logo

2022-07-31 ~ 2022-08-07

Presentations (with video): 101 (96)

Now in its 25th year, Black Hat USA is excited to present a unique hybrid event experience, offering the cybersecurity community a choice in how they wish to participate. Black Hat USA 2022 will open with four days of Trainings (August 6-11). The two-day main conference (August 10-11) featuring Briefings, Arsenal, Business Hall, and more will be a hybrid event—offering both a Virtual (online) Event and a Live, In-Person Event in Las Vegas. See the Conference Highlights below for more details.

Sort by:  

Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the discovery of 8 zero-day vulnerabilities in the LNL-4420 access control panel, leading to full system control and the ability to remotely manipulate door locks. The vulnerabilities were found by Trellix's Threat Labs team and could be exploited without access to the system firmware. The presentation also highlights the potential impact of such vulnerabilities on various industries and the need for timely updates and patches.
  • Trellix's Threat Labs team discovered 8 zero-day vulnerabilities in the LNL-4420 access control panel
  • The vulnerabilities could be exploited remotely without access to the system firmware
  • The vulnerabilities allowed for full system control and remote manipulation of door locks
  • The presentation includes a live demo of the exploit
  • The access control panel is widely used across multiple industries, including education, real estate, healthcare, transportation, and government facilities
  • Over 20 OEM partner vendors were also found to be vulnerable to the same issue
  • The presentation emphasizes the need for timely updates and patches to prevent such vulnerabilities
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the development of CastGuard, a technology aimed at solving illegal static downcasts in C++ to mitigate type confusion vulnerabilities. The technology is performant and has minimal impact on binary size and optimization. It is currently being tested in Hyper-V and will be rolled out to other Windows components in the future.
  • Type confusion vulnerabilities are a significant bug class that can weaken security and bypass mitigations like memory tagging and hardware solutions.
  • CastGuard is a technology developed to solve illegal static downcasts in C++ to mitigate type confusion vulnerabilities.
  • Dynamic cast, the current solution for downcasts, is difficult to apply to a large code base and has significant overhead.
  • CastGuard is performant, has minimal impact on binary size and optimization, and can potentially be used to accelerate Dynamic cast.
  • CastGuard is currently being tested in Hyper-V and will be rolled out to other Windows components in the future.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses vulnerabilities found in Wi-Fi chips and how they can be exploited to gain access to sensitive information.
  • The configuration of the immuno can be modified to perform DMA attacks to read and write anywhere in the main physical memory
  • The IUN menu is a way to protect against DMA attacks, but it is not available by default on Ubuntu
  • A basic stat buffer overflow can be used to gain access to the Wi-Fi chip
  • Debug mode can be enabled to gain full distribution access
  • The loader used to load firmware onto the chip can be exploited to perform a time of chat to time of fuse attack
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses various vulnerabilities and exploits in Cisco's Adaptive Security Appliance (ASA) and Firepower module, including man-in-the-middle attacks, credential leaks, code signing issues, and hard-coded credentials. The speaker demonstrates how an attacker can gain root access and persistence on the network through these vulnerabilities.
  • The speaker demonstrates how to exploit a man-in-the-middle vulnerability in the ASA's Adaptive Security Device Manager (ASDM) to steal credentials and gain access to the network.
  • The speaker shows how to use hard-coded credentials to gain root access to the Firepower module's boot image and install malicious code.
  • The speaker also discusses how to modify the Firepower install packages to install malicious code and trick victims into installing them.
  • Mitigations include disabling the ASDM feature, rotating passwords, and retiring/replacing the Firepower module.
  • The presentation emphasizes the importance of applying mitigating controls when patching is not an option.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation introduces a new exploitation method called 'The Requiem' which swaps kernel credentials to escalate privileges. It is a generic and effective method that can bypass CFI and work across different kernel versions and architectures. The presentation also discusses the importance of data-only attacks and the need for mitigations to protect data-only integrity.
  • The Requiem is a generic and effective exploitation method that swaps kernel credentials to escalate privileges
  • It can bypass CFI and work across different kernel versions and architectures
  • Data-only attacks are powerful and can write universal exploits without dealing with CFI and ROP
  • Mitigations in Linux kernel mostly focus on protecting control flow integrity, but there is a need for mitigations to protect data-only integrity
  • The Requiem can actively escape from containers, which is not possible with Dirty Pipe
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the development of an open-source iOS emulator for research purposes, with a focus on kernel debugging and fuzzing.
  • The iOS emulator was developed to address the challenges posed by real devices, which are expensive, rare, and highly secure.
  • The emulator aims to model actual hardware as closely as possible and supports a wide range of iOS versions, including iOS 14 to iOS 16.
  • The emulator also supports custom CPU features by Apple and USB support, and allows for easy kernel debugging and fuzzing.
  • The development process involved reverse engineering the device tree and building a stop model, followed by dynamic and static reverse engineering to understand hardware behavior and write emulation code.
  • The emulator is open source and available for use in research.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the attack surface of the Hyper-V component and how to find vulnerabilities through fasting.
  • Hyper-V component has a large attack surface that is still being updated
  • Fasting is an efficient way to find vulnerabilities in the component
  • CVE20221898 is an example of an arbitrary address right vulnerability in the DSGK VMP command Summit
  • The major functions of the faster are the agent layer and the New Zealand part
  • Application scenarios for the Happy Returns component include Windows sandbox and homeowners to emulate
  • The presentation includes an overview of the Hyper-V component architecture and how to enable it in the virtual machine configuration
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the vulnerability of Spectre and the effectiveness of the defenses released by vendors to prevent cross-privileged level data leaks. The presenters introduce a new primitive called branch history injection and demonstrate how it can be exploited to bypass the defenses.
  • Spectre is a vulnerability that affects most modern CPUs and allows attackers to leak data across privileged levels
  • Vendors released software and other defenses to prevent cross-privileged level data leaks
  • The presenters tested the effectiveness of these defenses and found that they can be bypassed
  • The presenters introduce a new primitive called branch history injection that can be used to bypass the defenses
  • The presenters demonstrate how branch history injection can be exploited to leak kernel data
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the issue of code theft and provides solutions for both developers and corporations to prevent and resolve such incidents.
  • Developers should be proactive in protecting their code and use methods to detect if companies are stealing their work
  • Corporations should educate their employees on the issue of code theft and implement internal procedures to detect and prevent it
  • Reaching out professionally and having a legal team can lead to amicable resolutions and win-win situations
  • Anecdotes and examples are provided to illustrate the importance of taking action to prevent and resolve code theft
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the detection and analysis of Windows LP vulnerabilities and provides insights into future trends of in the wild Windows LP 0-day.
  • The presentation shares three cases of Windows LP vulnerabilities that were caught and analyzed.
  • The presentation provides detection suggestions for Windows LP vulnerabilities.
  • Insights into future trends of in the wild Windows LP 0-day are discussed.
Tags: