Black Hat USA 2014 hosted over 9,000 attendees in Las Vegas last week and featured 110 highly informative briefings.
Don't fret if you missed it: Some of BHUSA's best talks have now been uploaded to YouTube.
In addition, Black Hat has been busy collecting as many white papers and presentation materials as they can get from all 180 presenters, and you can find links to everything currently available on the BHUSA 2014 Archives page.
Previous Black Hat USA 2014 coverage:
- Best in Show: Black Hat USA 2014
- Yahoo CISO: End-to-end Mail encryption by 2015
- Nest, Tor and more: Hot talks, cool hacks at Black Hat USA 2014
As a bonus, dozens of Black Hat Asia 2014's videos were also quietly added (in full) to the BH official YouTube channel.
Not sure where to start? Let us be your humble, delighted guide with our shortlist below.
Keynote: Cybersecurity as Realpolitik
It was strongly praised and strongly criticized -- but everyone agrees that CIA security chief Dan Geer's keynote was provocative.
ICYMI, our co-founder @fun_cuddles dissects Dan Geer's keynote at #BHUSA earlier this week: http://t.co/AIr8jbPe6o
— Threat Stack, Inc (@threatstack) August 13, 2014
Decide for yourself and watch the Cybersecurity as Realpolitik video, or read the transcript in full here.
Talk: BadUSB: On Accessories That Turn Evil
Yes, that innocuous seeming little USB stick is one of enterprise's newest threats. Karsten Nohl and Jakob Lell's presentation was among the most talked-about briefings at the conference.
You can watch BadUSB - On Accessories that Turn Evil on YouTube. Their talk introduced a new form of malware that operates from controller chips inside USB devices.
Talk: Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol
In the arena of mobile threats, we were excited about Mathew Solnik and Marc Blanchou's talk and they didn't disappoint.
Watch Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol, for a sobering look at what they found reverse-engineering and deconstructing these hidden controls.
See also: The presentation .pdf slides for Android FakeID Vulnerability Walkthrough
Talk: Mission mPOSsible
We don't need another Target hack to tell us that payment system threats are no laughing matter, no matter what the target's name is.
Eagerly awaited and packed with information, Nils and Jon Butler's Mission mPOSsible talk on YouTube should be watched by anyone with chip-and-pin payments in any link of their business chain.
See also: The presentation .pdf slides for A Journey to Protect Points of Sale
Talk:SATCOM Terminals: Hacking by Air, Sea and Land
Ruben Santamarta's briefing showcased the threat arena for Satellite Communications (SATCOM) and how communications equipment used on airplanes and ships can be abused with something as simple as an SMS.
We'd consider the SATCOM Terminals: Hacking by Air, Sea, and Land video to be especially important to include in shipping security tactical considerations and their solutions.
See also: Santamarta's SATCOM Hacking whitepaper and presentation slides.
Talk:Breaking the Security of Physical Devices
Australian researcher Silvio Cesare examines common devices such as home alarm systems and shows how to unlock them.
The most discussed part of the Breaking the Security of Physical Devices video starts at around 33:00, where he demonstrates how he spoofed a wireless car key fob to unlock his car without the key -- more than once.
Talk: Bringing Software Defined Radio to the Penetration Testing Community
In the video of Bringing Software Defined Radio to the Penetration Testing Community, the researchers make a serious case for the necessity of attention by pentesters to not only expand any wireless testing they're already doing, but to also provide a toolset for pentesters who don't know wireless pentesting in depth but want to add it to their arsenal. If this intrigues you, don't miss the .pdf of their presentation slides and downloadable toolkit.
See also: The .pdf presentation slides for Hacking the Wireless World With Software Defined Radio - 2.0
Talk materials our readers may also find interesting:
- Full briefing slides and whitepaper for Smart Nest Thermostat: A Smart Spy in Your Home
- The .pdf presentation slides (and toolkit) for Bitcoin Transaction Malleability Theory in Practice
- The video, .pdf slides and whitepaper for Jason Healy's "Saving Cyberspace"
- Fun with forensics: The whitepapaer and .pdf presentation slides for GRR: Find All the Badness, Collect All the Things
- The whitepapaer and .pdf presentation slides for How to Leak a 100 Million Node Social Graph in Just One Week: A Reflection on OAuth and API design in Online Social Networks
- The whitepapaer and .pdf presentation slides for ;Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies
- Intruders in the cloud: Whitepaper, .pdf slides and toolkits from Pivoting in Amazon Clouds
- The slides from Can A Weapon Get Past TSA?
FYI: All Black Hat USA 2014 and DEFCON 22 talks can be ordered here. Photo credit: Image courtesy of Black Hat USA/UBM Tech, used with permission.