Black Hat USA 2014 Trainings are filling fast!

Register now so you don't miss out on the Training course you want | more info

Black Hat, checkin' in. We're eagerly counting the days until our Vegas arrival...or at least, a script on our desktop is. We're putting the final touches on the last round of acceptances and hope to have the full schedule out soon. When we do, you'll hear about it right here.

But until then, hopefully a quick look at three just-announced briefings will slake your thirst, quiet your discord, or satisfy the conditions of another relevant metaphor of your choosing.

Exchanging Demands by Peter Hannay

Microsoft Exchange is often a necessary evil, and Peter Hannay will show us just how distressingly easy it can be to make it do a little evil yourself. It turns out that the protocol through which Exchange enforces policies on remote clients provides very little security, leaving the clients open to attacks. Hannay will show you how to impersonate an Exchange server and, with a simple script, erase all data on remote devices. Expect proofof-concept code for both iOS and Android.

PinPadPwn by Nils and Rafael Dominguez Vega

The ubiquitous payment terminals and "pin pads" found in stores worldwide are just as vulnerable as any other systems when it comes to handling user input. And as Chip and Pin replaces magnetic stripe cards, they're handling more and more complex info from untrusted sources, such as the EMV protocol used by major payment smart-cards. Add in the fact that these terminals all talk via Ethernet, GPRS, Wi-Fi or landline, and the attack surface is vast. Nils and Rafael Dominguez Vega will demonstrate how to use memory corruption vulnerabilities to gain code execution on the terminals, and show how this might profit an attacker - no purchase required.

Ghost is in the Air(traffic) by Andrei Costin

Don't tell the TSA, but air traffic control systems and other air-related technologies are on the verge of a long-in-coming upgrade in both capability and sophistication. As ever, these newfound opportunities for innovation and enhanced performance come hand-in-hand with potentially dangerous new security exploits. In this briefing, Andrei Costin will examine the new Automatic Dependent Surveillance - Broadcast (ADS-B) tech from a practical angle and explain the techniques potential attackers could use to open new attack surfaces in air traffic control systems.

That's three - check back for the next Intel Update later this week! In the meantime don't forget to follow us on Twitter and like us on Facebook!

LatestIntel

  • Black Hat USA 2014: Digital Forensics (aka CSI Online) | more info
  • Black Hat USA 2014: Pentesting? Thought You'd Never Ask | more info
  • Black Hat Asia 2014: Clever Network
    Tricks | more info
View More

UpcomingEvents

ShowCoverage

StayConnected

Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

Email*
First Name
Last Name
Subscription Group

Sustaining Sponsors