No week in the information security calendar is quite like this one, with the annual Black Hat USA and DefCon security conferences descending on Las Vegas.
The mythos of the two security conferences runs deep across more than two decades as the places where new research is revealed and zero-day exploits are announced, and the 2016 events are no exception.
While the focus of Black Hat USA, which has its briefings on Aug. 3 and 4 at the Mandalay Bay Resort and Casino, is largely on new issues, the event kicks off with a keynote address from security researcher Dan Kaminsky that will likely reminisce about one of the largest issues ever revealed at a Black Hat event.
Read More: Q&A With Black Hat Founder Jeff Moss
“Essentially, I’d like to provide a model for comprehending the internet as it stands that prevents harm to it while providing the useful resources to promote its continued operation,” the abstract for Kaminsky’s session states.
Kaminsky won’t be the only person at Black Hat talking about core internet protocols and the risks they pose, as there are multiple talks on DNS and HTTPS security. Security researcher Erik Wu from startup Acalvio, for example, is giving a talk titled “Dark Side of the DNS Force” that will discuss DNS-based attacks.
SafeBreach security researchers Itzik Kotler and Amit Klein are talking about how to cripple HTTPS encrypted traffic.
“We will demonstrate that, by forcing your browser/system to use a malicious PAC (Proxy AutoConfiguration) resource, it is possible to leak HTTPS URLs,” the SafeBreach session abstract states.
Among the most anticipated protocol talks is one titled “BadWPAD” (Web Proxy Auto Discovery) in which researcher Maxim Goncharov will detail how the WPAD protocol is often misconfigured in a way that could be exposing millions of users to risk.
Abusing security features is a common theme at most Black Hat events, and at Black Hat USA 2016, one of the most interesting sessions is a talk titled “Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable,” from Deep Insight security researcher Tom Nipravsky. In his talk, Nipravsky will detail how he was able to bypass Microsoft security for digitally signed applications.
Bypassing the security of antivirus vendors is also a theme this year, and in a talk titled “Captain Hook: Pirating AVs to Bypass Exploit Mitigations,” researchers from security firm enSilo will detail vulnerabilities they reported to multiple antivirus vendors in how they hook into the Windows operating system.
Originally published on eWeek
Quiz: What do you know about cybersecurity in 2016?
Page: 1 2
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform