Monday, August 1, 2016

BlackHat 2016: The Wish list

This blog is no longer where my technical stuff is blogged. It is purely my private thoughts. My technical stuff is blogged here;

I’ve been honered by being chosen to speak at black hat for the second year in a row. Beyond speaking I hope to meet lots of people and I also have a wish list of talks I want to see. I considered blogging this wish list, but then dropped it since most wouldn’t really care what I want to see. Then Enno blogged his wish list and I realized just how different his was from mine. Obviously our research interests are quite different. Any ways here it goes:

Wednesday 10:20 am: Capturing 0day exploits with perfectly placed hardware traps
I talked with Cody last year in extension to my talk about performance counters and obviously he has not been fooling around in the past year. With Performance Counters being used for defensive things, it is very likely a talk right up my alley. I shall miss Alex Ionescu’s talk to watch this one, so I must hope Alex does some great slides.

Wednesday 1:50 pm: xenpwn: breaking paravirtualized device
Felix Wilhelms master’s thesis on the subject was the best (by far) master thesis Ive read in information security the past 2 years. Also I met Felix at Hack-In-The-Box and he is an all-round interesting fellow. Consequently, this is up high on my list of talks to see ta Black Hat.

Wednesday 3:00 pm: Intra process memory protection for applications on arm and x86 leveraging the elf abi
This talk’s title sounds like something I’d consider home turf, but I have a gut feeling that it won’t be at all. Honestly, I have no clue, but I am intrigued.

Wednesday 3:00 pm: pwning your java messaging with deserialization vulnerabilities
I know I won’t see this talk, but I will recommend anybody interesting in Java to see it. I had the opportunity to have lunch with Matthias Kaiser at the RuhrSec conference and had great pleasure in picking his mind on this topic. For sure this talk will be worthwhile!

Wednesday 4:20 pm: Breaking kernel address space layout randomization kaslr with intel tsx
Now this smells like something I would’ve wanted to do myself. And I get an eerie sense that there might be more flesh on this bone and my blood hound nose tells me I should go take a look.

Wednesday 5:30: Side channel attacks on everyday applications
I have played, written and talked extensively on this topic and this talk is one that I almost certainly won’t miss.

Thursday 9:00 am: Pindemonium: a dbi based generic unpacker for windows executable
In a dark past I co-authored what was probably the first public generic unpacker for windows executables. And since I tend to like being in a nostalgic mood I think I’m going to check out how much the state of the art has moved since I was young.

Thursday 11:00 am: Analysis of the attack surface of windows 10 virtualization based security
Rafal Wojtczuk’s talk is likely to be one of the more hardcore talks at Black Hat this year and as a Windows 10 User I’d love to hear more about the attack surface of this platform, especially the virtualization part.

Thursday 5:00 pm: Using undocumented cpu behavior to see into kernel mode and break kaslr in the process
This talk I have to hear though I’d much rather not. The problem is that I’m given this talk and dislike hearing my own voice during talks. Should you choose to go I actually think we have some pretty decent content.