With Black Hat USA 2015 starting in just a few days, we've got a shortlist of the hottest talks slated for this year's largest domestic professional infosec conference.
Black Hat turns 18 as it returns to Las Vegas from August 1-6 -- for six days of trainings, over 100 talks, acres of booths and displays in the Expo Hall, all the biggest company names in information security on display... and a smorgasbord of events tailored to hackers, corporate information security professionals, and government infosec pros.
This year's lineup of must-see presentations is overwhelming, and there are dozens upon dozens of critical, newsworthy talks to choose from -- and if you're attending in any capacity, making your final decisions on talks won't be easy.
We recommend using our short list below as a starting point to inspire your planning. Speaking of planning ahead, we also recommend that you peruse Rapid7's Black Hat Attendee Guide, covering general survival, how to get the most out of talks, networking and more.
Black Hat USA's 2015 topics read like a what's-what of everything important to those working in today's most-watched business sector -- information security and technology.
Hot themes include request forgery, threat intel, machine learning, data exfiltration, ransomware, fuzzing, car hacking, and -- of course -- enough talks to make you think that Mandalay Bay is offering an all-you-can-eat malware buffet. Oh, and don't forget this year's Pwnie Awards, featuring both OPM and Ashley Madison in a neck-and-neck nomination for Most Epic FAIL.
Here's our cherry-picked shortlist of hot talks to see at Black Hat USA 2015.
BANKING AND POINT OF SALE
Speaker: Sean Park
Overview: Most security products and financial institutions defending against banking malware rely on online banking page integrity check to detect the presence of financial malware; this purely web-based page integrity check can be subverted in many ways. This presentation covers evasion techniques such as replay attack, polymorphism, inject randomisation, and DOM stealth rootkit as well as countermeasures for those in clientless way. The presentation also includes a novel method derived from Zero Knowledge Protocol that prevents banking malware from reverse engineering secrets transmitted between an online banking client and its server by eaves dropping HTTPS traffic.
Speaker: Peter Fillmore
Overview: This talk answers these questions by taking you through how NFC payments (Apple Pay, Google Wallet, etc.) work and how you can perform fraudulent transactions with just an off-the-shelf phone and a little bit of software." See also: Mobile Point Of Scam: Attacking The Square Reader "We identify a number of vulnerabilities in the device that allow both malicious merchants and third parties to initiate fraudulent transactions and, with minor device modification, skim credit card information of unsuspecting customers.
Talk: Zigbee Exploited The Good The Bad And The Ugly
Speakers: Tobias Zillner, Sebastian Strobl
Overview: ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have, for example, a smart light bulb at home, the chance is very high that you are actually using ZigBee (as well as utility industry Smart Meters). So, is a ZigBee home automation network with applied security and smart home communication protected? No, absolutely not. Due to interoperability and compatibility requirements, as well as the application of legacy security concepts, it is possible to compromise ZigBee networks and take over control of all connected devices. Talk includes practical exploitations of actual product vulnerabilities.
Speakers: Trammell Hudson, Xeno Kovah, Corey Kallenberg
Overview: This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.
CRIME AND INFOSEC
Talk: BGP Stream
Speakers: Dan Hubbard, Andree Toonk
Overview: Awesome for watching bad people reroute internet traffic on a colossal scale: BGP is the fabric of routing on the Internet today. Throughout the last couple years there have been several large scale BGP incidents, such as outages and hijacks of networks that have been done using BGP. These include government sponsored regimes taking entire countries offline and criminals routing traffic for profit. Today, we are announcing BGP Stream. This stream will be publishing on Twitter and open to everyone with a goal of announcing potentially malicious BGP/ASN data. By subscribing to the stream one can monitor and alert potentially damaging network changes that affect traffic flows.
Speakers: Dean Sysman, Gadi Evron, Itamar Sher
Overview: We will detect, bypass, and abuse honeypot technologies and solutions, turning them against the defender. We will also release a global map of honeypot deployments, honeypot detection vulnerabilities, and supporting code." See also, juxtaposed: Bring Back The Honeypots
Speakers: Trey Ford, Kevin Bankston, Rebekah Brown, Brian Engle, Mark Hammell
Overview: Sharing information isn't hard - getting past backroom deals, NDAs and approval from general counsel is *very hard*. This topic is not two-dimensional, even if we are quick to weigh data sharing in the face of data breaches, and the US has several pieces of legislation in play on this *right now*.
Speaker: Leonard Bailey
Overview: What would happen if Black Hat invited the Department of Justice (DOJ) to give us a better understanding of the Computer Fraud and Abuse Act (or "CFAA") and explain how federal prosecutors use it and the DOJ actually showed up? Attendees will hear directly from a Department of Justice's Computer Crime & Intellectual Property Section Prosecutor explaining the CFAA in plain English and breaking down the process for deciding whether to bring charges in federal hacking cases. Seating will be limited.
ESPIONAGE AND SPYING
Speaker(s): Yu Yu
Overview: In this presentation, we show how to amount differential power analysis that recovers encryption key and other secrets in a divide-and-conquer manner within a few (10 to 40) minutes, allowing for SIM cards cloning. Our experiments succeeded on eight 3G/4G SIM cards from a variety of operators and manufacturers.
Speaker: Ang Cui
Overview: The Funtenna technique is hardware agnostic, can operate within nearly all modern computer systems and embedded devices, and is specifically intended to operate within hardware not designed to to act as RF transmitters. We believe that Funtenna is an advancement of current state-of-the-art covert wireless exfiltration technologies; Funtenna offers comparable exfiltration capabilities to RF-based retro-reflectors, but can be realized without the need for physical implantation and illumination. Lastly, we demonstrate implementations of Funtenna as small software implants within several ubiquitous embedded devices, such as VoIP phones and printers, and in common computer peripherals, such as hard disks, console ports, network interface cards and more.
Speakers: Morgan Marquis-Boire, Marion Marschalek, Claudio Guarnieri
Overview: The security industry focus on state-sponsored espionage is a relatively recent phenomenon. We will focus on the attribution problem and present a novel approach on creating credible links between binaries originating from the same group of authors. Our goal is to add to transparency in attribution and supply analysts with a tool to emphasize or deny vendor statements. The technique is based on features derived from different domains, such as implementation details, applied evasion techniques, classical malware traits or infrastructure attributes; which are then leveraged to compare the handwriting among binaries.