BlackHat USA 2015 文章中英文索引
著名的BlackHat 2015黑帽盛會早已結束,會議之后放出了近百篇會議文章或PPT,英文文章傳送門。這里對其中的文章英文標題進行了中文翻譯,方便大家快速找到感興趣的文章話題。
本人也不是專職翻譯,翻譯不好的地方還望見諒,這里權當拋磚引玉。
BlackHat 2015黑客盛會文章和PPT集錦:
Title: Abusing XSLT For Practical Attacks
標題:濫用XSLT進行高效攻擊
Title: Take A Hacker To Work Day——How Federal Prosecutors Use The CFAA
標題:帶著黑客去工作——論聯邦檢察官對CFAA的運用
Title: Automated Human Vulnerability Scanning With AVA
標題:基于AVA的人類自動化漏洞掃描
Title: Certifigate——Front Door Access To Pwning Millions Of Androids
標題:證書漏洞——攻破無數安卓系統的前門路徑
Title: SMB: Sharing More Than Just Your Files
標題:SMB協議:不只是共享你的文件
Title: Switches Get Stitches
標題:讓網絡交換設備得到修補
Title: API Deobfuscator: Resolving Obfuscated API Functions In Modern Packers
標題:API混淆代碼閱讀器——解析現代軟件殼中的混淆API功能
Title: Pen Testing A City
標題:一座城市的滲透測試
Title: Commercial Spyware-Detecting The Undetectable
標題:商業間諜軟件——檢測那些不可測的
Title: Exploiting Out-of-order Execution: Processor Side Channels to Enable Cross VM Code Execution
標題:無序執行命令的運用——通過處理器旁道攻擊實現跨VM代碼執行
Title: Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as They Regulate Cybersecurity
標題:面具的背后:聯邦貿易委員會規范網絡安全的議程,竅門和戰術
Title: Deep Learning on Disassembly
標題:利用深度學習分析惡意軟件
Title: The Memory Sinkhole: An Architectural Privilege Escalation Vunerability /Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
標題:記憶的深坑:一個設計上的通用權限升級漏洞/x86的設計缺陷導致通用提權
Title: Crash Pay: How to Own and Clone Contactless Payment Devices/ Crash and Pay: Owning and Cloning Payment Devices
標題:如何擁有和克隆一個非接觸式支付設備
Title: Securing Your Bigdata Environment
標題:保護你的大數據環境
Title: Breaking HTTPS with BGP Hijacking
標題:通過BGP劫持擊破HTTPS
Title: Fuzzing Android System Services by Binder Call to Escalate Privilege
標題:通過綁定調用挖掘Android系統服務漏洞提權
Title: Abusing Silent Mitigations: Understanding Weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection
標題:沉默緩解的濫用:了解IE瀏覽器堆棧和內存保護的不足之處
Title: Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
標題:濫用Windows管理診斷建立持久的異步無文件后門
Title: The Lifecycle of a Revolution
標題:革命的生命周期
Title: Internet-Scale File Analysis
標題:互聯網規模的文件分析
Title: These are not your Grand Daddy’s CPU Performance Counters: CPU Hardware Performance Counters for Security
標題:這不是你爺爺的CPU性能計數器:CPU硬件安全性能計數器
Title: Taxonomic Modeling of Security Threats in Software Defined Networking
標題:軟件定義的網絡中(SDN)安全威脅的分類模型
Title: Thunderstrike 2: Sith Strike
標題:Thunderstrike(病毒名稱) 2: Sith方式的攻擊
Title: How Vulnerable Are We to Scams?
標題:在騙局面前我們有多么弱?
Title: Hidden Risks of Biometric Identifiers and How to Avoid Them
標題:生物統計鑒別的隱患及其防范措施
Title: Server Side Template Injection RCE for the Modern Web App
標題:針對現代Web應用程序的服務器端模板注入攻擊RCE
Title: Taking Event Correlation with You
標題:讓事件與你同在
Title: Most Ransomware isn’t as Complex as You Might Think
標題:大多數勒索軟件沒有你想象中的復雜
Title: Internet-facing PLCs—A New Back Orifice
標題:面向互聯網的PLCs——一個新的后門
Title: Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
標題:震動的口袋書:為了競爭和敲詐,非法入侵化學工廠
Title: Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
標題:在固件中使用靜態二進制分析尋找漏洞和后門
Title: How to Implement IT Security after a Cyber Meltdown
標題:網絡崩潰后如何實現IT安全
Title: Harnessing Intelligence from Malware Repositories
標題:從惡意軟件資料庫中提取情報
Title: Remote Physical Damage 101: Bread and Butter Attacks
標題:遠程物理損害101:黃油面包式的攻擊
Title: Optimized Fuzzing IOKit in iOS
標題:iOS最佳模糊測試工具——IOKit
Title: Attacking Interoperability: An OLE Edition
標題:攻擊互操作性:對象鏈接與嵌入的一個版本
Title: Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
標題:圖形內容前瞻:對嵌入惡意軟件內的圖形圖像的自動化、可擴展性分析
Title: Big Game Hunting: The Peculiarities of Nation-State Malware Research
標題:大型狩獵游戲:民族國家間惡意軟件的獨特性研究
Title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
標題:Faux磁盤加密:移動設備存儲安全的實情
Title: Mobile Point of Scam: Attacking the Square Reader
標題:手機詐騙的關鍵點:攻擊移動支付設備
Title: Red vs Blue: Modern Active Directory Attacks, Detection, and-Protection
標題:紅與藍:現代活動目錄的攻擊,檢測和保護
Title: Defeating Pass-the-Hash: Separation of Powers
標題:擊潰哈希傳遞攻擊:權力的分離
Title: Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
標題:非法入侵擴頻通信衛星:攻擊全球星的單一數據服務
Title: Morgan Web: Timing Attacks Made Practical
標題:摩根網絡:時序攻擊成為現實
Title: CrackLord Maximizing Password Cracking
標題:CrackLord使密碼破解得以最高效化
Title: Breaking Payloads with Runtime Code Stripping and Image Freezing
標題:通過運行時間代碼剝離和圖像凍結破解有效載荷
Title: Dom Flow: Untangling the Dom for More Easy Juicy Bugs
標題:Dom流:解決DOM更易涉及隱私的漏洞問題
Title: The NSA Playset: A Year of Toys and Tools
標題:NSA(美國國安局)玩具:一年的玩具和工具
Title: This is DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
標題:DeepERENT:規避安卓惡意軟件追蹤應用程序的行為
Title: Winning the Online Banking War
標題:贏得網銀戰爭的勝利
Title: GameOver Zeus: Bad guys and Backends
標題:宙斯游戲結束:壞人和后端
Title: Staying Persistent in Software Defined Networks
標題:在軟件定義的網絡(SDN)中保持持久性
Title: Repurposing OnionDuke: A Single Case Study around Reusing Nation State Malware
標題:OnionDuke的再利用:關于國家惡意軟件再利用的一個案例分析
Title: Understanding and Managing Entropy Usage
標題:理解和解決熵的使用
Title: Hi! This is Urgent Plz Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs
標題:嘿,這是迫切需要盡快修復的:重要的漏洞發現獎勵制度
Title: The State of BGP Security: Internet Plumbing For Security Professionals
標題:BGP的安全狀況:網絡需要安全專家
Title: When IoT Attacks: Hacking a Linux-Powered Rifle
標題:在物聯網攻擊時:入侵一把Linux驅動的步槍
Title: Why Security Data Science Matters and How it’s Different?
標題:數據安全技術的重要性及其獨特性
Title: The Tactical Application Security Program Getting Stuff Done
標題:把事情做好的戰術型應用安全程序
Title: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
標題:利用DRAM Rowhammer漏洞獲取Kernel權限
Title: Attacking Your Trusted Core: Exploiting TrustZone on Android
標題:攻擊你“信賴的核心”:在安卓系統上利用信任區域
Title: Attacking ECMA Script Engines with Redefinition
標題:重新定義ECMA攻擊腳本引擎
Title: The Node. Js Highway—Attacks are at Full Throttle
標題:Node. Js高速路——攻擊都是開足馬力的
Title: My Bro The ELK: Obtaining Context from Security Events
標題:我的兄弟“麋鹿”:從安全事件中獲取事件的背景
Title: WSUSpect: Compromising the Windows Enterprise via Windows Update
標題:WSUSpect——通過更新Windows入侵Windows企業
Title: Subverting Satellite Receivers for Botnet and Profit
標題:利益驅使被僵尸網絡破壞的衛星信號接收
Title: Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
標題:先進的集成電路逆向工程技術:對現代智能卡的詳細分析
Title: Exploiting XXE Vulnerabilities in File Parsing/Upload Functionality
標題:利用文件解析/上載功能中的XXE漏洞
Title: Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
標題:有針對性的擊殺:使用被動DNS將附帶損害最小化
Title: FileCry: The New Age of XXE
標題:cry文件:XXE的新時代
Title: Review and Exploit Neglected Attack Surface in iOS 8
標題:iOS 8中被忽視攻擊界面的研究和開發利用
Title: The Applications of Deep Learning on Traffic Identification
標題:深度學習技術在流量識別領域的應用
Title: Writing Bad @$$ Malware for OS X
標題:針對蘋果操作系統編寫惡意軟件
Title: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems
標題:可以對氣泵監測系統進行攻擊的小泵測量儀
Title: ROPInjector: Using Return-Oriented Programming for Polymorphism and Antivirus Evasion
標題:ROP注射:使用面向對象的多態性與反病毒規避程序設計
Title: Ah! Universal Android Rooting is Back
標題:通用安卓Root回來了
Title: Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine
標題:了解斯巴達項目的新款EdgeHTML渲染引擎的攻擊界面和攻擊韌性
Title: Cloning 3G/4G SIM Cards With a PC and an Oscilloscope: Lessons Learned in Physical Security
標題:用一臺計算機和示波器克隆3G/4G SIM卡:物理/實體安全的經驗教訓
Title: From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning And The SOC
標題:從錯誤的結果到可操作的分析:行為入侵檢測機器學習和SOC
Title: Bypass Control Flow Guard Comprehensively
標題:全面繞過控制流的守衛(CFG)
Title: Fingerprints On Mobile Devices: Abusing and Leaking
標題:移動設備的指紋:濫用和泄漏
Title: ZigBee Exploited—The Good, the Bad, and the Ugly
標題: ZigBee的開發利用——善,惡,丑
