Black Hat USA 2023の気になったセッションリスト

Aug 20, 2023 10:25 · 827 words · 2 minute read Security

2023年8月5-10日の期間にラスベガスでBlack Hat USA2023が開催されました。

Black Hat USA 2023 | Briefings Schedule



Black Hat - YouTube

BlackHat USA 2022の気になったセッションリストとYouTube動画のまとめはこちら

Black Hat USA 2022の気になったセッションリスト · kapieciiのブログ



A Pain in the NAS: Exploiting Cloud Connectivity to PWN Your NAS

Defender-Pretender: When Windows Defender Updates Become a Security Risk

Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails)

Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED

Badge of Shame: Breaking into Secure Facilities with OSDP

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Physical Attacks Against Smartphones

Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare

A Manufacturer’s Post-Shipment Approach to Fend-Off IoT Malware in Home Appliances

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities

A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse

Dismantling DDoS - Lessons in Scaling

Over the Air, Under the Radar: Attacking and Securing the Pixel Modem

Keynote: Phoenix Soaring: What We Can Learn from Ukraine’s Cyber Defenders about Building a More Resilient Future

IRonMAN: InterpRetable Incident Inspector Based ON Large-Scale Language Model and Association miNing

What Does an LLM-Powered Threat Intelligence Program Look Like?

How NOT to Train Your Hack Bot: Dos and Don’ts of Building Offensive GPTs

Three New Attacks Against JSON Web Tokens

Uncovering Azure’s Silent Threats: A Journey into Cloud Vulnerabilities

Evasive Maneuvers: Trends in Phishing Evasion & Anti-Evasion

Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites

Input Output + Syslog (iO+S): Obtaining Data From Locked iOS Devices via Live Monitoring

npm and Sigstore: Provenance Comes to the World’s Largest OSS Ecosystem

One Drive, Double Agent: Clouded OneDrive Turns Sides

Synthetic Trust: Exploiting Biases at Scale

Mirage: Cyber Deception Against Autonomous Cyber Attacks

The Living Dead: Hacking Mobile Face Recognition SDKs with Non-Deepfake Attacks

Compromising LLMs: The Advent of AI Malware

The Yandex Leak: How a Russian Search Giant Uses Consumer Data


毎年BlackHat USAの発表内容を確認していますが、その年の世相を反映して内容が変わるので、定点観測のデータとしても興味深いです。


  • AIやLLMの活用と関連する法律
  • サイバー犯罪と保険
  • クラウド環境




tweet Share