Top 10 Must-See Black Hat 2016 Briefings

black hat 4.jpg

Here are a few briefings which caught our eye whilst scanning the schedule at this year’s annual infosec gathering.


The Blackhat USA 2016 conference plays host to a wide variety of trainings and in-depth briefings to entice all levels of information security professionals, public figures and field experts. The briefings will take place on the 3rd and 4th of Aug, and ten briefings jumped off the list as the ones to look out for (in our humble opinion).

1000 Ways to Die in Mobile OAuth
As we all know, OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The briefing attendees will be shown several representative cases to concretely explain how real implementations fall into pitfalls. This 50 min session will be delivered by an expert panel comprising of:
Eric Chen  |  Software Engineer, Gridspace
Patrick Tague  |  Associate Research Professor, Carnegie Mellon University
Robert Kotcher  |  Software Engineer, Expii
Shuo Chen  |  Senior Researcher, Microsoft Research
Yuan Tian  |  Ph.D candidate, Carnegie Mellon University
Yutong Pei  |  Software Engineer, Uber

Breaking FIDO: Are Exploits in There? 
This 25-minute session looks at vulnerabilities hidden in FIDO deployments, how difficult they are to exploit, and how enterprises and organizations can protect themselves. What is the best mouse trap? Jerrod Chong VP, Solutions Engineering at Yubico is the master of ceremonies and the topics he’ll discuss include: security soft spots for potential exploitation; man-in-the-middle attacks; exploits aimed at supporting architecture; and compromises targeting physical hardware

Watching Commodity Malware Get Sold to a Targeted Actor
The point of focus during this session: What measures can be taken to detect that a commodity threat is going through a migration process? This brief but in-depth delivery demonstrating the procedures and techniques used by cyber criminals as they migrate compromised endpoints from the "commodity" threat platform to the valuable-target's platform. This session will be led by Israel Barak, Head of Incident Response at Cybereason.

The Remote Malicious Butler Did It!
Following last years ‘Evil Maid’ attack covered by Ian Haken in his talk "Bypassing Local Windows Authentication to Defeat Full Disk Encryption", Chaim Hoch, Security Researcher at Microsoft, will unlock the codes and reveal the "Remote Malicious Butler" attack, which shows how attackers can perform such an attack, remotely, to take complete control over a target multiple times without the owner's knowledge. 

 $hell on Earth: From Browser to System Compromise
This presentation panel is comprised of ¬the following experts:
Abdul-Aziz Hariri  |  Security Researcher, Trend Micro - Zero Day Initiative
Jasiel Spelman  |  Security Researcher, Trend Micro - Zero Day Initiative
Joshua Smith  |  Senior Security Researcher, Trend Micro - Zero Day Initiative
Matt Molinyawe  |  Security Researcher, Trend Micro - Zero Day Initiative
The group will detail the exploitation chains demonstrated at this year's Pwn2Own contest. Covering topics such as modern browser exploitation to the simplicity of exploiting logic errors, these guys have it all covered here. They’ll analyze all causes, techniques, and possible remedies for the vulnerabilities presented.

A Lightbulb Worm? 
Colin O'Flynn, C.T.O at NewAE Technology Inc., asks the question -- Could a worm spread through a smart light network? Topics for discussion during this 25-minute briefing include: attacking IoT/embedded hardware devices; how to bypass encrypted bootloaders; and details on the firmware in multiple versions of the Philips Hue smart lamps and bridges. Surely an interesting listen, especially if you’ve connected your home gadgets to the Internet.

Does Dropping USB Drives in Parking Lots and Other Places Really Work?
Come on, we’ve all heard it before – it’s also been discussed at previous Black Hat Briefings. Does it work or is it just a myth? Filed under the ‘Human Factors’ track at this year’s briefing, Elie Bursztein, Anti-fraud and abuse research lead at Google, delves into the answer. If physical security floats your boat, come and listen to an in-depth analysis of which factors influence users to pick up a drive and why they plug them in. There’ll also be a demo of a new tool that can help mitigate USB attacks. 

Captain Hook: Pirating AVs to Bypass Exploit Mitigations
In this talk the spotlight will be put on various hooking engines and six, yes six, security issues will be revealed. Join Tomer Bitton,  VP Research and co-founder at enSilo, and Udi Yavo, CTO and co-founder, also at enSilo. take a close look at a vulnerability appearing in the most popular commercial hooking engine of a large vendor. Arrrh mateys, come drop an anchor and listen to what these guys have to say!

Cyber War in Perspective: Analysis from the Crisis in Ukraine
“Cyber war” continues to rage between Russia and Ukraine, both contesting for the top geopolitical stakes. Kenneth Geers, Professor at NATO Cyber Centre, offers an insight into these questions: What are the political and military limits to digital operations in peacetime and war? Does computer hacking in such a field have strategic effects? Join this soldier in this fascinating battlefield to find out more. 

I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache
The decompression bomb is a very real attack — it's been around since at least 1996 — but unfortunately they are devastating and costly to developers who have not properly guarded their applications against this intrusion. If zip bombs and algorithms are for you, then join Cara Marie, Senior Security Consultant at NCC Group, and watch her steer attendees on the right line of clarity during this 25-minute session. 

The above is just a sample of some of the great briefings on offer over the proceedings. Which ones have caught your eye? For a full list please visit https://www.blackhat.com/us-16/briefings.html.

And, of course, be sure to stay tuned to IT Security Planet’s Black Hat coverage page for the latest on the trainings, briefings, news, announcements, photos, and more.