Three Can't-Miss Briefings
Here at Black Hat, we enjoy the honor of receiving paper submissions from the security world's best and brightest, so if a Briefing makes it all the way from nascent proposal to the actual Black Hat conference, you know it's going to be good. Even so, we all have our favorites, pet topics, predilections and such. These three talks, which will occur in just a few weeks at Black Hat USA 2013, are a couple that we're especially jazzed about. We hope you'll dig 'em too.
Tapping a phone to split a line and eavesdrop on a target's calls is nothing new, but the same principle can be applied to many more communication standards. Project Daisho is a new physical-layer tap that reads everything from gigabit Ethernet to HDMI streams to USB 3.0. Just as 802.11 monitoring exposed the flaws of WEP and WPA, Project Daisho hopes to illuminate the problems in today's wired protocols, and challenge the assumption that they're really safer than wireless. Come to What's on the Wire? Physical Layer Tapping with Project Daisho to get the skinny on the world's first open-source, extensible, modular network tap for wired media.
Online advertising networks can be a web hacker's best friend. After just a small upfront fee you can start sending your arbitrary, even malicious JavaScript commands to the unwitting browsers of anyone unlucky enough to be served your ad. Your impromptu botnet can perform DDoS, send spam, and even help brute-force passwords. And the best part? Your code vanishes when the victim leaves the page, leaving no tracks. Million Browser Botnet will show you how to orchestrate thousands of web browsers yourself, and demonstrate how surprisingly powerful this overlooked attack vector can be.
Technologies don't get much more ubiquitous than NAND memory, which is used in just about every gadget going. But ubiquity rarely equals safety, as Josh "m0nk" Thomas will demonstrate in Hiding @ Depth: Exploring, Subverting, and Breaking NAND Flash Memory. Thomas will show how NAND hardware can be subverted to hide persisting files, opening the door to everything from basic malware to full-on device bricking. He'll release two open-source Android tools, to both hide and reveal these hidden files, and explore the security implications of NAND's striking vulnerabilities. Think there's an easy fix? Unlikely. Come to the session for the full appraisal.