The Startup Spotlight Competition at Black Hat returns for 2024. Submit your 5-minute video pitch by June 12 to enter for the chance to exhibit in Startup City at Black Hat USA and present your product/service to Black Hat Judges and our live

Support PODTUBE.ME continuity as a free service

Apr 29th, 2024 1m

PODTUBE is a personal project and was originally developed to be used only by its creator, but then the creator decided to open it, making PODTUBE available to everybody with similar needs, for free. However, PODTUBE has server, bandwidth, de

Locknote: Conclusions and Key Takeaways from Day 2

Apr 10th, 2024 47m 58s

At the end of day two, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key

Locknote: Conclusions and Key Takeaways from Day 1

Apr 10th, 2024 48m 2s

At the end of day one, join Black Hat Founder Jeff Moss and Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key

Keynote: My Lessons from the Uber Case

Apr 10th, 2024 1h 5m

In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him....Today, Sullivan mentors sec

Support PODTUBE.ME continuity as a free service

Apr 10th, 2024 1m

Keynote: Industrialising Cyber Defence in an Asymmetric World

Apr 9th, 2024 41m 2s

In this keynote, Ollie Whitehouse will outline a future in which we industrialise our approaches to cyber defence against adversaries who are not constrained by the same legal, moral, or ethical frameworks. This talk will begin by exploring the

The Black Hat Europe Network Operations Center (NOC) Report

Apr 9th, 2024 38m 2s

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, s

My Invisible Adversary: Burnout

Apr 5th, 2024 40m 39s

It seems that lately, Burnout is an invisible member of every operational security team. Attackers grow more capable every year, the attacks faster and harder, and regulations even more strict about how quickly and completely your team must per

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility

Apr 5th, 2024 44m 30s

...How do you go about fully understanding what cryptography you have, how it is used and if it's good or bad? This was the question we started to ask ourselves and set about trying to answer using static analysis tools such as GitHub's CodeQL.

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to Enable BCP38

Apr 4th, 2024 28m 23s

...In this talk we will analyze the global view of spoofing from Cloudflare, to understand IP spoofing on network-layer DoS attacks, and analyze geographic, longitudinal and network-specific characteristics of spoofing sources. We developed and

Collide+Power: The Evolution of Software-based Power Side-Channels Attacks

Apr 4th, 2024 35m 58s

Power side channels exploit leakage that is fundamentally a result of how we build processors. Over the recent years, these attacks evolved to target general-purpose desktop and server CPUs purely from software.In this talk, we explore this e

Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure

Apr 3rd, 2024 26m 35s

A security researcher submits their vulnerability report to an open source project (when they can find a confidential way to do so!). That launches several events in the affected project. In this talk, Marta will explain the reasons behind typi

New Techniques for Split-Second DNS Rebinding

Apr 3rd, 2024 31m 19s

...In this talk, I will present two new techniques that can be used to achieve reliable, split-second DNS rebinding in Chrome, Edge, and Safari on hosts with IPv6 access, along with a method to bypass Chrome's restrictions on requests to the lo

Something Rotten in the State of Data Centers

Apr 2nd, 2024 40m 27s

...This talk details our findings in the data center device management domain, showcasing the most impactful vulnerabilities and exploits unearthed in our broader effort to investigate the security of critical data center components. Specifical

When The Front Door Becomes a Backdoor: The Security Paradox of OSDP

Apr 2nd, 2024 36m 12s

Ever imagined that the modern Physical Access Control Systems (PACS) at the front door of your facility could actually serve as an entry point into your internal IP network? Surprisingly, this is not as far-fetched as it seems. In this talk, we

The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools

Apr 1st, 2024 35m 21s

...In this talk, we will delve into the internals of the Windows user-mode thread pool, a component that seems to have been overlooked by security researchers in the past. Our exploration begins with an introduction to the thread pool architect

Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead

Apr 1st, 2024 29m 32s

Kidnap ransoms without kidnapping people? New extortion techniques such as Human Process Compromise (HPC) are gaining popularity with criminals at the edge of emerging technologies and traditional crime. We have identified a growing trend in vi

Rate