Black Hat USA 2022の気になったセッションリスト

2022年夏にラスベガスで開催されたBlack Hat USA2022の動画とスライドが公開されていました。 概要ページとスライドをパラパラと見て気になったセッションのリストを作ったので、ブログに残しておきます。 年末年始の休暇を使って順番に見ていきます。

目次

• Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
• Industroyer2: Sandworm’s Cyberwarfare Targets Ukraine’s Power Grid Again
• Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
• Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
• The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
• Google Reimagined a Phone. It was Our Job to Red Team and Secure it.
• In Need of ‘Pair’ Review: Vulnerable Code Contributions by GitHub Copilot
• Is WebAssembly Really Safe? –Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
• Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone
• The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting
• Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design
• BrokenMesh: New Attack Surfaces of Bluetooth Mesh
• I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit
• RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise
• Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine
• A Journey Into Fuzzing WebAssembly Virtual Machines
• Attacks From a New Front Door in 4G & 5G Mobile Networks
• Breaking the Chrome Sandbox with Mojo
• ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron
• Process Injection: Breaking All macOS Security Layers With a Single Vulnerability
• From Hackathon to Hacked: Web3’s Security Journey
• Kubernetes Privilege Escalation: Container Escape == Cluster Admin?
• XMPP Stanza Smuggling or How I Hacked Zoom
• Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing
• RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
• The Battle Against the Billion-Scale Internet Underground Industry: Advertising Fraud Detection and Defense
• TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator
• Chasing Your Tail With a Raspberry Pi
• DirectX: The New Hyper-V Attack Surface
• Don’t Get Owned by Your Dependencies: How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries (And You Can Too!)
• Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail
• Controlling the Source: Abusing Source Code Management Systems
• Human or Not: Can You Really Detect the Fake Voices?
• Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
• 最後に

Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs - Black Hat USA 2022 | Briefings Schedule

Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs - YouTube

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - Black Hat USA 2022 | Briefings Schedule

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - YouTube

Industroyer2: Sandworm’s Cyberwarfare Targets Ukraine’s Power Grid Again

Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid Again - Black Hat USA 2022 | Briefings Schedule

Industroyer2: Sandworm’s Cyberwarfare Targets Ukraine’s Power Grid Again - YouTube

Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers

Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers - Black Hat USA 2022 | Briefings Schedule

Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers - YouTube

Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal

Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal - Black Hat USA 2022 | Briefings Schedule

Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal - YouTube

Starlinkアンテナの分解動画

• Teardown of the 1st Gen Starlink terminal (Dishy) - YouTube
• Teardown of the 1st Gen Starlink terminal (Dishy) Part 2 - YouTube
• Starlink Dishy (Rev2 HW) Teardown Part 1 - UART, Reset, Boot Glitches - YouTube
• Starlink Teardown: DISHY DESTROYED! - YouTube

The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors

The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors - Black Hat USA 2022 | Briefings Schedule

The Growth of Global Election Disinformation: The Role Methodology of Government-linked Cyber Actors - YouTube

Google Reimagined a Phone. It was Our Job to Red Team and Secure it.

Google Reimagined a Phone. It was Our Job to Red Team and Secure it. - Black Hat USA 2022 | Briefings Schedule

Google Reimagined a Phone. It was Our Job to Red Team and Secure it. - YouTube

In Need of ‘Pair’ Review: Vulnerable Code Contributions by GitHub Copilot

In Need of 'Pair' Review: Vulnerable Code Contributions by GitHub Copilot - Black Hat USA 2022 | Briefings Schedule

In Need of ‘Pair’ Review: Vulnerable Code Contributions by GitHub Copilot - YouTube

Is WebAssembly Really Safe? –Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way

Is WebAssembly Really Safe? –Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way - Black Hat USA 2022 | Briefings Schedule

Is WebAssembly Really Safe? – Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way - YouTube

Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone

Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone - Black Hat USA 2022 | Briefings Schedule

Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone - YouTube

The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting

The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat - YouTube

Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design

Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design - YouTube

BrokenMesh: New Attack Surfaces of Bluetooth Mesh

BrokenMesh: New Attack Surfaces of Bluetooth Mesh - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

BrokenMesh: New Attack Surfaces of Bluetooth Mesh - YouTube

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit - YouTube

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise - YouTube

Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine

Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone,Black Hat USA 2022 | Briefings Schedule

Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine - YouTube

A Journey Into Fuzzing WebAssembly Virtual Machines

A Journey Into Fuzzing WebAssembly Virtual Machines - Black Hat USA 2022 | Briefings Schedule

A Journey Into Fuzzing WebAssembly Virtual Machines - YouTube

Attacks From a New Front Door in 4G & 5G Mobile Networks

Attacks From a New Front Door in 4G & 5G Mobile Networks - Black Hat USA 2022 | Briefings Schedule

Attacks From a New Front Door in 4G & 5G Mobile Networks - YouTube

Breaking the Chrome Sandbox with Mojo

Breaking the Chrome Sandbox with Mojo - Black Hat USA 2022 | Briefings Schedule

Breaking the Chrome Sandbox with Mojo - YouTube

ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron

ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron - Black Hat USA 2022 | Briefings Schedule

ElectroVolt: Pwning Popular Desktop Apps While Uncovering New Attack Surface on Electron - YouTube

Process Injection: Breaking All macOS Security Layers With a Single Vulnerability

Process Injection: Breaking All macOS Security Layers With a Single Vulnerability - Black Hat USA 2022 | Briefings Schedule

Process Injection: Breaking All macOS Security Layers With a Single Vulnerability - YouTube

From Hackathon to Hacked: Web3’s Security Journey

From Hackathon to Hacked: Web3’s Security Journey - Black Hat USA 2022 | Briefings Schedule

From Hackathon to Hacked: Web3’s Security Journey - YouTube

Kubernetes Privilege Escalation: Container Escape == Cluster Admin?

Kubernetes Privilege Escalation: Container Escape == Cluster Admin? - Black Hat USA 2022 | Briefings Schedule

Kubernetes Privilege Escalation: Container Escape == Cluster Admin? - YouTube

XMPP Stanza Smuggling or How I Hacked Zoom

XMPP Stanza Smuggling or How I Hacked Zoom - Black Hat USA 2022 | Briefings Schedule

XMPP Stanza Smuggling or How I Hacked Zoom - YouTube

Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing

Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing - Black Hat USA 2022 | Briefings Schedule

Catch Me If You Can: Deterministic Discovery of Race Conditions with Fuzzing - YouTube

RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems

RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems - Black Hat USA 2022 | Briefings Schedule

RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems - YouTube

The Battle Against the Billion-Scale Internet Underground Industry: Advertising Fraud Detection and Defense

The Battle Against the Billion-Scale Internet Underground Industry: Advertising Fraud Detection and Defense - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

The Battle Against the Billion-Scale Internet Underground Industry: Advertising Fraud Detection - YouTube

TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator

TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator - YouTube

Chasing Your Tail With a Raspberry Pi

Chasing Your Tail With a Raspberry Pi - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

Chasing Your Tail With a Raspberry Pi - YouTube

DirectX: The New Hyper-V Attack Surface

DirectX: The New Hyper-V Attack Surface - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

DirectX: The New Hyper-V Attack Surface - YouTube

Don’t Get Owned by Your Dependencies: How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries (And You Can Too!)

Don’t Get Owned by Your Dependencies: How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries (And You Can Too!) - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries - YouTube

Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail

Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

Charged by an Elephant – An APT Fabricating Evidence to Throw You In Jail - YouTube

Controlling the Source: Abusing Source Code Management Systems

Controlling the Source: Abusing Source Code Management Systems - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

Controlling the Source: Abusing Source Code Management Systems - YouTube

Human or Not: Can You Really Detect the Fake Voices?

Human or Not: Can You Really Detect the Fake Voices? - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

Human or Not: Can You Really Detect the Fake Voices? - YouTube

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems,Black Hat USA 2022 | Briefings Schedule

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All - YouTube

最後に

気になるセッションがたくさんあって、概要を確認するだけでもそこそこの時間がかかりました。 日本語の動画だったら2倍速で何かをしながら流し聞きもできるのですが、英語だと倍速では聞き取れないし、集中して見ないと内容もわかりません。 英語の情報も日本語と大差ない速度でインプットできるようになりたいですね。