canmove, Confirmed users
4,854
edits
Security/BlackHat 2012: Difference between revisions
Jump to navigation
Jump to search
→Sessions to be covered
No edit summary |
|||
| Line 10: | Line 10: | ||
=== Interesting-sounding Blackhat and DEFCON sessions === | === Interesting-sounding Blackhat and DEFCON sessions === | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan Hacking with WebSockets] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan Hacking with WebSockets] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis "Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap"] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis "Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap"] | |||
Attacks (ab)using recent web features. Need to be considered especially in the context of apps and our web services and what | Attacks (ab)using recent web features. Need to be considered especially in the context of apps and our web services and what | ||
mitigations should be built into Gecko | mitigations should be built into Gecko | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan "Hacking with WebSockets"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan "Hacking with WebSockets"] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Purviance "Blended Threats and JavaScript: A Plan for Permanent Network Compromise"] -''Who is attending, if anyone? Name here'' | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Purviance "Blended Threats and JavaScript: A Plan for Permanent Network Compromise"] | |||
For Gaia/WebAPI folks some attacks on Chrome extensions that may | For Gaia/WebAPI folks some attacks on Chrome extensions that may | ||
have relevance to types of attacks we face on apps. | have relevance to types of attacks we face on apps. | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Osborn "Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Osborn "Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil"] -''Who is attending, if anyone? Name here'' | ||
For the B2G folks there are a couple that might help us with our | For the B2G folks there are a couple that might help us with our | ||
phone designs. If nothing else they may inform our testing. | phone designs. If nothing else they may inform our testing. | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Ridley "Advanced ARM exploitation"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Ridley "Advanced ARM exploitation"] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Weinmann "Scaling Up Baseband Attacks: More (Unexpected) Attack Surface"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Weinmann "Scaling Up Baseband Attacks: More (Unexpected) Attack Surface"] -''Who is attending, if anyone? Name here'' | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Miller "Don't Stand So Close To Me: An Analysis of the NFC Attack Surface"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Miller "Don't Stand So Close To Me: An Analysis of the NFC Attack Surface"] -''Who is attending, if anyone? Name here'' | ||
Defeating ASLR through info leaks, and how to cause them. | Defeating ASLR through info leaks, and how to cause them. | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Serna "The Info Leak Era on Software Exploitation"] (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Serna "The Info Leak Era on Software Exploitation"] (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) -''Who is attending, if anyone? Name here'' | ||
A comparison of three different Flash sandboxes, Chrome, IE, and Firefox | A comparison of three different Flash sandboxes, Chrome, IE, and Firefox | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Sabanal "Digging Deep Into The Flash Sandboxes"] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Sabanal "Digging Deep Into The Flash Sandboxes"] -''Who is attending, if anyone? Name here'' | ||
New defensive features of Win8 we should consider using. Some may be | New defensive features of Win8 we should consider using. Some may be | ||