HD Moore on Nostr: I am super excited to speak at Black Hat USA this year with Rob King (lorddimwit: not ...
I am super excited to speak at Black Hat USA this year with Rob King (lorddimwit: not a typewriter (npub1etd…8t0k)) Our work, "Secure Shells in Shambles", dives deep into the Secure Shell protocol, its popular implementations, what's changed, what hasn't, and how this leads to unexpected vulnerabilities and novel attacks. An open source tool, dubbed "sshamble", will be demonstrated, which reproduces these attacks and opens the door for further research.
#BHUSA #vulnerability #infosec
- https://www.blackhat.com/us-24/briefings/schedule/#secure-shells-in-shambles-40393
Some of the announced talks that I am looking forward to include:
* Super Hat Trick: Exploit Chrome and Firefox Four Times: Nan Wang, Zhenghang Xiao, & Xuehao Guo
* Securing Network Appliances: New Technologies and Old Challenges: Vladyslav Babkin
* Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai
* Listen to the Whispers: Web Timing Attacks that Actually Work: James Kettle
* Project Zero: Ten Years of 'Make 0-Day Hard': Natalie Silvanovich
* Nope, S7ill Not Secure: Stealing Private Keys From S7 PLCs: Nadav Adir, Alon Dankner, Eli Biham, Sara Bitan, Ron Freudenthal, Or Keret
* Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap: Alex Plaskett, Robert Hererra
* Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor: Zisis Sialveras
* Crashing the Party: Vulnerabilities in RPKI Validation: Niklas Vogel, Donika Mirdita, Haya Schulmann, Michael Waidner
* OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe: Vladimir Tokarev
* Surveilling the Masses with Wi-Fi Positioning Systems: Erik Rye
* Terrapin Attack: Breaking SSH Channel Integrity by Sequence Number Manipulation: Fabian Bäumer
#BHUSA #vulnerability #infosec
- https://www.blackhat.com/us-24/briefings/schedule/#secure-shells-in-shambles-40393
Some of the announced talks that I am looking forward to include:
* Super Hat Trick: Exploit Chrome and Firefox Four Times: Nan Wang, Zhenghang Xiao, & Xuehao Guo
* Securing Network Appliances: New Technologies and Old Challenges: Vladyslav Babkin
* Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! Orange Tsai
* Listen to the Whispers: Web Timing Attacks that Actually Work: James Kettle
* Project Zero: Ten Years of 'Make 0-Day Hard': Natalie Silvanovich
* Nope, S7ill Not Secure: Stealing Private Keys From S7 PLCs: Nadav Adir, Alon Dankner, Eli Biham, Sara Bitan, Ron Freudenthal, Or Keret
* Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap: Alex Plaskett, Robert Hererra
* Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor: Zisis Sialveras
* Crashing the Party: Vulnerabilities in RPKI Validation: Niklas Vogel, Donika Mirdita, Haya Schulmann, Michael Waidner
* OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe: Vladimir Tokarev
* Surveilling the Masses with Wi-Fi Positioning Systems: Erik Rye
* Terrapin Attack: Breaking SSH Channel Integrity by Sequence Number Manipulation: Fabian Bäumer