logo

2022-07-31 ~ 2022-08-07

Presentations (with video): 101 (96)

Now in its 25th year, Black Hat USA is excited to present a unique hybrid event experience, offering the cybersecurity community a choice in how they wish to participate. Black Hat USA 2022 will open with four days of Trainings (August 6-11). The two-day main conference (August 10-11) featuring Briefings, Arsenal, Business Hall, and more will be a hybrid event—offering both a Virtual (online) Event and a Live, In-Person Event in Las Vegas. See the Conference Highlights below for more details.

Sort by:  

Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the implementation of SVIP, a security solution that provides integrity to kernel transitions and origin checks to prevent system call attacks.
  • SVIP provides integrity to kernel transitions that cannot be achieved with CFI or SECCOMP
  • SVIP also provides security via Cisco Transitions and origin checks
  • SVIP reduces the number of average transitions from 107 to 74 and the number of average system call locations from 107 to 3
  • SVIP is fully automated and has minimal runtime overhead
  • The presentation also discusses return-oriented programming and how it can be exploited by attackers using existing code in an application to perform system calls
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

Stanza smuggling attacks are a dangerous and underexplored attack surface in XMPP protocol that can be found using fuzzing. These attacks can lead to message spoofing, interception of private communication, and even zero-click RCE.
  • Stanza smuggling attacks are a dangerous and underexplored attack surface in XMPP protocol
  • Fuzzing can be used to find these types of attacks
  • Stanza smuggling attacks can lead to message spoofing, interception of private communication, and even zero-click RCE
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the issue of container escape in Kubernetes and its potential impact on the entire cluster. The speaker emphasizes the importance of monitoring and limiting powerful permissions in the cluster to prevent container escape and recommends separating powerful pods from untrusted or publicly exposed pods.
  • Container escape is a vulnerability in Kubernetes that allows an attacker to take over the underlying host by exploiting a kernel vulnerability or misconfiguration.
  • Container escape can lead to the compromise of the entire node or even the entire cluster.
  • Monitoring and limiting powerful permissions in the cluster can help prevent container escape.
  • Separating powerful pods from untrusted or publicly exposed pods can also limit the impact of container escape.
  • Audit and admission policies can be used to detect and prevent some attacks.
  • Kubernetes uses authentication and authorization to control access to resources.
  • An anecdote is not provided.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses vulnerabilities in managed database services and the need for better security measures.
  • Managed database services are vulnerable to attacks due to their multi-tenant nature and simple permission models
  • Cloud providers modify open source database solutions to provide admin capabilities while protecting the underlying compute
  • Modifications can introduce new vulnerabilities and potential attack surfaces
  • The presentation highlights vulnerabilities in Google Cloud SQL and demonstrates how to execute code via SQL queries
  • Better security measures are needed to protect managed database services
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The keynote speaker discusses the evolution of cybersecurity since the discovery of Stuxnet and Aurora campaigns, and the need to pay attention to signals that portend future threats.
  • Stuxnet and Aurora campaigns highlighted vulnerabilities in critical infrastructure and launched a new era of massive espionage and supply-chain hacks
  • Despite advancements in cybersecurity, the world is still surprised by predictable threats
  • Threat actors are becoming more sophisticated and consequential
  • New signals in Ukraine, Iran, and the US portend future threats
  • It's important to pay attention to these signals and be prepared for future threats
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the development of CastGuard, a technology aimed at solving illegal static downcasts in C++ to mitigate type confusion vulnerabilities. The technology is performant and has minimal impact on binary size and optimization. It is currently being tested in Hyper-V and will be rolled out to other Windows components in the future.
  • Type confusion vulnerabilities are a significant bug class that can weaken security and bypass mitigations like memory tagging and hardware solutions.
  • CastGuard is a technology developed to solve illegal static downcasts in C++ to mitigate type confusion vulnerabilities.
  • Dynamic cast, the current solution for downcasts, is difficult to apply to a large code base and has significant overhead.
  • CastGuard is performant, has minimal impact on binary size and optimization, and can potentially be used to accelerate Dynamic cast.
  • CastGuard is currently being tested in Hyper-V and will be rolled out to other Windows components in the future.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses vulnerabilities found in Wi-Fi chips and how they can be exploited to gain access to sensitive information.
  • The configuration of the immuno can be modified to perform DMA attacks to read and write anywhere in the main physical memory
  • The IUN menu is a way to protect against DMA attacks, but it is not available by default on Ubuntu
  • A basic stat buffer overflow can be used to gain access to the Wi-Fi chip
  • Debug mode can be enabled to gain full distribution access
  • The loader used to load firmware onto the chip can be exploited to perform a time of chat to time of fuse attack
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

Process Injection: Breaking All macOS Security Layers With a Single Vulnerability
  • macOS local security is shifting towards the iOS model with every application being codesigned, sandboxed, and requiring permission to access data and features
  • New security layers have been added to make it harder for malware to compromise sensitive data
  • Process injection vulnerabilities can be used to break security boundaries between processes
  • CVE-2021-30873 was a process injection vulnerability affecting all macOS applications
  • The vulnerability was addressed in the macOS Monterey update from October 2021, but fixing it requires changes to all third-party applications
  • The vulnerability was exploited to escape the macOS sandbox, elevate privileges to root, and bypass SIP
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The presentation discusses the importance of addressing side-channel attacks in hardware design and the need for countermeasures testing in simulation.
  • Security is a fourth dimension in power performance area and comes at a cost.
  • Trade-offs between security and cost must be made by designers.
  • Simulations are limited by CPU cores and design size.
  • Manual review of designs is insufficient and statistics simulations are necessary.
  • Countermeasure testing in simulation is important to address side-channel attacks.
  • Masking is a common countermeasure that can be implemented in AES design.
  • Optimization by synthesis tools can throw off countermeasures.
  • Insight into design can help identify and fix leakage points.
Tags:
Conference:  Black Hat USA 2022
Authors:
2022-08-11

tldr - powered by Generative AI

The emerging technology of blockchain and cryptocurrency presents unique security challenges due to inexperienced developers creating financial products on emerging platforms with high public exposure and unexplored attack surfaces.
  • Emerging technology involves a combination of traditional technology experience and something new, leading to a trade-off of known issues for unknown issues and complexities.
  • The blockchain and cryptocurrency space has seen billions of dollars in illicit transactions and theft, leading to increased regulation.
  • Inexperienced developers are creating financial products on emerging platforms with high public exposure and unexplored attack surfaces, leading to a high cost of failure and low exploitation effort and time.
  • Everyone in the space is acting as their own bank, including projects, which leads to high impact when things get hacked.
  • Recommendations include getting security professionals more involved, implementing threat modeling and static analysis, practicing defensive coding, and building a monitoring strategy.
Tags: