www.blackhat.com Open in urlscan Pro
2606:4700::6811:b385  Public Scan

Submitted URL: https://www.blackhat.com/asia-23/briefings/schedule/index.html#dirty-stream-attack-turning-android-share-targets-into-att...
Effective URL: https://www.blackhat.com/asia-23/briefings/schedule/index.html
Submission: On May 06 via api from BY — Scanned from DE

Form analysis 1 forms found in the DOM

<form class="filter_wrapper">
  <div class="filters_wrapper" id="filters_wrapper">
    <div class="session_type_wrapper">
      <h3 id="filter_session_type" class="filter_header_background_shown filter_header">Session Type(s)</h3>
      <div class="session_type_list">
        <div class="select_clear_all_link"><a onclick="select_all_filter('session_type'); return false;" href="javascript:;">Select All</a> | <a onclick="clear_all_filter('session_type'); return false;" href="javascript:;">Clear</a> </div>
        <ul>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="session_type_18_checkbox" id="session_type_18_checkbox" class="session_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="session_type_18_checkbox" id="label_session_type_18" class="session_type_checkbox_label" href="#session/briefings">
                <div class="session_type_icon briefings_icon"></div> <span>Briefings</span>
              </label> </div>
            <div class="clear"></div>
          </li>
        </ul>
      </div>
    </div>
    <div class="format_type_wrapper">
      <h3 id="filter_format_type" class="filter_header_background_shown filter_header">Format(s)</h3>
      <div class="format_type_list">
        <div class="select_clear_all_link"><a onclick="select_all_filter('format_type'); return false;" href="javascript:;">Select All</a> | <a onclick="clear_all_filter('format_type'); return false;" href="javascript:;">Clear</a> </div>
        <ul>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="format_type_439-3_checkbox" id="format_type_439-3_checkbox" class="format_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="format_type_439-3_checkbox" id="label_format_type_439-3" class="format_type_checkbox_label" href="#format/-minute-briefings">
                <div class="format_type_icon -minute-briefings_icon"></div> <span>30-Minute Briefings</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="format_type_439-419_checkbox" id="format_type_439-419_checkbox" class="format_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="format_type_439-419_checkbox" id="label_format_type_439-419" class="format_type_checkbox_label" href="#format/-minute-briefings">
                <div class="format_type_icon -minute-briefings_icon"></div> <span>40-Minute Briefings</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="format_type_439-5_checkbox" id="format_type_439-5_checkbox" class="format_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="format_type_439-5_checkbox" id="label_format_type_439-5" class="format_type_checkbox_label" href="#format/-minute-briefings">
                <div class="format_type_icon -minute-briefings_icon"></div> <span>60-Minute Briefings</span>
              </label> </div>
            <div class="clear"></div>
          </li>
        </ul>
      </div>
    </div>
    <div class="track_type_wrapper">
      <h3 id="filter_track_type" class="filter_header_background_shown filter_header">Track(s)</h3>
      <div class="track_type_list">
        <div class="select_clear_all_link"><a onclick="select_all_filter('track_type'); return false;" href="javascript:;">Select All</a> | <a onclick="clear_all_filter('track_type'); return false;" href="javascript:;">Clear</a> </div>
        <ul>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1879_checkbox" id="track_type_1879_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1879_checkbox" id="label_track_type_1879" class="track_type_checkbox_label" href="#track/ai-ml--data-science">
                <div class="track_type_icon ai-ml--data-science_icon"></div> <span>AI, ML, &amp; Data Science</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1831_checkbox" id="track_type_1831_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1831_checkbox" id="label_track_type_1831" class="track_type_checkbox_label" href="#track/application-security">
                <div class="track_type_icon application-security_icon"></div> <span>Application Security</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1880_checkbox" id="track_type_1880_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1880_checkbox" id="label_track_type_1880" class="track_type_checkbox_label" href="#track/cloud--platform-security">
                <div class="track_type_icon cloud--platform-security_icon"></div> <span>Cloud &amp; Platform Security</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1896_checkbox" id="track_type_1896_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1896_checkbox" id="label_track_type_1896" class="track_type_checkbox_label" href="#track/community--career">
                <div class="track_type_icon community--career_icon"></div> <span>Community &amp; Career</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1768_checkbox" id="track_type_1768_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1768_checkbox" id="label_track_type_1768" class="track_type_checkbox_label" href="#track/cryptography">
                <div class="track_type_icon cryptography_icon"></div> <span>Cryptography</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1882_checkbox" id="track_type_1882_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1882_checkbox" id="label_track_type_1882" class="track_type_checkbox_label" href="#track/cyber-physical-systems">
                <div class="track_type_icon cyber-physical-systems_icon"></div> <span>Cyber-Physical Systems</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1883_checkbox" id="track_type_1883_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1883_checkbox" id="label_track_type_1883" class="track_type_checkbox_label" href="#track/data-forensics--incident-response">
                <div class="track_type_icon data-forensics--incident-response_icon"></div> <span>Data Forensics &amp; Incident Response</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1769_checkbox" id="track_type_1769_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1769_checkbox" id="label_track_type_1769" class="track_type_checkbox_label" href="#track/defense">
                <div class="track_type_icon defense_icon"></div> <span>Defense</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1897_checkbox" id="track_type_1897_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1897_checkbox" id="label_track_type_1897" class="track_type_checkbox_label" href="#track/enterprise-security">
                <div class="track_type_icon enterprise-security_icon"></div> <span>Enterprise Security</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1770_checkbox" id="track_type_1770_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1770_checkbox" id="label_track_type_1770" class="track_type_checkbox_label" href="#track/exploit-development">
                <div class="track_type_icon exploit-development_icon"></div> <span>Exploit Development</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1887_checkbox" id="track_type_1887_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1887_checkbox" id="label_track_type_1887" class="track_type_checkbox_label" href="#track/hardware--embedded">
                <div class="track_type_icon hardware--embedded_icon"></div> <span>Hardware / Embedded</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1773_checkbox" id="track_type_1773_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1773_checkbox" id="label_track_type_1773" class="track_type_checkbox_label" href="#track/human-factors">
                <div class="track_type_icon human-factors_icon"></div> <span>Human Factors</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1741_checkbox" id="track_type_1741_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1741_checkbox" id="label_track_type_1741" class="track_type_checkbox_label" href="#track/keynote">
                <div class="track_type_icon keynote_icon"></div> <span>Keynote</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1895_checkbox" id="track_type_1895_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1895_checkbox" id="label_track_type_1895" class="track_type_checkbox_label" href="#track/lessons-learned">
                <div class="track_type_icon lessons-learned_icon"></div> <span>Lessons Learned</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1802_checkbox" id="track_type_1802_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1802_checkbox" id="label_track_type_1802" class="track_type_checkbox_label" href="#track/malware">
                <div class="track_type_icon malware_icon"></div> <span>Malware</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_17_checkbox" id="track_type_17_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_17_checkbox" id="label_track_type_17" class="track_type_checkbox_label" href="#track/mobile">
                <div class="track_type_icon mobile_icon"></div> <span>Mobile</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1884_checkbox" id="track_type_1884_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1884_checkbox" id="label_track_type_1884" class="track_type_checkbox_label" href="#track/network-security">
                <div class="track_type_icon network-security_icon"></div> <span>Network Security</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1828_checkbox" id="track_type_1828_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1828_checkbox" id="label_track_type_1828" class="track_type_checkbox_label" href="#track/policy">
                <div class="track_type_icon policy_icon"></div> <span>Policy</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1898_checkbox" id="track_type_1898_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1898_checkbox" id="label_track_type_1898" class="track_type_checkbox_label" href="#track/privacy">
                <div class="track_type_icon privacy_icon"></div> <span>Privacy</span>
              </label> </div>
            <div class="clear"></div>
          </li>
          <li class="li2">
            <div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1779_checkbox" id="track_type_1779_checkbox" class="track_type_checkboxes"> </div>
            <div class="checkbox_label_wrapper"><label for="track_type_1779_checkbox" id="label_track_type_1779" class="track_type_checkbox_label" href="#track/reverse-engineering">
                <div class="track_type_icon reverse-engineering_icon"></div> <span>Reverse Engineering</span>
              </label> </div>
            <div class="clear"></div>
          </li>
        </ul>
      </div>
    </div>
  </div>
</form>

Text Content

Informa

Black Hat is part of the Informa Tech Division of Informa PLC

 * Informa PLC
 * About us
 * Investor relations
 * Talent

This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them. Informa PLC's registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales. Number 8860726.

 * 
 * Events
   Black Hat USASecTorUpcoming Events
 * Briefings
   BriefingsCall for PapersSecTor Briefings Call for PapersArchives
 * Trainings
 * Arsenal
   ArsenalResourcesCall for ToolsReview Board
 * Summits
 * Webinars
   WebinarsExecutive Interviews
 * Sponsorships
   Sponsorship OpportunitiesSponsor News
 * About
   About UsIn the NewsPress ReleasesBriefings Review BoardTraining Review
   BoardSecTor Review BoardBriefings Call for PapersSecTor Briefings Call for
   PapersCode of ConductContact UsSustainability PledgePrivacy


Asia 2023
Register Now
May 9-12, 2023

--------------------------------------------------------------------------------

Marina Bay Sands / Singapore
+ Virtual
Event Menu
 * AttendAttend
   Attendee RegistrationPass ComparisonVirtual Platform InfoMedia
   RegistrationExecutive SummitOmdia Analyst SummitScholarshipsTravelCode of
   Conduct
 * Trainings
 * BriefingsBriefings
   Keynote: Xiaosheng TanFireside Chat: Jeff Moss & Gaurav KeerthiOverview &
   CPEsSchedule
 * ArsenalArsenal
   OverviewSchedule
 * FeaturesFeatures
   OverviewNOCOmdia Analyst SummitSchedule
 * Schedule
 * Business HallBusiness Hall
   Business HallContestsSponsored Sessions
 * SponsorsSponsors
   Exhibit NowEvent SponsorsSponsor News
 * ProposalsProposals
   Call for Papers - BriefingsCall for Tools - Arsenal

All times are Singapore Time (GMT/UTC +8h)

 * All
 * Thursday
 * Friday

 * All
 * A-E
 * F-J
 * K-O
 * P-T
 * U-Z


All SessionsSpeakers



SESSION TYPE(S)

Select All | Clear
 * 
   Briefings
   


FORMAT(S)

Select All | Clear
 * 
   30-Minute Briefings
   
 * 
   40-Minute Briefings
   
 * 
   60-Minute Briefings
   


TRACK(S)

Select All | Clear
 * 
   AI, ML, & Data Science
   
 * 
   Application Security
   
 * 
   Cloud & Platform Security
   
 * 
   Community & Career
   
 * 
   Cryptography
   
 * 
   Cyber-Physical Systems
   
 * 
   Data Forensics & Incident Response
   
 * 
   Defense
   
 * 
   Enterprise Security
   
 * 
   Exploit Development
   
 * 
   Hardware / Embedded
   
 * 
   Human Factors
   
 * 
   Keynote
   
 * 
   Lessons Learned
   
 * 
   Malware
   
 * 
   Mobile
   
 * 
   Network Security
   
 * 
   Policy
   
 * 
   Privacy
   
 * 
   Reverse Engineering
   

No sessions found

 * * Thursday | 8:00am
   * Morning Beverage Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom 4403-04 & 4502-05
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 9:00am
   * Keynote - Preparing the Long Journey for Data Security
     Location:  TBD
     Speaker: Xiaosheng Tan
     Track:
     
     Keynote
     Format: 60-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 10:20am
   * Alice in Kernel Land: Lessons Learned From the eBPF Rabbit Hole
     Location:  TBD
     Speaker: Simon Scannell, Speaker: Valentina Palmiotti, Speaker: Juan José
     López Jaimez
     Tracks:
     
     Exploit Development,
     
     Lessons Learned
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Bypassing Anti-Cheats & Hacking Competitive Games
     Location:  TBD
     Speaker: Rohan Aggarwal
     Tracks:
     
     Reverse Engineering,
     
     Application Security
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Revisiting Stealthy Sensitive Information Collection from Android Apps
     Location:  TBD
     Speaker: Guangdong Bai, Speaker: Qing Zhang, Contributor: Guangshuai Xia
     Tracks:
     
     Privacy,
     
     Mobile
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     When Knowledge Graph Meets TTPs: Highly Automated and Adaptive Executable
     TTP Intelligence for Security Evaluation
     Location:  TBD
     Speaker: Lorin Wu, Speaker: Porot Mo, Contributor: Jack Tang
     Tracks:
     
     Defense,
     
     Enterprise Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 11:00am
   * Morning Refreshment Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom (4403-04 & 4502-05)
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 11:20am
   * Dilemma in IoT Access Control: Revealing Novel Attacks and Design
     Challenges in Mobile-as-a-Gateway IoT
     Location:  TBD
     Speaker: Luyi Xing, Contributor: Xin'an Zhou, Contributor: Jiale Guan,
     Contributor: Zhiyun Qian
     Tracks:
     
     Network Security,
     
     Cyber-Physical Systems
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Operation Clairvoyance: How APT Groups Spy on the Media Industry
     Location:  TBD
     Speaker: Yue-Tien Chen, Speaker: Zih-Cing Liao
     Tracks:
     
     Data Forensics & Incident Response,
     
     Malware
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Stealing With Style: Using CSS to Exploit ProtonMail & Friends
     Location:  TBD
     Speaker: Paul Gerste
     Tracks:
     
     Application Security,
     
     Privacy
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13
     Location:  TBD
     Speaker: Yong Wang
     Tracks:
     
     Exploit Development,
     
     Mobile
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 12:00pm
   * Lunch (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom 4403-04 & 4502-05
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 1:30pm
   * Behind the Scenes: How Criminal Enterprises Pre-infect Millions of Mobile
     Devices
     Location:  TBD
     Speaker: Fyodor Yarochkin, Speaker: Zhengyu Dong, Contributor: Vladimir
     Kropotov, Contributor: Paul Pajares
     Tracks:
     
     Hardware / Embedded,
     
     Mobile
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
     Location:  TBD
     Speaker: Dimitrios Valsamaras
     Tracks:
     
     Mobile,
     
     Application Security
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Grand Theft House: RF Lock Pick Tool to Unlock Smart Door Lock
     Location:  TBD
     Speaker: Seungjoon Lee, Speaker: Kwonyoup Kim, Contributor: Seokhie Hong
     Tracks:
     
     Reverse Engineering,
     
     Hardware / Embedded
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Prototype Pollution Leads to RCE: Gadgets Everywhere
     Location:  TBD
     Speaker: Mikhail Shcherbakov
     Tracks:
     
     Application Security,
     
     Exploit Development
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 2:30pm
   * Deception at Scale: How Malware Abuses Trust
     Location:  TBD
     Speaker: Gerardo Fernandez Navarrete
     Tracks:
     
     Malware,
     
     Lessons Learned
     Format: 30-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Insider Threats Packing Their Bags With Corporate Data
     Location:  TBD
     Speaker: Dagmawi Mulugeta, Contributor: Colin Estep
     Tracks:
     
     Human Factors,
     
     Cloud & Platform Security
     Format: 30-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     PMFault: Voltage Fault Injection on Server Platforms Through the PMBus
     Location:  TBD
     Speaker: Zitai Chen, Contributor: David Oswald
     Tracks:
     
     Hardware / Embedded,
     
     Cloud & Platform Security
     Format: 30-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     PPLdump Is Dead. Long Live PPLdump!
     Location:  TBD
     Speaker: Gabriel Landau
     Tracks:
     
     Exploit Development,
     
     Cloud & Platform Security
     Format: 30-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 3:00pm
   * Afternoon Refreshment Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom (4403-04 & 4502-05)
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 3:20pm
   * firmWar: An Imminent Threat to the Foundation of Computing
     Location:  TBD
     Speaker: Vlad Babkin, Contributor: Nate Warfield
     Tracks:
     
     Enterprise Security,
     
     Hardware / Embedded
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Hacked on National Television
     Location:  TBD
     Speaker: Linus Kvarnhammar
     Tracks:
     
     Lessons Learned,
     
     Human Factors
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Leveraging Streaming-Based Outlier Detection and SliceLine to Stop Heavily
     Distributed Bot Attacks
     Location:  TBD
     Speaker: Antoine Vastel, Speaker: Konstantina Kontoudi
     Track:
     
     AI, ML, & Data Science
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Nakatomi Space: Lateral Movement as L1 Post-exploitation in OT
     Location:  TBD
     Speaker: Jos Wetzels
     Tracks:
     
     Cyber-Physical Systems,
     
     Hardware / Embedded
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Thursday | 4:20pm
   * Forward Focus – The Impact of Artificial Intelligence
     Location:  TBD
     Panelist: Maxine Holt, Panelist: Marina Krotofil, Moderator: Tara Seals,
     Speaker: Fyodor Yarochkin, Panelist: Stefano Zanero
     Tracks:
     
     Keynote,
     
     AI, ML, & Data Science
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 8:00am
   * Morning Beverage Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom 4403-04 & 4502-05
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 9:00am
   * Trends and Top Takeaways from Black Hat Asia
     Location:  TBD
     Panelist: Sudhanshu Chauhan, Panelist: Ty Miller, Moderator: Jeff Moss,
     Panelist: Asuka Nakajima, Panelist: Pamela O'Shea
     Track:
     
     Keynote
     Format: 60-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 10:20am
   * Breaking Managed Data Services in the Cloud
     Location:  TBD
     Speaker: Yoav Alon, Speaker: Tzah Pahima, Contributor: Yanir Tsarimi
     Tracks:
     
     Enterprise Security,
     
     Cloud & Platform Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache
     Location:  TBD
     Speaker: Koh Nakagawa
     Tracks:
     
     Exploit Development,
     
     Reverse Engineering
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     E-Meet (or Emit?) My Keystrokes: How Benign Screen-sharing Meetings Could
     Leak Typing Behaviors
     Location:  TBD
     Speaker: Chrisando Ryan Pardomuan Siahaan, Contributor: Andry Chowanda
     Tracks:
     
     Privacy,
     
     AI, ML, & Data Science
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Sweet Dreams: Abusing Sleep Mode to Break Wi-Fi Encryption and Disrupt
     WPA2/3 Networks
     Location:  TBD
     Speaker: Mathy Vanhoef, Speaker: Domien Schepers
     Tracks:
     
     Network Security,
     
     Cryptography
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 11:00am
   * Morning Refreshment Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom (4403-04 & 4502-05)
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 11:20am
   * Hand Me Your SECRET, MCU! Microarchitectural Timing Attacks on
     Microcontrollers are Practical
     Location:  TBD
     Speaker: Sandro Pinto, Speaker: Cristiano Rodrigues
     Tracks:
     
     Hardware / Embedded,
     
     Cyber-Physical Systems
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     New Wine in an Old Bottle: Attacking Chrome WebSQL
     Location:  TBD
     Speaker: Ziling Chen, Speaker: Nan Wang, Contributor: Hongli Han
     Tracks:
     
     Exploit Development,
     
     Reverse Engineering
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Security Advocacy Shouldn't Be for Security Professionals: An Analysis of
     How the Industry Misses the Mark and How We Can Improve
     Location:  TBD
     Speaker: Sarah Young
     Tracks:
     
     Human Factors,
     
     Community & Career
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Weaponizing Mobile Infrastructure: Are Politically Motivated Cyber Attacks
     a Threat to Democracy?
     Location:  TBD
     Speaker: Imran Saleem
     Tracks:
     
     Mobile,
     
     Network Security
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 12:00pm
   * Lunch (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom 4403-04 & 4502-05
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 1:30pm
   * Abusing Azure Active Directory: From MFA Bypass to Listing Global
     Administrators
     Location:  TBD
     Speaker: Nestori Syynimaa, Speaker: Sravan Akkaram
     Tracks:
     
     Cloud & Platform Security,
     
     Exploit Development
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     A New Attack Interface in Java Applications
     Location:  TBD
     Speaker: Xu Yuanzhen, Contributor: Peter Mularien
     Track:
     
     Application Security
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     A Run a Day Won't Keep the Hacker Away: Inference Attacks on Endpoint
     Privacy Zones in Fitness Tracking Social Networks
     Location:  TBD
     Speaker: Karel Dhondt, Speaker: Victor Le Pochat
     Tracks:
     
     Privacy,
     
     Application Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Fuzzing the Native NTFS Read-Write Driver (NTFS3) in the Linux Kernel
     Location:  TBD
     Speaker: Chiachih Wu, Speaker: Yuan-Tsung Lo
     Tracks:
     
     Exploit Development,
     
     Cloud & Platform Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 2:30pm
   * Attacking the WebAssembly Compiler of WebKit
     Location:  TBD
     Speaker: Zong Cao, Speaker: Zheng Wang, Contributor: Yeqi Fu, Contributor:
     Fangming Gu, Contributor: Bohan Liu
     Track:
     
     Application Security
     Format: 30-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Engaging the Next Generation of Cybersecurity Professionals: The Power of
     Security Zines
     Location:  TBD
     Speaker: Rohit Sehgal
     Track:
     
     Community & Career
     Format: 30-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and
     Revocation
     Location:  TBD
     Speaker: Xiang Li
     Track:
     
     Network Security
     Format: 30-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     You Can Run, but You Can't Hide - Finding the Footprints of Hidden
     Shellcode
     Location:  TBD
     Speaker: John Uhlmann
     Tracks:
     
     Malware,
     
     Reverse Engineering
     Format: 30-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 3:00pm
   * Afternoon Refreshment Break (Briefings)
     Location:  TBD
     
     Track:
     
     Location: Peony Ballroom (4403-04 & 4502-05)
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 3:20pm
   * Breaking the Chain: An Attacker's Perspective on Supply Chain
     Vulnerabilities and Flaws
     Location:  TBD
     Speaker: Yakir Kadkoda, Speaker: Ilay Goldman
     Tracks:
     
     Defense,
     
     Application Security
     Format: 40-Minute Briefings
     Location: Peony Junior Ballroom 4410
     
     
     
      LATE
     
     
     
     
     
     
     
     
     Cloudy With a Chance of Exploits: Compromising Critical Infrastructure
     Through IIoT Cloud Solutions
     Location:  TBD
     Speaker: Roni Gavrilov
     Tracks:
     
     Cyber-Physical Systems,
     
     Cloud & Platform Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4813
     
     
     
      LATE
     
     
     
     
     
     
     
     
     The Black Hat Asia NOC Report
     Location:  TBD
     Speaker: Neil Wyler, Speaker: Bart Stump
     Tracks:
     
     Network Security,
     
     Application Security
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     
     
     The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
     Location:  TBD
     Speaker: Alex Matrosov, Speaker: Richard Hughes, Speaker: Kai Michaelis
     Tracks:
     
     Hardware / Embedded,
     
     Cloud & Platform Security
     Format: 40-Minute Briefings
     Location: Simpor Junior Ballroom 4810
     
     
     
      LATE
     
     
     
     
     
     
     
   
   * Friday | 4:20pm
   * Fireside Chat: Jeff Moss and Gaurav Keerthi
     Location:  TBD
     Speaker: Gaurav Keerthi, Moderator: Jeff Moss
     Tracks:
     
     Keynote,
     
     Policy
     Format: 40-Minute Briefings
     Location: Roselle Junior Ballroom
     
     
     
      LATE
     
     
     
     
     
     
     


DIRTY STREAM ATTACK, TURNING ANDROID SHARE TARGETS INTO ATTACK VECTORS


Dimitrios Valsamaras  |  Senior Security Researcher, Microsoft

Date: Thursday, May 11 | 1:30pm-2:10pm ( Peony Junior Ballroom 4410 )
Format: 40-Minute Briefings
Tracks:

Mobile,

Application Security
Vault Recording: TBD

The Android operating system uses intents as its main means of exchanging
information between applications. Besides messaging, file exchange is also
possible by simply constructing an intent of action ACTION_SEND and using it to
forward the desired file as an associated stream to another application. On the
other end, the receiving app can define a filter in its manifest to inform the
intent resolver to route the forwarded stream to a specific component.

While the sender application can construct an implicit intent and delegate the
decision of choosing the target to the user, it is also possible to
categorematically define a component of another package and by the time that
this is exported, to trigger it by using an explicit intent. The latter
eliminates the need for user interaction and can be initiated at any time while
the sender application maintains a foreground state.

In this session, we will describe an attack that exploits the case where the
receiving application blindly trusts an incoming stream and proceeds with
processing it without validation. The concept is similar to a file upload
vulnerability of a web application. More specifically, a malicious app uses a
specially crafted content provider to bear a payload that it sends to the target
application. As the sender controls the content but also the name of the stream,
the receiver may overwrite critical files with malicious content in case it
doesn't perform some necessary security checks. Additionally, when certain
conditions apply, the receiver may also be forced to copy protected files to a
public directory, setting the user's private data at risk.

During our research, we identified multiple apps susceptible to this type of
attack, which are published in Google Playstore and have millions of
installations. We immediately acted, informing the vendors about it in order to
provide the appropriate fixes.





PRESENTATION MATERIAL



• Download Slides




Discover more from Informa Tech
 * Dark Reading
 * SecTor
 * Black Hat Trainings
 * Omdia

Working With Us
 * About Us
 * Code of Conduct
 * Contact us
 * Upcoming Events

Follow on Social
 * 
 * 
 * 
 * 
 * 
 * 

 * Cookie
 * CCPA: Do not sell my personal info
 * Privacy
 * Terms

Copyright © 2024 Informa PLC. Informa PLC is registered in England and Wales
with company number 8860726 whose registered and head office is 5 Howick Place,
London, SW1P 1WG.


×
>

This site uses cookies to provide you with the best user experience possible. By
continuing to use this site, you accept our use of cookies.

I Agree