2024年亞洲黑帽大會（Black Hat ASIA）嘉賓演講PPT合集（共32套打包）

#BHASIA BlackHatEventsCertifiedDCOMThePrivilegeEscalationJourneytoDomainAdminwithDCOMTianze Ding(D1iv3)Tencent Security Xuanwu Lab#BHASIA BlackHatEventsWhoamiTianze Ding(D1iv3)Senior Security Researcher,Tencent Security Xuanwu Lab Focusing on Active Directory Security/Cloud Security/Web Security 2022 MSRC Most Valuable Researchers Black Hat/DEFCON/HITB Speaker#BHASIA BlackHatEventsAgenda COM/DCOM Basics Previous Research COM Attack Surface from Local to Remote CertifiedDCOM:Privilege Escalation EDR=Erase Data RemotelyTomer BarShmuel CohenThis talk is SafeBreachs 15th talk at Black Hat20 years experience in security researchMain focus in APT and vulnerability researchPresented at many global security conferencesSuch as:Black Hat USA 2020,2023,DEFCON 28-312Tomer BarVP of Security Research SafeBreach6 years experience in cybersecurityMain focus in vulnerability researchFormer malware researcher specializedIn APT groups3Shmuel CohenSecurity Researcher SafeBreachLABS4Research Goal and appro#BHASIA BlackHatEventsLLM4Shell:Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks and AppsSpeakers:Tong Liu,Yuekang LiContributors:Zizhuang Deng,Guozhu Meng,Kai Chen#BHASIA BlackHatEventsWhoami-Tong Liu First year PhD student from UCAS IIE CTF player Nu1L&Straw Hat AI+Security#BHASIA BlackHatEventsWhoami-Yuekang Li Lecturer(assistant professor)University of New South Wales Software testing+Security#BHASIA BlackHatEventsContributorsZizhuang DengPhD IIE UCASecurity Research Team Lead at SafeBreach6+years in security researchLinux,embedded and some Android research3 years Windows researchCreator of Aikido Wiper,DoubleDriveOr YairAgendaWindows Known Issue IntroductionResearch GoalsPost-Exploitation TechniquesVulnerabilitiesCVEs+FixesTakeawaysGitHub+Q&AWindows BackwardsCompatibilityMore than 1.4 billion active devicesMy first encounter with“MagicMicrosofts DocumentationDo not end a file or directory name with a space or a period.Although the und#BHASIA BlackHatEventsWhat the TrustZone-M Doesnt See,theMCU Does Grieve OverLessons Learned from Assessing a Microcontroller TEECristiano Rodrigues|Sandro Pinto,PhD(Centro ALGORITMI/LASI,Universidade do Minho)#BHASIA BlackHatEventsWhat the TrustZone-M Doesnt See,theMCU Does Grieve OverLessons Learned from Assessing a Microcontroller TEECristiano Rodrigues|Sandro Pinto,PhD(Centro ALGORITMI/LASI,Universidade do Minho)AGENDAIntroductionBackground and Motivation0102A Bumpy but Revealing JourneyWeak#BHASIA BlackHatEventsS SystemUIystemUI As As EvilPiPEvilPiPWeiMin Cheng()The Hijacking Attacks on Modern Mobile Device#BHASIA BlackHatEventsWhoAreWeWhoAreWeWeiMin ChengQI-ANXINGithub:MG1937Twitter:MGAldys4Yue LiuQI-ANXINGithub:lieanuMobile&AOSPBinary Researcher#BHASIA BlackHatEventsAgendaAgenda What is Activity Hijack Attack(AHA)Restrictions and Policies released by Google Bypass Security Policies Video Demo for Fullchain BAL Restriction Runtime State Leak Strictly LMKD#BHASIA BlackHatEvent#BHASIA BlackHatEventsChinese APT:A Master of Exploiting Edge DevicesCharles LiGreg Chen#BHASIA BlackHatEventsAgendanExploit Target ChangednCase Study of Weaponized Edge Device nMalware implanted in Edge DevicenMitigation&Response#BHASIA BlackHatEventsExploit Target Changed#BHASIA BlackHatEventsGood old days of spear phishing emails#BHASIA BlackHatEventsDocument exploitation were good exploit targets for spear phishing attack.Good old days of spear phishing emailsCVE-2011-0611CVE-2008-5353CVASIA 2024Cloud Console CartographerTapping Into Mapping Slogging Thru LoggingIntroductionCloud Logs for DefendersPROBLEM:Noisy Console LogsSOLUTION:Mapping for ClarityTool Demo+ReleaseANDI AHMETIASSOCIATE THREAT RESEARCHERSecEagleAnd1andi-ahmetiKosovoPermiso-io-tools/CloudGrapplerDANIEL BOHANNONPRINCIPAL THREAT RESEARCHERdanielhbohannondanielhbohannondanielbohannon/Invoke-Obfuscation/Invoke-CradleCrafter/Invoke-DOSfuscation/Revoke-ObfuscationUSA(5 yrs)(2 yrs)Role of Logs in Threat Hunting&IR#BHASIA BlackHatEventsBypassing Bypassing EntraEntra ID Conditional Access Like APTID Conditional Access Like APTA Deep Dive Into Device Authentication Mechanisms for Building Your Own PRT Cookie Speaker:Yuya ChudoContributor:Takayuki Hatakeyama#BHASIA BlackHatEventsWhoamiYuya ChudoSenior Advisor Secureworks Japan K.KProvides red teaming service for enterprises mainly in Japan#BHASIA BlackHatEventsAgendaIntroductionMicrosoft Entra ID Device Authentication Mechanism Device Authentication Internal#BHASIA BlackHatEventsA Glimpse Into The ProtocolFuzz Windows RDP Client For Fun And ProfitYingqi Shi(Mas0nShi),Mingjia Liu(cyberestro),Quan Jin(jq0904)DBAPPSecurity#BHASIA BlackHatEventsAbout UsYingqi ShiMas0nShiMingjia LiucyberestroQuan Jinjq0904Guoxian Zhong_p01arisZSiyuan Liu4nsw3r123#BHASIA BlackHatEventsAgendaMotivationIntroductionFuzzingCase StudyFuture#BHASIA BlackHatEventsMotivation#BHASIA BlackHatEventsMotivation Popular Remote Access Solution Legacy and Longevity And more?https:/www.s#BHASIA BlackHatEventsOne Flip is All It Takes:Identifying Syscall-Guard Variables for Data-Only Attacks Speaker:Hengkai YeThe Pennsylvania State UniversityOther Contributors:Hong Hu,Song Liu,Zhechang Zhang2TeamHengkai YePh.D.StudentPenn State UniversitySong LiuPh.D.StudentPenn State UniversityZhechang ZhangPh.D.StudentPenn State UniversityHong HuAssistant ProfessorPenn State University3Current Exploit Method:Control-Flow HijackingMemory-Access PrimitivesArbitrary ReadArbitrary WriteControl DataBlackHat Asia 2024/rockygnu.orgBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode Decompiler and:How to Read and Writea High-Level Bytecode DecompilerBlackHat Asia,2024Rocky Bernstein Slide text:uncompyle6decompyle3rockygnu.orghttps:/rocky.github.io/blackhat-asia-2024-additional/all-notes-printBlackHat Asia 2024/rockygnu.org-uncompyle6 and decompyle3:How to Read and Write a High-Level Bytecode DecompilerSurveyBlackHat Asia 2024/rockygnu.org-uncoThe Fault in Our MetricsRethinking How We Measure Detection&ResponseBoD meeting is coming up.Gonna need updated program metrics.Lets chat tomorrowyou got it bossBossmanTeam ChatBoD metrics.what have we presented in the past?oh nobad news,our last manager pretty much just made those upgood news,youre here and gonna do so much better;-)detection response metricsWhy should I care about metrics?Metrics:You Are What You Measure!Hauser&KatzThat which is measured,improves Karl PearsonMetrics reUnveiling the Cracks in Virtualization,Mastering the Host SystemVMware Workstation EscapeSpeaker:VictorV#BHASIA BlackHatEventsVMware Workstation Escape TianfuCup2018/2021/2023Zer0Con 2022HITB 2020Hyper-V EscapeCVE-2019-0887In 2021Bugs in SQLServer,RDP,QEMU,DNS,DHCP,Samba,ESXiTop 3 of MSRC 2023 Q3/Q4 LeaderboardAbout Me:VictorV(vv474172261)#BHASIA BlackHatEvents目錄CONTENTSVirtualization Basic InfoHistoric Bugs In UHCIExploit for TianfuCup 2023Summary#BHASIA BlackHatEventsVirtualization Basic Inf#BHASIA BlackHatEventsTHE FINAL*CHAPTERUNLIMITED WAYS TO BYPASS YOUR MACOS PRIVACY MECHANISMSCSABA FITZL&WOJCIECH REGUA#BHASIA BlackHatEventsNSFullUserName()Wojciech Regua Head of Mobile Security SecuRing Certified iOS Application Security Engineer(iASE)author Focused on iOS/macOS#appsec Blogger https:/wojciechregula.blog#BHASIA BlackHatEventsNSFullUserName()Csaba Fitzl Principal macOS Security Researcher Kandji Former creator of macOS Exploitation&Pentesting Training Ex red/blue teamer #BHASIA BlackHatEventsThe Hole in Sandbox:The Hole in Sandbox:EscapeEscape Modern WebModern Web-Based App Sandbox From Based App Sandbox From SiteSite-Isolation PerspectiveIsolation PerspectiveBohan Liu,Haibin ShiTencent Security Xuanwu Lab#BHASIA BlackHatEventsWho are weWho are weP4nda20371774Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser SecurityGoogle Chrome Bug HunterBohan LiuHaibin ShiAryb1nSecurity Researcher at Tencent Security Xuanwu LabAndroid Security#BHASIConfused Learning:Supply Chain Attacks through Machine Learning ModelsThreat IntelligenceDropboxHello!Mary WalkerAdrian Wood Red Team DropboxThrelfallwhitehacksecMairebearmairebearIntroduction01Target Selection02WeaponizingModels03Attacker Observations04AgendaDeployment05Post Exploitation06Threat Research07Defense&Prevention08Introduction01Key ConceptsModified prediction algorithmsA lot can go wrong with modelsBackdoorsHijacksModels containing malware and much moreMalicious models wont execu#BHASIA BlackHatEventsBad Randomness:Protecting Against Cryptographys Perfect CrimeTal Beery,CTO&Co-Founder ZengoCo-Founder,CTO ZenGo20+years cyber security9th time BH Speaker1st time BHASIA speaker!talbeerysecHi,Im Tal BeeryAgenda The Perfect Crime:Why bad randomness is cryptos perfect crime?True Crime(s)Bad private key:Bitcoin,gone in millisecondsBad Nonce:Ethereum,gone in millisecondsBad DH parameters:TLS malware,even more powerful than previously known SolutionsAvoiding single point of f#BHASIA BlackHatEventsPrivacy DetectivePrivacy DetectiveSniffing Out Your Data Leaks for AndroidAbbie&MeggieAbbie&Meggie#BHASIA BlackHatEventsAbout usAbout usMeggie He,A security researcher at OPPO,specializes in security certification,security feature research,and security tool development.She leads in certification projects,leads the writing of OPPOs IoT security specifications,and development of this tool.Abbie Zhou,A security researcher and engineer,specializes in reverse,development