Get expert insight into stopping 'deep fakes', blockchain attacks, and Win 10 vulnerabilities at Black Hat Europe!
Black Hat returns to London in early December, and it promises to be the place to be if you're after the very latest in information security research, development, training, and trends.
To give you a sense of what's in store for you at the show, organizers would like to take a moment today to highlight some of the cutting-edge briefings you can expect to see at Black Hat Europe this year. From blockchain security to "deep fake" detection, these briefings are designed to equip you with the tools and techniques you need to deal with today's top threats.
Take AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace, in which Symantic's Niranjan Agnihotri and Vijay Thaware will walk you through some of the many aspects of the AI-driven "deep fake" tech that's been used to blend human appearances in images and video.
This stuff poses a real threat to anyone who values their image, and in their talk Agnihotri and Thaware will show you how they've figured a way to identify "deep fake" videos using deep learning. They'll show you how this can be achieved using a pre-trained FaceNet model, and how that model can trained on image data of people of importance or concern. After training, the output of the final layer will be stored in a database. A set of sampled images from a video will be passed through the neural network and the output of the final layer from the neural network will be compared to values stored in the database to confirm their authenticity. Don't miss it!
Also, consider checking out MIT security researcher Takuya Watanabe's Black Hat Europe 2018 briefing I Block You Because I Love You: Social Account Identification Attack Against a Website Visitor. It's an exciting presentation of a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. As user pages and profiles in social web services generally include his/her name and activities, the anonymity of a website visitor can be easily destroyed by identifying the social account.
This is a big deal for the privacy-minded, and Watanabe plans to show you how the attack achieves 100 percent accuracy and finishes within a sufficiently short time in a practical setting. He claims the team behind it has verified it works against at least 12 major sites (including Facebook, Instagram, Tumblr, Google+, Twitter, eBay, PornHub, and Xbox Live), though at least some have been able to safeguard against the attack and after they were provided with details of the attack and potential counter-measures. Get the details yourself by coming to the briefing!
If you have any interest in Windows vulnerabilities, make sure to make time for When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence. Presented by Illusive Networks security researcher Magal Baz, this session will reveal an effective approach attackers can use to hold on to ill-gotten domains, exploiting new opportunities offered by the Windows 10 security questions feature.
You'll want to see this briefing because the new feature, introduced this April, is a good example of how a well-intended idea can become a security nightmare. It allows a user to provide security questions and answers which he can later use to regain access to a local account. Baz and her team dug into the implementation of this feature and discovered that it can be abused to create a very durable, low-profile backdoor. Once an attacker compromises a network, this backdoor can be remotely distributed to any Win 10 machine in the network - without even executing code on the targeted machine. So make time to come out and see Baz present this method, and the challenges faced while implementing it!
Last but not least, Kudelski Security VP of tech Jean-Philippe Aumasson will be at Black Hat Europe 2018 to deliver an intriguing talk on Attacking and Defending Blockchains: From Horror Stories to Secure Wallets. He'll review some of the most spectacular security failures in blockchain systems, describe how millions of dollars' worth of tokens could have been stolen (but weren't), and present examples of bugs found in popular Bitcoin software utilities.
He'll also review the different types of wallets and their pros and cons with you, and discuss the risks and benefits of hardware-based wallets for individuals, organizations, and trading platforms. Aumasson is an experienced blockchain systems auditor and security professional, and in this talk he plans to help show you how you can mitigate your blockchain risks.
Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on how to register, check out the Black Hat website.