Hace poco se hizo pública otra vulnerabilidad en Apache Struts2 , un popular framework para aplicaciones web en Java. Dicha vulnerabilidad, CVE-2018-11776 , permite a un atacante la ejecución remota de comandos. La versiones afectadas son Apache Struts 2.3 a 2.3.34 y 2.5 a 2.5.16.

Para poder aprovechar dicha vulnerabilidad, una acción (struts action) se debe definir sin namespace o usar algún carácter comodín, como por ejemplo /*. En estos casos, Struts usa OGNL (un lenguaje de expresiones de código abierto para Java) para determinar la acción a ejecutar basada en el namespace dado por el usuario, permitiendo así la posible ejecución de código remoto.

Una de las buenas prácticas a la hora de crear imágenes en Docker es hacer que estas sean lo más pequeñsa, en tamaño, posible.

Por popularidad, Alpine es la distribuciión Linux preferida a la hora de crear imágenes de tamaño reducido (poco menos de 5MB), a menos que, por requerimientos de certificacion o algún otro motivo, sea necesario usar alguna distribución certificada en particular, algo común en el entorno empresarial y gubernamental.

La 27 edición de la conferencia sobre seguridad USENIX 2018 se acaba de celebrar en Baltimore, MD esta pasada semana. Lo que característica a esta conferencia es que es una conferencia sobre seguridad desde ámbito académico.

El número de presentaciones es bastante amplio y ya podemos acceder tanto a la investigación académica, así, como las diapositivas de la mayoría de dichas presentaciones:

• Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? Keynote

Karateka fue un juego publicado en 1984 originalmente para Apple II. Más tarde el juego fue portado a muchos otros sistemas de la época como Commodore 64, Amstrad CPC, MSX, etc, así como a sistemas más modernos. Fue escrito por Jordan Mechner , creador también del mega popular Prince of Persia, Karateka era un juego donde el jugador tenía que luchar (Karate) contra sus enemigos para rescatar a la princesa Mariko del castillo de Akuma. Presta atención al detalle de el jugador, y digo esto porque esta es la miga de esta entrada, el juego era de un sólo jugador.

Aquí tenéis el material disponible de la DEF CON 26 :

• Alexei Bulazel
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos
    • Alexei-Bulazel-demo-1-mpclient.mp4
    • Alexei-Bulazel-demo-2-outputdebugstringa.mp4
    • Alexei-Bulazel-demo-3-file-system.mp4
    • Alexei-Bulazel-demo-4-proclist.mp4
    • Alexei-Bulazel-demo-5-apicall.mp4
    • Alexei-Bulazel-demo-6-fuzz.mp4
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender.pdf
• Alfonso Garcia and Alejo Murillo
  • DEFCON-26-Alfonso-Garcia-and-Alejo-Murillo-Demo-Videos
    • playback_tls_1.mp4
    • playback_tls_2.mp4
    • playback_tls_3.mp4
  • Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story-Updated.pdf
• Andrea Marcelli
  • Andrea-Marcelli-Demo-Video.mp4
  • Andrea-Marcelli-Looking-for-the-perfect-signature-automatic-YARA-rules.pdf
• Bai Zheng and Chai Wang
  • Bai-Zheng-Chai-Wang-You-May-Have-Paid-more-than-You-Imagine.pdf
• Christopher Domas
  • Christopher-Domas-GOD-MODE- UNLOCKED-hardware-backdoors-in-x86-CPUs.pdf
  • Christopher-Domas-The-Ring-0-Facade.pdf
• DEFCON-26-Damien-Cauquil-Updated
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices-Updated.pdf
• Damien Cauquil
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices.pdf
• Dan Crowley - Mauro Paredes - Jen Savage - Updated
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Demo-Video.mp4
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Updated.pdf
• Daniel Zolnikov
  • Daniel-Zolnikov-Politics-and-the-Surveillence-State.pdf
• David Melendez
  • David-Melendez-Project-Interceptor-Demo-Video.mp4
  • David-Melendez-Project-Interceptor-WP.pdf
  • David-Melendez-Project-Interceptor.pdf
• Dongsung Kim and Hyoung Kee Choi
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You.pdf
• Dongsung Kim and Hyoung Kee Choi - Updated
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf
• Douglas Mckee
  • DEFCON-26-Douglas-McKee-Demo-Videos
    • 30To180-2.mp4
    • 80To180-2.mp4
    • Emulation.mp4
    • FlatlineDemo2.mp4
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals.pdf
• Douglas Mckee - Updated
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pdf
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pptx
• Eric Sesterhenn
  • DEFCON-26-Eric-Sesterhenn-Demo-Videos
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC1.mp4
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC2.mp4
  • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You.pdf
• Feng Xiao - Jianwei Huang - Peng Liu
  • Xiao-Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller.pdf
  • Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller-Demo-Video.mp4
• Gabriel Ryan
  • DEFCON-26-Gabriel-Ryan-Demo-Videos
    • Gabriel-Ryan-bait-n-switch.mp4
    • Gabriel-Ryan-bypass-mab.mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction (1920 x 1080).mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction.mp4
    • Gabriel-Ryan-eap-md5-forced-reauth-full.mp4
    • Gabriel-Ryan-rogue-gateway-final (1920 x 1080).mp4
    • Gabriel-Ryan-rogue-gateway-final.mp4
    • Gabriel-Ryan-ryan-gabriel-ryan-bait-n-switch (1920 x 1080).mp4
    • Gabriel-Ryanforged-eapol-start.mp4
  • Gabriel-Ryan-Owning-the-LAN-in-2018-WP.pdf
  • Gabriel-Ryan-Owning-the-LAN-in-2018.pdf
• Joe Rozner
  • Joe-Rozner-Demo-Video.mp4
  • Joe-Rozner-RE-Targetable-Grammer-Based-Test-Case-Generation-Synfuzz.pdf
• John Seymour and Azeem Aqil
  • DEFCON-26-John-Seymour-and-Azeem-Aqil-Demo-Videos
    • 07-01.mp4
    • 10-01-trimmed.mp4
    • 13-01.mp4
    • 16-01.wav
    • 16-02.wav
    • 16-03.wav
    • 21-01.wav
    • 21-02.wav
  • John-Seymour-and-Azeem-Aqil-Your-Voice-is-My-Passport.pdf
• Josep Rodriguez
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS.pdf
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Demo-Video.mp4
• L0pht Panel
  • L0pht-Testimony-20-years-later.pdf
• Leigh Anne Galloway and Tim Yunusov
  • DEFCON-26-Galloway-and-Yunusov-Demo-Videos
    • Galloway-and-Yunusov-RCE.mp4
    • Galloway-and-Yunusov-arbitrary-code.mp4
    • Galloway-and-Yunusov-modifying-amount.mp4
  • Galloway-and-Yunusov-For-the-love-of-money-Findingexploiting-vulns-in-mobile-pos-terminals.pdf
• Louis Dion Marcil
  • DEFCON-26-Louis-Dion-Marcil-Demo-Videos
    • demo1.mp4
    • demo2.mp4
  • Louis-Dion-Marcil-Edge-Side-Include-Injection.pdf
• Martin Vigo
  • DEFCON-26-Martin-Vigo-Demo-Videos
    • demo-bruteforcing-v1.mp4
    • demo-paypal-v1.mp4
    • demo-whatsapp-v1.mp4
  • Martin-Vigo-Compromising-Online-Cracking-Voicemail-Systems.pdf
• Michael West and Collin Campbell
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pdf
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pptx
• Mickey Shkatov and Jesse Micheal
  • DEFCON-26-Mickey-Shkatov-and-Jesse-Micheal-Demo-Videos
    • EvilMaid-BennyHill-Defcon-Video1.mp4
    • exploit-popcalc-text-Defcon-Video2.MP4
    • exploit-popcalc-win10-Defcon-Video3.MP4
    • exploit-shell-Defcon-Video4.MP4
    • exploit-smileyloop.MP4
  • Mickey-Shkatov-and-Jesse-Micheal-UEFI-Exploitation-For-The-Masses.pdf
• Morgan Gangwere
  • DEFCON-26-Morgan-Gangwere-Its-assembler-jim-Demo-Videos
    • demo-1-rootfs.mp4
    • demo-2-tapdrive.mp4
    • demo-3-containers.mp4
    • demo-4-afl.mp4
  • Morgan-Gangwere-Its-assembler-jim-Notes.pdf
  • Morgan-Gangwere-Its-assembler-jim.pdf
• Nafeez
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks-openvpn3-voracle.gif
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks.pdf
• Nick Cano
  • DEFCON-26-Nick-Cano-Demo-Videos
    • demo-1-tools.mp4
    • demo-2-launch.mp4
    • demo-3-scan.mp4
    • demo-4-win10.mp4
  • Nick-Cano-Relocation-Bonus-Attacking-the-Win-Loader.pdf
• Patrick Wardle
  • Patrick-Wardle-Fire-and-Ice.pdf
  • Patrick-Wardle-The-Mouse-Is-Mightier-Synthetic0Reality.pdf
• Ruo Ando
  • Ruo-Ando-Asura-Demo-Video.MP4
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading-WP.pdf
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading.pdf
• Ryan Johnson and Angelos Stavrou
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos
    • commexec.mp4
    • maliciousApp.mp4
    • zte-zmax-champ-brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices.pdf
• Ryan Johnson and Angelos Stavrou - Updated
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos-Updated
    • commExec.mp4
    • factory_reset.mp4
    • lock_user_out.mp4
    • maliciousApp.mp4
    • modem_and_logcat_logs_zte.mp4
    • take_screenshot.mp4
    • zte_zmax_champ_brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-Updated.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf
• Sanat Sharma
  • Sanat-Sharma-House-of-Roman-Demo-Video.mp4
  • Sanat-Sharma-House-of-Roman.pdf
• Sheila A Berta and Sergio De Los Santos
  • DEFCON-26-Sheila-A-Berta-and-Sergio-De-Los-Santos-Demo-Video
    • freetool.mp4
    • gmtruntime.mp4
  • Sheila-A-Berta-and-Sergio-De-Los-Santos-Tracking-Android-Malware-Developers.pdf
• Siegfried Rasthofer and Stephan Huber
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video
    • demovideo.mp4
    • greenalp-cast.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us.pdf
• Siegfried Rasthofer and Stephan Huber - Updated
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video-Updated
    • demovideo_Version2.mp4
    • greenalpdemo_Version2.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us-Updated.pdf
• Silke Holtmanns and Isha Singh
  • Holtmanns-Singh-4G-Who-is-Paying-your-cell-phone-bill.pdf
• Slava Makkaveev
  • DEFCON-26-Slava-Makkaveev-Demo-Videos
    • Slava-Makkaveev-MITD-Demo1-GoogleTranslate.mp4
    • Slava-Makkaveev-MITD-Demo2-LGAppManager.mp4
    • Slava-Makkaveev-MITD-Demo3-XiaomiBrowser.mp4
  • Slava-Makkaveev-Man-In-The-Disk.pdf
• Stark Riedesel and Parsia Hakimian
  • DEFCON-26-Stark-Riedesel-and-Parsia-Hakimian-Demo-Videos
    • 1-tineola-enum-demo.mp4
    • 2-tineola-invoke-TXes.mp4
    • 2-tineola-invoke-demo.mp4
    • 3-tineola-fuzzing-demo.mp4
    • 4-tineolacc-install.mp4
    • 5-tineola-nmap-scan.mp4
    • 6-tineola-direct-db-TXes.mp4
    • 6-tineola-direct-db-demo.mp4
  • Stark-Riedesel-and-Parsia-Hakimian-Tineola-Taking-Bite-Out-of-Enterprise-Blockchain.pdf
• Thanh Bui and Siddharth Rao
  • DEFCON-26-Thanh-Bui-and-Siddharth-Rao-Demo-Videos
    • 1password-demo.mp4
    • fido-demo.mp4
  • Thanh-Bui-and-Siddharth-Rao-Last-Mile-Auth-Problem-Exploiting-End-to-End.pdf
• The Tarquin
  • DEFCON-26-The-Tarquin-Demo-Videos
    • homograph-ocr.mp4
    • homographbomb.mp4
    • java-homograph.mp4
  • The-Tarquin-Weaponizing-Unicode-Homographs-Beyond-IDNs.pdf
• Thiago Alves
  • DEFCON-26-Thiago-Alves-Demo-Videos
    • first-attack.mp4
    • second-attack.mp4
    • third-attack.mp4
  • Thiago-Alves-Hacking-PLCs-and-Causing-Havoc-on-Critical-Infrastructures.pdf
• Torani - Buchwald - Nirenberg
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series-Sample-Scene.mp4
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series.pdf
• Truman Kain
  • Truman-Kain-Demo-Video.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick.pdf
• Truman Kain - Updated
  • Truman-Kain-Demo-Video-Updated.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick-Updated.pdf
• Vincent Tan
  • DEFCON-26-Vincent-Tan-Demo-Videos
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-1.mp4
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-2.mp4
  • Vincent-Tan-Hacking-BLE-Bicycle-Locks.pdf
• Wesley McGrew
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-Demo-Video.mp4
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-WP.pdf
  • Wesley-McGrew-An-Attacker-Looks-at-Docker.pdf
• William Martin
  • William-Martin-SMBetray-Backdooring-and-Breaking-Signiatures.pdf
  • William-Martin-SMBetray-Demo-Video.mp4
• Wu HuiYu and Qian Wenxiang
  • DEFCON-26-Wu-HuiYu-and-Qian-Wenxiang-Demo-Videos
    • MI-AI-SPEAKER-MIIO.mp4
    • MI-AI-SPEAKER-RCE.mp4
    • amazon-echo-2soldering.mp4
    • amazon-echo-desoldering.mp4
    • amazon-echo-exploit.mp4
    • breaking-smart-speaker-video-1.mp4
    • breaking-smart-speaker-video-2.mp4
    • breaking-smart-speaker-video-3.mp4
    • breaking-smart-speaker-video-4.mp4
  • Wu-HuiYu-and-Qian-Wenxiang-Breaking-Smart-Speakers.pdf
• Xiaolong Bai and Min Zheng
  • DEFCON-26-Xiaolong-Bai-and-Min-Zheng-Demo-Video
    • DemoOnPage13.mp4
    • DemoOnPage78.mp4
  • Xiaolong-Bai-and-Min-Zheng-One-Bite-And-All-Your-Dreams-Will-Come-True.pdf
• Zach Miller and Alex Kissinger
  • DEFCON-26-Zach-Miller-and-Alex-Kissinger-Demo-Videos
    • demo-1-command-file-exploit.mp4
    • demo-2-telnet-exploit.mp4
    • demo-3-mlwar.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain.pdf
• Zach Miller and Alex Kissinger - Updated
  • Zach Miller and Alex Kissinger - Extras
    • demo3_mlwar_v2.ogv
    • demo4_brute_force_and_dump_fw.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain-Updated.pdf
• nevermoe
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators-cheat-Demo-Video.mp4
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators.pdf
• sghctoma
  • DEFCON-26-sghctoma-Demo-Videos
    • maple/
    • mathematica/
    • matlab/
  • sghctoma-all-your-math-are-belong-to-us.pdf
• singe
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana-eap-relay-v1.mp4
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana.pdf
• smea
  • DEFCON-26-smea-Jailbreaking-the-3DS-Demo-Videos
    • fuzz.mp4
    • hbmenu.mp4
    • mcopy.mp4
    • ninjhax.mp4
    • tubehax.mp4
  • smea-Jailbreaking-the-3DS.pdf
• Alex-Levinson-Overview-of-Genesis-Scripting-Engine.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses-Updated.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses.pdf
• Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story.pdf
• Crowley-Paredes-Savage-Outsmarting-the-Smart-City.pdf
• Eckert-Sumner-Krause-Inside-the-Fake-Science-Factory.pdf
• Eduardo-Izycki-And-Rodrigo-Colli-Digital-Leviathan-Nation-State-Big-Brothers.pdf
• Egypt-One-Liners-to-Rule-Them-All.pdf
• Fireside-Panel-D0-N0-H4RM.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz-Updated.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz.pdf
• Foster-and-Ayrey-Lost-and-Found-Certs-residual-certs-for-pre-owned-domains.pdf
• Galloway-and-Yunusov-For-the-love-of-Money-Finding-And-Exploiting-Vulns-In-Mobile-POS-Updated.pdf
• Ian-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target-Updated.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target.pdf
• Joe-Grand-Searching-for-the-Light-Adventures-w-Opticspy.pdf
• Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Updated.pdf
• Lawshae-Who-Controls-the-Controllers-Hacking-Crestron.pdf
• Maggie-Mayhem-Sex-Work-After-SESTA.pdf
• Maksim-Shudrak-Fuzzing-Malware-For-Fun-and-Profit.pdf
• Matt-King-Micro-Renovator-Bringing-Proc-Firmware-Up-To-Code.pdf
• Matt-Knight-and-Ryan-Speers-RF-Fuzzing-Tools-to-Expose-PHY-Layer-Vulns.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard.pdf
• Matthews-Adams-Greco-Youre-Just-Complaining-Because-Youre-Guilty.pdf
• Michael-Ossmann-and-Dominic-Spill-Revolting-Radios.pdf
• Min-Zheng-Xiaolong-Bai-Fasten-your-Seatbelts-Escaping-iOS-11-Sandbox.pdf
• Nils-Amiet-and-Yonal-Romailler-Reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data.pdf
• Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out.pdf
• Panel-DCGroups.pdf
• Paternotte-and-van-Ommeren-It-WISNt-Me-Attacking-Industrial-Wireless-Mesh.pdf
• Rachel-Greenstadt-and-Aylin-Caliskan-De-anonymizing-Programmers.pdf
• Richard-Thieme-The-Road-to-Resilience .pdf
• Rob-Joyce-Absurd-Xmas-Lights.pdf
• Rousseau-and-Seymour-Finding-Xori-Malware-Analysis-Triage-w-Auto-Disassembly.pdf
• Seamus-Burke-Journey-Into-Hexagon.pdf
• Sean-Metcalf-Exploiting-Administrator-Insecurities.pdf
• Shortxstack-and-Seth-Law-Building-the-Hacker-tracker.pdf
• Si-and-AgentX-Wagging-The-Tail.pdf
• Steven-Danneman-Your-Banks-Digital-Side-Door.pdf
• Yaniv-Balmas-What-The-FAX.pdf
• YawnBox-Emerald-Onion-Privacy-Infrastructure-Challenges-and-Opportunites.pdf
• Yu-Wang-Attacking-The-MacOS-Kernel-Graphics-Driver.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs.pdf
• zerosum0x0-Eternal-Exploits.pdf

También también podéis descargar todo este contenido desde este enlace o por torrent a través de este otro enlace .

Aquí tenéis la list de las presentaciones de Black Hat USA de este año, con enlace a las diapositivas y documentos que se han hecho públicos:

• Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
• Finding Xori: Malware Analysis Triage with Automated Disassembly
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Rousseau-Finding-Xori-Malware-Analysis-Triage-With-Automated-Disassembly.pdf )
• Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Malmquist-Exposing-The-Bait-A-Qualitative-Look-At-The-Impact-Of-Autonomous-Peer-Communication-To-Enhance-Organizational-Phishing-Detection.pdf )
• Software Attacks on Hardware Wallets
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets-wp.pdf )
• Dissecting Non-Malicious Artifacts: One IP at a Time
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Goland-Dissecting-Non-Malicious-Artifacts-One-IP-At-A-Time.pdf )
• Detecting Credential Compromise in AWS
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS-wp.pdf )
• How I Learned to Stop Worrying and Love the SBOM
• Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking-wp.pdf )
• Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race-wp.pdf )
• Holding on for Tonight: Addiction in InfoSec
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Tomasello-Holding-On-For-Tonight-Addiction-In-Infosec.pdf )
• TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf )
• Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Paul-Stress-and-Hacking.pdf )
• From Bot to Robot: How Abilities and Law Change with Physicality
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality-wp.pdf )
• Miasm: Reverse Engineering Framework
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-DesclauxMougey-Miasm-Reverse-Engineering-Framework.pdf )
• New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Gro ß-New-Trends-In-Browser-Exploitation-Attacking-Client-Side-JIT-Compilers.pdf)
• Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-saxe-Deep-Learning-For-Hackers-Methods-Applications-and-Open-Source-Tools.pdf )
• KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
• Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Little-Blockchain-Autopsies-Analyzing-Ethereum-Smart-Contract-Deaths.pdf )
• A Dive in to Hyper-V Architecture & Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Joly-Bialek-A-Dive-in-to-Hyper-V-Architecture-&-Vulnerabilities.pdf )
• No Royal Road … Notes on Dangerous Game
• There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Milburn-There-Will-Be-Glitches-Extracting-And-Analyzing-Automotive-Firmware-Efficiently.pdf )
• Compression Oracle Attacks on VPN Networks
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Nafeez-Compression-Oracle-Attacks-On-Vpn-Networks.pdf )
• CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
• Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers-wp.pdf )
• Remotely Attacking System Firmware
• Reversing a Japanese Wireless SD Card - From Zero to Code Execution
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valadon-Reversing-a-Japanese-Wireless-SD-Card-From-Zero-to-Code-Execution.pdf )
• Deep Dive into an ICS Firewall, Looking for the Fire Hole
• Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
• Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf )
• From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure.pdf )
• An Attacker Looks at Docker: Approaching Multi-Container Applications
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf )
• The Unbearable Lightness of BMC’s
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC-wp.pdf )
• Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dameff-Mental-Health-Hacks-Fighting-Burnout-Depression-And-Suicide-In-The-Hacker-Community.pdf )
• WireGuard: Next Generation Secure Network Tunnel
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Network-Tunnel.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Nework-Tunnel-wp.pdf )
• Threat Modeling in 2018: Attacks, Impacts and Other Updates
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shostack-Threat-Modeling-in-2018.pdf )
• Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology-wp.pdf )
• Don’t @ Me: Hunting Twitter Bots at Scale
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected] )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected] )
• A Brief History of Mitigation: The Path to EL1 in iOS 11
  • [] ()
• ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
• Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
• Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf )
• LTE Network Automation Under Threat
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat-wp.pdf )
• Why so Spurious? How a Highly Error-Prone x86/x64 CPU “Feature” can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious-wp.pdf )
• Open Sesame: Picking Locks with Cortana
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Beery-Open-Sesame-Picking-Locks-with-Cortana.pdf )
• Breaking the IIoT: Hacking industrial Control Gateways
• Squeezing a Key through a Carry Bit
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit-wp.pdf )
• I, for One, Welcome Our New Power Analysis Overlords
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards-wp.pdf )
• How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Peterson-How-Can-Communities-Move-Forward-After-Incidents-Of-Sexual-Harassment-Or-Assault.pdf )
• AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Li-AFLs-Blindspot-And-How-To-Resist-AFL-Fuzzing-For-Arbitrary-ELF-Binaries.pdf )
• Is the Mafia Taking Over Cybercrime?
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime-wp.pdf )
• The Air-Gap Jumpers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf )
• Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure-wp.pdf )
• InfoSec Philosophies for the Corrupt Economy
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Munro-Infosec-Philosophies-For-The-Corrupt-Economy.pdf )
• Back to the Future: A Radical Insecure Design of KVM on ARM
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM-wp.pdf )
• A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P-wp.pdf )
• ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware-wp.pdf )
• Stop that Release, There’s a Vulnerability!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gadsby-Stop-That-Release,-There's-A-Vulnerability!.pdf )
• Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not-A-Two-Phase-Usability.pdf )
• Fire & Ice: Making and Breaking macOS Firewalls
• The Problems and Promise of WebAssembly
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Silvanovich-The-Problems-and-Promise-of-WebAssembly.pdf )
• Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims-wp.pdf )
• Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Sch ürmann-Carsten-A-Comparative-Forensic-Analysis-of-WinVote-Voting-Machines.pdf)
• Demystifying PTSD in the Cybersecurity Environment
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Slowik-Demystifying-PTSD-In-The-Cybersecurity-Environment.pdf )
• Real Eyes, Realize, Real Lies: Beating Deception Technologies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hart-Real-Eyes-Realize-Real-Lies-Beating-Deception-Technologies.pdf )
• Kernel Mode Threats and Practical Defenses
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Desimone-Kernel-Mode-Threats-and-Practical-Defenses.pdf )
• Snooping on Cellular Gateways and Their Critical Role in ICS
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Shattuck-Snooping-on-Cellular-Gateways-and-Their-Critical-Role-in-ICS.pdf )
• Your Voice is My Passport
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport-wp.pdf )
• Identity Theft: Attacks on SSO Systems
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Ludwig-Identity-Theft-Attacks-On-SSO-Systems.pdf )
• Black Box is Dead. Long Live Black Box!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Stennikov-Blackbox-is-dead--Long-live-Blackbox!.pdf )
• Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kobayashi-Reconstruct-The-World-From-Vanished-Shadow-Recovering-Deleted-VSS-Snapshots.pdf )
• The Science of Hiring and Retaining Female Cybersecurity Engineers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Holtz-The-Science-Of-Hiring-And-Retaining-Female-Cybersecurity-Engineers.pdf )
• The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
• New Norms and Policies in Cyber-Diplomacy
• Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages_Threaten-Patient-Lives.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf )
• AI & ML in Cyber Security - Why Algorithms are Dangerous
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Marty-AI-and-ML-in-Cybersecurity.pdf )
• GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs-wp.pdf )
• Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Geesaman-Detecting-Malicious-Cloud-Account-Behavior-A-Look-At-The-New-Native-Platform-Capabilities.pdf )
• Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Mueller-Dresen-EFAIL-Breaking-SMIME-And-OpenPGP-Email-Encryption-Using-Exfiltration-Channels.pdf )
• Decompiler Internals: Microcode
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode-wp.pdf )
• Stealth Mango and the Prevalence of Mobile Surveillanceware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Blaich-Stealth-Mango-and-the-Prevalence-of-Mobile-Surveillanceware.pdf )
• A Deep Dive into macOS MDM (and How it can be Compromised)
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised-wp.pdf )
• Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies-wp.pdf )
• Playback: A TLS 1.3 Story
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-GarciaAlguacil-MurilloMoya-Playback-A-TLS-1.3-Story.pdf )
• Outsmarting the Smart City
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Savage-Paredes-Outsmarting-The-Smart-City.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Outsmarting-The-Smart-City-wp.pdf )
• Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
• So I became a Domain Controller
• None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hui-None-Of-My-Pixel-Is-Your-Business-Active-Watermarking-Cancellation-Against-Video-Streaming-Service.pdf )
• WebAssembly: A New World of Native Exploits on the Browser
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web-wp.pdf )
• Applied Self-Driving Car Security
  • [] ()
• TLBleed: When Protecting Your CPU Caches is Not Enough
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough-w.pdf )
• Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf )
• Another Flip in the Row
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-in-the-Row.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-In-The-Row-wp.pdf )
• Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf )
• Legal Liability for IOT Cybersecurity Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Palansky-Legal-Liability-For-IoT-Vulnerabilities.pdf )
• How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
• Exploitation of a Modern Smartphone Baseband
• Last Call for SATCOM Security
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security-wp.pdf )
• Automated Discovery of Deserialization Gadget Chains
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp.pdf )
• Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can –Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time.pdf)
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can –Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time-wp.pdf)
• From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf )
• SDL That Won’t Break the Bank
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lipner-SDL-For-The-Rest-Of-Us.pdf )
• Lowering the Bar: Deep Learning for Side Channel Analysis
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis-wp.pdf )
• Mainframe [z/OS] Reverse Engineering and Exploit Development
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development.pdf )
• Hardening Hyper-V through Offensive Security Research
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf )
• Practical Web Cache Poisoning: Redefining ‘Unexploitable’
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable-wp.pdf )
• For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
• SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
• Understanding and Exploiting Implanted Medical Devices
• IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies-wp.pdf )
• The Finest Penetration Testing Framework for Software-Defined Networks
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lee-The-Finest-Penetration-Testing-Framework-for-Software-Defined-Networks.pdf )
• It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It-wp.pdf )
• Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Stone-Unpacking-The-Packed-Unpacker.pdf )
• Return of Bleichenbacher’s Oracle Threat (ROBOT)
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat-wp.pdf )
• Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars-wp.pdf )
• DeepLocker - Concealing Targeted Attacks with AI Locksmithing
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kirat-DeepLocker-Concealing-Targeted-Attacks-with-AI-Locksmithing.pdf )
• Meltdown: Basics, Details, Consequences
• Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Ulitzsch-Follow-The-White-Rabbit-Simplifying-Fuzz-Testing-Using-FuzzExMachina.pdf )
• Lessons and Lulz: The 4th Annual Black Hat USA NOC Report

Cómo ya nos adelantó Chema en su blog , la editorial 0xWord acaba de publicar un nuevo libro sobre Docker y su uso en entornos SecDevOps .

El libro ha sido escrito por Fran Ramírez ( @Cybercaronte ), Elías Grande ( @3grander ) y el que escribe, Rafael Troncoso ( @tuxotron ).

El libro contiene material tanto para los no iniciados, como para los que ya conocen Docker. Aunque Docker no es la única opción en el ámbito de los contenedores de aplicaciones, es sin duda alguna la más conocida y extendida hasta la fecha.

Ya están disponibles la mayoría de las presentaciones de Black Hat Asi 2018 celebrada el pasado 20-23 de marzo:

• A Short Course in Cyber Warfare
• National Cyber-Aggression and Private-Sector Internet Infrastructure
• A Deal with the Devil: Breaking Smart Contracts
  • Wong-Hemmel-A-Deal-with-the-Devil-Breaking-Smart-Contracts.pdf
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
  • Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages_update_Thursday.pdf
• AES Wireless Keyboard – Template Attack for Eavesdropping
  • Kim-AES-Wireless-Keyboard-Template-Attack-for-Eavesdropping.pdf
• All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS.pdf
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS-wp.pdf
• Analyzing & Breaking Exploit Mitigations and PRNGs on QNX for Automotive Industrial Medical and other Embedded Systems
  • Wetzels_Abassi_dissecting_qnx__PPT.pdf
  • Wetzels_Abassi_dissecting_qnx__WP.pdf
• Back To The Epilogue: How to Evade Windows’ Control Flow Guard with Less than 16 Bytes
  • Lain-Back-To-The-Epilogue-How-To-Evade-Windows-Control-Flow-Guard-With-Less-Than-16-Bytes.pdf
• Breach Detection At Scale With AWS Honey Tokens
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens.pdf
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens-wp.pdf
• Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis.pdf
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis-wp.pdf
• Breaking the Attack Graph: How to Leverage Graphs to Strengthen Security in a Domain Environment
  • Simakov-Marina-Breaking-The-Attack-Graph.pdf
• Counter-Infiltration: Future-Proof Counter Attacks Against Exploit Kit Infrastructure
  • papa-Future-Proof%20Counter%20Attacks%20Against%20Exploit%20Kit%20Infrastructure.pdf
• Cyber Comrades: Alliance-Building in Cyberspace
  • Geers-Cyber%20Comrades%20Alliance%20Building%20in%20Cyberspace.pdf
• Death Profile
  • Zhu%20and%20Li-Death%20Profile.pdf
  • Zhu%20and%20Li-Death%20Profile-wp.pdf
• Documenting the Undocumented: The Rise and Fall of AMSI
  • Tal-Liberman-Documenting-the-Undocumented-The-Rise-and-Fall-of-AMSI.pdf
• eMMC & UFS: Security Vulnerabilities Rootkits
• Hourglass Model 2.0: Case Study of Southeast Asia Underground Services Abusing Global 2FA
  • [Asia-18-CHUNG-Hourglass 2.0.pdf]( https://www.blackhat.com/docs/asia-18/Asia-18-CHUNG-Hourglass 2.0.pdf)
• I Don’t Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep
  • Seunghun-I_Dont_Want_to_Sleep_Tonight_Subverting_Intel_TXT_with_S3_Sleep.pdf
• International Problems: Serialized Fuzzing for ICU Vulnerabilities
  • Deng-International-Problems-Serialized-Fuzzing-for-ICU-Vulnerabilities.pdf
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation.pdf
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation-wp.pdf
• KSMA: Breaking Android Kernel Isolation and Rooting with ARM MMU Features
  • WANG-KSMA-Breaking-Android-kernel-isolation-and-Rooting-with-ARM-MMU-features.pdf
• Locknote: Conclusions and Key Takeaways from Black Hat Asia 2018
• Mac-A-Mal: An Automated Platform for Mac Malware Hunting
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting.pdf
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting-wp.pdf
• Nation-State Moneymule’s Hunting Season – APT Attacks Targeting Financial Institutions
  • Shen-Nation-State%20Moneymule%20hunting%20season_Thursday%20.pdf
• New Compat Vulnerabilities in Linux Device Drivers
  • Ding-New-Compat-Vulnerabilities-In-Linux-Device-Drivers.pdf
• Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs
• return-to-csu: A New Method to Bypass 64-bit Linux ASLR
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR.pdf
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf
• RustZone: Writing Trusted Applications in Rust
• Securing Your In-Ear-Fitness Coach: Challenges in Hardening Next Generation Wearables
• Server Tailgating - A Chosen-PlainText Attack on RDP
  • Karni-Zinar-Blachman-Server-Tailgating-A-Chosen-Plaintext-Attack-on-RDP.pdf
• Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM
  • Seunghun-Shadow-Box_v2_The_Practical_and_Omnipotent_Sandbox_for_ARM.pdf
• Tales from the NOC: Going Public in Asia
• UbootKit: A Worm Attack for the Bootloader of IoT Devices
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices.pdf
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices-wp.pdf
• VSPMiner: Detecting Security Hazards in SEAndroid Vendor Customizations via Large-Scale Supervised Machine Learning
• When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins.pdf
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins-wp.pdf
• XOM-switch: Hiding Your Code from Advanced Code Reuse Attacks In One Shot
  • Zhang-xom-switch-mingwei-v1.2.pptx

El Proyecto SEED tiene como objetivo desarrollar un conjunto de talleres prácticos para la enseñanza y estudio de la seguridad de la información. Este proyecto es principalmente subvencionado por National Science Foundation (NSF) , una organización gubernamental estadounidense creada en 1950.

Actualmente existen más de 30 talleres llamados SEED Labs , organizadoes en seis categorías:

• Software Security Labs - Talleres con vulnerabilides en software más comunes.

![OpenIA videogames] ( https://cyberhades.ams3.cdn.digitaloceanspaces.com/imagenes/31406720546_7496797da3_o_opt.png )

Ya os hemos hablado en alguna ocasión de OpenAI y de cómo utiliza videojuegos para entrenar a una IA a resolver problemas. Pues en el blog de LUCA estamos escribiendo una serie de artículos donde explicamos paso a paso desde cómo comenzar a configurar el entorno de OpenAI en Linux hasta nuestra nuestra primera IA capaz de resolver un juego sencillo.