BlackHat USA 2015 文章中英文索引
著名的BlackHat 2015黑帽盛會(huì)早已結(jié)束,會(huì)議之后放出了近百篇會(huì)議文章或PPT,英文文章傳送門。這里對(duì)其中的文章英文標(biāo)題進(jìn)行了中文翻譯,方便大家快速找到感興趣的文章話題。
本人也不是專職翻譯,翻譯不好的地方還望見諒,這里權(quán)當(dāng)拋磚引玉。
BlackHat 2015黑客盛會(huì)文章和PPT集錦:
Title: Abusing XSLT For Practical Attacks
標(biāo)題:濫用XSLT進(jìn)行高效攻擊
Title: Take A Hacker To Work Day——How Federal Prosecutors Use The CFAA
標(biāo)題:帶著黑客去工作——論聯(lián)邦檢察官對(duì)CFAA的運(yùn)用
Title: Automated Human Vulnerability Scanning With AVA
標(biāo)題:基于AVA的人類自動(dòng)化漏洞掃描
Title: Certifigate——Front Door Access To Pwning Millions Of Androids
標(biāo)題:證書漏洞——攻破無數(shù)安卓系統(tǒng)的前門路徑
Title: SMB: Sharing More Than Just Your Files
標(biāo)題:SMB協(xié)議:不只是共享你的文件
Title: Switches Get Stitches
標(biāo)題:讓網(wǎng)絡(luò)交換設(shè)備得到修補(bǔ)
Title: API Deobfuscator: Resolving Obfuscated API Functions In Modern Packers
標(biāo)題:API混淆代碼閱讀器——解析現(xiàn)代軟件殼中的混淆API功能
Title: Pen Testing A City
標(biāo)題:一座城市的滲透測試
Title: Commercial Spyware-Detecting The Undetectable
標(biāo)題:商業(yè)間諜軟件——檢測那些不可測的
Title: Exploiting Out-of-order Execution: Processor Side Channels to Enable Cross VM Code Execution
標(biāo)題:無序執(zhí)行命令的運(yùn)用——通過處理器旁道攻擊實(shí)現(xiàn)跨VM代碼執(zhí)行
Title: Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as They Regulate Cybersecurity
標(biāo)題:面具的背后:聯(lián)邦貿(mào)易委員會(huì)規(guī)范網(wǎng)絡(luò)安全的議程,竅門和戰(zhàn)術(shù)
Title: Deep Learning on Disassembly
標(biāo)題:利用深度學(xué)習(xí)分析惡意軟件
Title: The Memory Sinkhole: An Architectural Privilege Escalation Vunerability /Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
標(biāo)題:記憶的深坑:一個(gè)設(shè)計(jì)上的通用權(quán)限升級(jí)漏洞/x86的設(shè)計(jì)缺陷導(dǎo)致通用提權(quán)
Title: Crash Pay: How to Own and Clone Contactless Payment Devices/ Crash and Pay: Owning and Cloning Payment Devices
標(biāo)題:如何擁有和克隆一個(gè)非接觸式支付設(shè)備
Title: Securing Your Bigdata Environment
標(biāo)題:保護(hù)你的大數(shù)據(jù)環(huán)境
Title: Breaking HTTPS with BGP Hijacking
標(biāo)題:通過BGP劫持擊破HTTPS
Title: Fuzzing Android System Services by Binder Call to Escalate Privilege
標(biāo)題:通過綁定調(diào)用挖掘Android系統(tǒng)服務(wù)漏洞提權(quán)
Title: Abusing Silent Mitigations: Understanding Weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection
標(biāo)題:沉默緩解的濫用:了解IE瀏覽器堆棧和內(nèi)存保護(hù)的不足之處
Title: Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
標(biāo)題:濫用Windows管理診斷建立持久的異步無文件后門
Title: The Lifecycle of a Revolution
標(biāo)題:革命的生命周期
Title: Internet-Scale File Analysis
標(biāo)題:互聯(lián)網(wǎng)規(guī)模的文件分析
Title: These are not your Grand Daddy’s CPU Performance Counters: CPU Hardware Performance Counters for Security
標(biāo)題:這不是你爺爺?shù)腃PU性能計(jì)數(shù)器:CPU硬件安全性能計(jì)數(shù)器
Title: Taxonomic Modeling of Security Threats in Software Defined Networking
標(biāo)題:軟件定義的網(wǎng)絡(luò)中(SDN)安全威脅的分類模型
Title: Thunderstrike 2: Sith Strike
標(biāo)題:Thunderstrike(病毒名稱) 2: Sith方式的攻擊
Title: How Vulnerable Are We to Scams?
標(biāo)題:在騙局面前我們有多么弱?
Title: Hidden Risks of Biometric Identifiers and How to Avoid Them
標(biāo)題:生物統(tǒng)計(jì)鑒別的隱患及其防范措施
Title: Server Side Template Injection RCE for the Modern Web App
標(biāo)題:針對(duì)現(xiàn)代Web應(yīng)用程序的服務(wù)器端模板注入攻擊RCE
Title: Taking Event Correlation with You
標(biāo)題:讓事件與你同在
Title: Most Ransomware isn’t as Complex as You Might Think
標(biāo)題:大多數(shù)勒索軟件沒有你想象中的復(fù)雜
Title: Internet-facing PLCs—A New Back Orifice
標(biāo)題:面向互聯(lián)網(wǎng)的PLCs——一個(gè)新的后門
Title: Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
標(biāo)題:震動(dòng)的口袋書:為了競爭和敲詐,非法入侵化學(xué)工廠
Title: Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
標(biāo)題:在固件中使用靜態(tài)二進(jìn)制分析尋找漏洞和后門
Title: How to Implement IT Security after a Cyber Meltdown
標(biāo)題:網(wǎng)絡(luò)崩潰后如何實(shí)現(xiàn)IT安全
Title: Harnessing Intelligence from Malware Repositories
標(biāo)題:從惡意軟件資料庫中提取情報(bào)
Title: Remote Physical Damage 101: Bread and Butter Attacks
標(biāo)題:遠(yuǎn)程物理損害101:黃油面包式的攻擊
Title: Optimized Fuzzing IOKit in iOS
標(biāo)題:iOS最佳模糊測試工具——IOKit
Title: Attacking Interoperability: An OLE Edition
標(biāo)題:攻擊互操作性:對(duì)象鏈接與嵌入的一個(gè)版本
Title: Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
標(biāo)題:圖形內(nèi)容前瞻:對(duì)嵌入惡意軟件內(nèi)的圖形圖像的自動(dòng)化、可擴(kuò)展性分析
Title: Big Game Hunting: The Peculiarities of Nation-State Malware Research
標(biāo)題:大型狩獵游戲:民族國家間惡意軟件的獨(dú)特性研究
Title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
標(biāo)題:Faux磁盤加密:移動(dòng)設(shè)備存儲(chǔ)安全的實(shí)情
Title: Mobile Point of Scam: Attacking the Square Reader
標(biāo)題:手機(jī)詐騙的關(guān)鍵點(diǎn):攻擊移動(dòng)支付設(shè)備
Title: Red vs Blue: Modern Active Directory Attacks, Detection, and-Protection
標(biāo)題:紅與藍(lán):現(xiàn)代活動(dòng)目錄的攻擊,檢測和保護(hù)
Title: Defeating Pass-the-Hash: Separation of Powers
標(biāo)題:擊潰哈希傳遞攻擊:權(quán)力的分離
Title: Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
標(biāo)題:非法入侵?jǐn)U頻通信衛(wèi)星:攻擊全球星的單一數(shù)據(jù)服務(wù)
Title: Morgan Web: Timing Attacks Made Practical
標(biāo)題:摩根網(wǎng)絡(luò):時(shí)序攻擊成為現(xiàn)實(shí)
Title: CrackLord Maximizing Password Cracking
標(biāo)題:CrackLord使密碼破解得以最高效化
Title: Breaking Payloads with Runtime Code Stripping and Image Freezing
標(biāo)題:通過運(yùn)行時(shí)間代碼剝離和圖像凍結(jié)破解有效載荷
Title: Dom Flow: Untangling the Dom for More Easy Juicy Bugs
標(biāo)題:Dom流:解決DOM更易涉及隱私的漏洞問題
Title: The NSA Playset: A Year of Toys and Tools
標(biāo)題:NSA(美國國安局)玩具:一年的玩具和工具
Title: This is DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
標(biāo)題:DeepERENT:規(guī)避安卓惡意軟件追蹤應(yīng)用程序的行為
Title: Winning the Online Banking War
標(biāo)題:贏得網(wǎng)銀戰(zhàn)爭的勝利
Title: GameOver Zeus: Bad guys and Backends
標(biāo)題:宙斯游戲結(jié)束:壞人和后端
Title: Staying Persistent in Software Defined Networks
標(biāo)題:在軟件定義的網(wǎng)絡(luò)(SDN)中保持持久性
Title: Repurposing OnionDuke: A Single Case Study around Reusing Nation State Malware
標(biāo)題:OnionDuke的再利用:關(guān)于國家惡意軟件再利用的一個(gè)案例分析
Title: Understanding and Managing Entropy Usage
標(biāo)題:理解和解決熵的使用
Title: Hi! This is Urgent Plz Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs
標(biāo)題:嘿,這是迫切需要盡快修復(fù)的:重要的漏洞發(fā)現(xiàn)獎(jiǎng)勵(lì)制度
Title: The State of BGP Security: Internet Plumbing For Security Professionals
標(biāo)題:BGP的安全狀況:網(wǎng)絡(luò)需要安全專家
Title: When IoT Attacks: Hacking a Linux-Powered Rifle
標(biāo)題:在物聯(lián)網(wǎng)攻擊時(shí):入侵一把Linux驅(qū)動(dòng)的步槍
Title: Why Security Data Science Matters and How it’s Different?
標(biāo)題:數(shù)據(jù)安全技術(shù)的重要性及其獨(dú)特性
Title: The Tactical Application Security Program Getting Stuff Done
標(biāo)題:把事情做好的戰(zhàn)術(shù)型應(yīng)用安全程序
Title: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
標(biāo)題:利用DRAM Rowhammer漏洞獲取Kernel權(quán)限
Title: Attacking Your Trusted Core: Exploiting TrustZone on Android
標(biāo)題:攻擊你“信賴的核心”:在安卓系統(tǒng)上利用信任區(qū)域
Title: Attacking ECMA Script Engines with Redefinition
標(biāo)題:重新定義ECMA攻擊腳本引擎
Title: The Node. Js Highway—Attacks are at Full Throttle
標(biāo)題:Node. Js高速路——攻擊都是開足馬力的
Title: My Bro The ELK: Obtaining Context from Security Events
標(biāo)題:我的兄弟“麋鹿”:從安全事件中獲取事件的背景
Title: WSUSpect: Compromising the Windows Enterprise via Windows Update
標(biāo)題:WSUSpect——通過更新Windows入侵Windows企業(yè)
Title: Subverting Satellite Receivers for Botnet and Profit
標(biāo)題:利益驅(qū)使被僵尸網(wǎng)絡(luò)破壞的衛(wèi)星信號(hào)接收
Title: Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
標(biāo)題:先進(jìn)的集成電路逆向工程技術(shù):對(duì)現(xiàn)代智能卡的詳細(xì)分析
Title: Exploiting XXE Vulnerabilities in File Parsing/Upload Functionality
標(biāo)題:利用文件解析/上載功能中的XXE漏洞
Title: Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
標(biāo)題:有針對(duì)性的擊殺:使用被動(dòng)DNS將附帶損害最小化
Title: FileCry: The New Age of XXE
標(biāo)題:cry文件:XXE的新時(shí)代
Title: Review and Exploit Neglected Attack Surface in iOS 8
標(biāo)題:iOS 8中被忽視攻擊界面的研究和開發(fā)利用
Title: The Applications of Deep Learning on Traffic Identification
標(biāo)題:深度學(xué)習(xí)技術(shù)在流量識(shí)別領(lǐng)域的應(yīng)用
Title: Writing Bad @$$ Malware for OS X
標(biāo)題:針對(duì)蘋果操作系統(tǒng)編寫惡意軟件
Title: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems
標(biāo)題:可以對(duì)氣泵監(jiān)測系統(tǒng)進(jìn)行攻擊的小泵測量儀
Title: ROPInjector: Using Return-Oriented Programming for Polymorphism and Antivirus Evasion
標(biāo)題:ROP注射:使用面向?qū)ο蟮亩鄳B(tài)性與反病毒規(guī)避程序設(shè)計(jì)
Title: Ah! Universal Android Rooting is Back
標(biāo)題:通用安卓Root回來了
Title: Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine
標(biāo)題:了解斯巴達(dá)項(xiàng)目的新款EdgeHTML渲染引擎的攻擊界面和攻擊韌性
Title: Cloning 3G/4G SIM Cards With a PC and an Oscilloscope: Lessons Learned in Physical Security
標(biāo)題:用一臺(tái)計(jì)算機(jī)和示波器克隆3G/4G SIM卡:物理/實(shí)體安全的經(jīng)驗(yàn)教訓(xùn)
Title: From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning And The SOC
標(biāo)題:從錯(cuò)誤的結(jié)果到可操作的分析:行為入侵檢測機(jī)器學(xué)習(xí)和SOC
Title: Bypass Control Flow Guard Comprehensively
標(biāo)題:全面繞過控制流的守衛(wèi)(CFG)
Title: Fingerprints On Mobile Devices: Abusing and Leaking
標(biāo)題:移動(dòng)設(shè)備的指紋:濫用和泄漏
Title: ZigBee Exploited—The Good, the Bad, and the Ugly
標(biāo)題: ZigBee的開發(fā)利用——善,惡,丑
