the GAN: Defending Deep Generative Models Against Adversarial Attacks
Speaker:
Killian Levacher
,
Ambrish Rawat
,
Mathieu Sinn
Tracks
:
AI, ML, & Data Science,
Applied Security
Format
: 40-Minute Briefings
Location
: Virtual
Turing in a Box: Applying Artificial Intelligence as a Service to Targeted Phishing and Defending Against AI Generated Attacks
Speaker:
Eugene Lim
,
Glenice Tan
,
Tan Kee Hock
,
Timothy Lee
Track
:
Human Factors
Format
: 40-Minute Briefings
Location
: Lagoon HI
THURSDAY | 11:20AM
Action Bias and the Two Most Dangerous Words in Cybersecurity
Speaker:
Josiah Dykstra
,
Douglas Hough
Tracks
:
Human Factors,
Community
Format
: 40-Minute Briefings
Location
: Virtual
Baby Sharks: Small-Subgroup Attacks to Disrupt Large Distributed Systems
Speaker:
Omer Shlomovits
Tracks
:
Cryptography,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Bypassing Windows Hello for Business and Pleasure
Speaker:
Omer Tsarfati
Tracks
:
Cloud & Platform Security,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Virtual
ERROR: BadAlloc! - Broken Memory Allocators Led to Millions of Vulnerable IoT and Embedded Devices
Speaker:
Omri Ben-Bassat
,
Tamir Ariel
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Virtual
Hacking a Capsule Hotel - Ghost in the Bedrooms
Speaker:
Kya Supa
Track
:
Cyber-Physical Systems
Format
: 40-Minute Briefings
Location
: Lagoon FL
How To Tame Your Unicorn - Exploring and Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
Speaker:
Daniel Komaromy
,
Lorant Szabo
Tracks
:
Mobile,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
HPE iLO5 Firmware Security - Go Home Cryptoprocessor, You're Drunk!
Speaker:
Alexandre Gazet
,
Fabien Périgaud
,
Joffrey Czarny
Tracks
:
Hardware / Embedded,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
I'm a Hacker Get Me Out of Here! Breaking Network Segregation Using Esoteric Command & Control Channels
Speaker:
James Coote
,
Alfie Champion
Tracks
:
Network Security,
Defense
Format
: 40-Minute Briefings
Location
: Virtual
Sleight of ARM: Demystifying Intel Houdini
Speaker:
Brian Hong
Tracks
:
Reverse Engineering,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: South Seas AB
Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros
Speaker:
Giovanni Vigna
,
Nicola Ruaro
,
Fabio Pagani
,
Stefano Ortolani
Tracks
:
Defense,
Data Forensics & Incident Response
Format
: 40-Minute Briefings
Location
: Lagoon HI
The Ripple Effect: Building a Diverse Security Research Team
Speaker:
Oryan De Paz
,
Omer Yair
Track
:
Community
Format
: 40-Minute Briefings
Location
: South Seas CD
The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures
Speaker:
Sheila A. Berta
Tracks
:
Defense,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
With Friends Like eBPF, Who Needs Enemies?
Speaker:
Guillaume Fournier
,
Sylvain Afchain
,
Sylvain Baubeau
Tracks
:
Malware,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
THURSDAY | 1:30PM
A Broken Chain: Discovering OPC UA Attack Surface and Exploiting the Supply Chain
Speaker:
Eran Jacob
Tracks
:
Cyber-Physical Systems,
Hardware / Embedded
Format
: 40-Minute Briefings
Location
: Lagoon HI
Arm'd and Dangerous
Speaker:
Patrick Wardle
Tracks
:
Malware,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: Virtual
Certified Pre-Owned: Abusing Active Directory Certificate Services
Speaker:
Will Schroeder
,
Lee Christensen
Tracks
:
CorpSec,
Applied Security
Format
: 40-Minute Briefings
Location
: South Seas AB
Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild
Speaker:
Doug Bienstock
,
Josh Madeley
Tracks
:
Data Forensics & Incident Response,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Lagoon FL
DBREACH: Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics
Speaker:
Mathew Hogan
,
Saba Eskandarian
,
Yan Michalevsky
Tracks
:
Applied Security,
Cryptography
Format
: 40-Minute Briefings
Location
: Virtual
Deepfake Social Engineering: Creating a Framework for Synthetic Media Social Engineering
Speaker:
Matthew Canham
Tracks
:
Human Factors,
Defense
Format
: 40-Minute Briefings
Location
: Virtual
Everything has Changed in iOS 14, but Jailbreak is Eternal
Speaker:
Zuozhi Fan
Tracks
:
Exploit Development,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
HTTP/2: The Sequel is Always Worse
Speaker:
James Kettle
Tracks
:
AppSec,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Speaker:
Erik Rye
,
Rob Beverly
Track
:
Network Security
Format
: 40-Minute Briefings
Location
: Virtual
Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
Speaker:
Alexander Tereshkin
,
Alexander Matrosov
,
Adam Zabrocki
Tracks
:
Hardware / Embedded,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Securing Open Source Software - End-to-End, at Massive Scale, Together
Speaker:
Jennifer Fernick
,
Christopher Robinson
Tracks
:
Community,
CorpSec
Format
: 40-Minute Briefings
Location
: Virtual
Small Wonder: Uncovering Planned Obsolescence Practices in Robotics and What This Means for Cybersecurity
Speaker:
Víctor Mayoral-Vilches
,
Federico Maggi
Track
:
Cyber-Physical Systems
Format
: 40-Minute Briefings
Location
: Virtual
Windows Heap-backed Pool: The Good, the Bad, and the Encoded
Speaker:
Yarden Shafir
Tracks
:
Reverse Engineering,
Exploit Development
Format
: 40-Minute Briefings
Location
: South Seas CD
THURSDAY | 2:30PM
A Survivor-Centric, Trauma-Informed Approach to Stalkerware
Speaker:
Lodrina Cherne
,
Martijn Grooten
Tracks
:
Human Factors,
Community
Format
: 30-Minute Briefings
Location
: South Seas CD
Bam the BAM - Electromagnetic Fault Injection & Automotive Systems
Speaker:
Colin OFlynn
Tracks
:
Hardware / Embedded,
Cyber-Physical Systems
Format
: 30-Minute Briefings
Location
: Virtual
Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
Speaker:
Natalie Silvanovich
Tracks
:
Mobile,
AppSec
Format
: 30-Minute Briefings
Location
: Virtual
Demystify AI Security Products With a Universal Pluggable XAI Translator
Speaker:
Kailiang Ying
,
Tongbo Luo
,
Xinyu Xing
,
Xuguang (Luke) Liu
Tracks
:
AI, ML, & Data Science,
Applied Security
Format
: 30-Minute Briefings
Location
: Virtual
Exploiting Windows COM/WinRT Services
Speaker:
XueFeng Li
,
Zhiniang Peng
Tracks
:
Applied Security,
Exploit Development
Format
: 30-Minute Briefings
Location
: Virtual
Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing
Speaker:
Andrew Case
,
Golden Richard
Tracks
:
Data Forensics & Incident Response,
Malware
Format
: 30-Minute Briefings
Location
: South Seas AB
Generating YARA Rules by Classifying Malicious Byte Sequences
Speaker:
Andrew Davis
Tracks
:
AI, ML, & Data Science,
Malware
Format
: 30-Minute Briefings
Location
: Virtual
Government-Mandated Front Doors?: A Global Assessment of Legalized Government Access to Data
Speaker:
Andrea Little Limbago
Tracks
:
Policy,
Community
Format
: 30-Minute Briefings
Location
: Virtual
Internal Affairs: Hacking File System Access from the Web
Speaker:
Matthew Weeks
Track
:
AppSec
Format
: 30-Minute Briefings
Location
: Lagoon HI
Legal Pitfalls to Avoid in Security Incidents
Speaker:
Nick Merker
Tracks
:
Data Forensics & Incident Response,
Human Factors
Format
: 30-Minute Briefings
Location
: Virtual
Qualcomm WiFi: Infinity War
Speaker:
Haikuo Xie
Track
:
Reverse Engineering
Format
: 30-Minute Briefings
Location
: Virtual
Turing in a Box: Applying Artificial Intelligence as a Service to Targeted Phishing and Defending Against AI Generated Attacks
Speaker:
Eugene Lim
,
Glenice Tan
,
Tan Kee Hock
,
Timothy Lee
Track
:
Human Factors
Format
: 40-Minute Briefings
Location
: Virtual
THURSDAY | 3:20PM
Alcatraz: A Practical Hypervisor Sandbox to Prevent Escapes from the KVM/QEMU and KVM-Based MicroVMs
Speaker:
Seunghun Han
Tracks
:
Defense,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
Arm'd and Dangerous
Speaker:
Patrick Wardle
Tracks
:
Malware,
Reverse Engineering
Format
: 40-Minute Briefings
Location
: South Seas CD
Back in Black Hat: The 7th Annual Black Hat USA NOC Report
Speaker:
Neil Wyler
,
Bart Stump
Tracks
:
Network Security,
Applied Security
Format
: 40-Minute Briefings
Location
: Oceanside CD / Virtual
CnCHunter: An MITM-Approach to Identify Live CnC Servers
Speaker:
Ali Davanian
,
Ahmad Darki
,
Michalis Faloutsos
Tracks
:
Malware,
Network Security
Format
: 40-Minute Briefings
Location
: South Seas AB
Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones
Speaker:
Marco Grassi
,
Xingyu Chen
Tracks
:
Exploit Development,
Mobile
Format
: 40-Minute Briefings
Location
: Virtual
PCIe Device Attacks: Beyond DMA. Exploiting PCIe Switches, Messages and Errors
Speaker:
Hareesh Khattri
,
Nagaraju N Kodalapura
,
Nam N Nguyen
Tracks
:
Hardware / Embedded,
Cloud & Platform Security
Format
: 40-Minute Briefings
Location
: Virtual
President's Cup Cyber Competition: Finding the Best Cyber Talent in the US Government
Speaker:
Harry Mourtos
,
Matt Kaar
Tracks
:
Community,
Policy
Format
: 40-Minute Briefings
Location
: Virtual
ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!
Speaker:
Orange Tsai
Tracks
:
AppSec,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
The Dark Age of Memory Corruption Mitigations in the Spectre Era
Speaker:
Andrea Mambretti
,
Alexandra Sandulescu
Tracks
:
Cloud & Platform Security,
Exploit Development
Format
: 40-Minute Briefings
Location
: Virtual
Use & Abuse of Personal Information
Speaker:
Alan Michaels
,
Kiernan George
Tracks
:
Policy,
Human Factors
Format
: 40-Minute Briefings
Location
: Virtual
Zero - The Funniest Number in Cryptography
Speaker:
Quan Thoi Minh Nguyen
Track
:
Cryptography
Format
: 40-Minute Briefings
Location
: Virtual
THURSDAY | 4:20PM
Keynote: Secretary Alejandro Mayorkas
Speaker:
Alejandro Mayorkas
Track
:
Keynote
Format
: 40-Minute Briefings
Location
: Oceanside CD / Virtual