著名的BlackHat 2015黑帽盛会早已结束,会议之后放出了近百篇会议文章或PPT,英文文章传送门。这里对其中的文章英文标题进行了中文翻译,方便大家快速找到感兴趣的文章话题。
本人也不是专职翻译,翻译不好的地方还望见谅,这里权当抛砖引玉。
BlackHat 2015黑客盛会文章和PPT集锦:
Title: Abusing XSLT For Practical Attacks
标题:滥用XSLT进行高效攻击
Title: Take A Hacker To Work Day——How Federal Prosecutors Use The CFAA
标题:带着黑客去工作——论联邦检察官对CFAA的运用
Title: Automated Human Vulnerability Scanning With AVA
标题:基于AVA的人类自动化漏洞扫描
Title: Certifigate——Front Door Access To Pwning Millions Of Androids
标题:证书漏洞——攻破无数安卓系统的前门路径
Title: SMB: Sharing More Than Just Your Files
标题:SMB协议:不只是共享你的文件
Title: Switches Get Stitches
标题:让网络交换设备得到修补
Title: API Deobfuscator: Resolving Obfuscated API Functions In Modern Packers
标题:API混淆代码阅读器——解析现代软件壳中的混淆API功能
Title: Pen Testing A City
标题:一座城市的渗透测试
Title: Commercial Spyware-Detecting The Undetectable
标题:商业间谍软件——检测那些不可测的
Title: Exploiting Out-of-order Execution: Processor Side Channels to Enable Cross VM Code Execution
标题:无序执行命令的运用——通过处理器旁道攻击实现跨VM代码执行
Title: Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as They Regulate Cybersecurity
标题:面具的背后:联邦贸易委员会规范网络安全的议程,窍门和战术
Title: Deep Learning on Disassembly
标题:利用深度学习分析恶意软件
Title: The Memory Sinkhole: An Architectural Privilege Escalation Vunerability /Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
标题:记忆的深坑:一个设计上的通用权限升级漏洞/x86的设计缺陷导致通用提权
Title: Crash Pay: How to Own and Clone Contactless Payment Devices/ Crash and Pay: Owning and Cloning Payment Devices
标题:如何拥有和克隆一个非接触式支付设备
Title: Securing Your Bigdata Environment
标题:保护你的大数据环境
Title: Breaking HTTPS with BGP Hijacking
标题:通过BGP劫持击破HTTPS
Title: Fuzzing Android System Services by Binder Call to Escalate Privilege
标题:通过绑定调用挖掘Android系统服务漏洞提权
Title: Abusing Silent Mitigations: Understanding Weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection
标题:沉默缓解的滥用:了解IE浏览器堆栈和内存保护的不足之处
Title: Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor
标题:滥用Windows管理诊断建立持久的异步无文件后门
Title: The Lifecycle of a Revolution
标题:革命的生命周期
Title: Internet-Scale File Analysis
标题:互联网规模的文件分析
Title: These are not your Grand Daddy’s CPU Performance Counters: CPU Hardware Performance Counters for Security
标题:这不是你爷爷的CPU性能计数器:CPU硬件安全性能计数器
Title: Taxonomic Modeling of Security Threats in Software Defined Networking
标题:软件定义的网络中(SDN)安全威胁的分类模型
Title: Thunderstrike 2: Sith Strike
标题:Thunderstrike(病毒名称) 2: Sith方式的攻击
Title: How Vulnerable Are We to Scams?
标题:在骗局面前我们有多么弱?
Title: Hidden Risks of Biometric Identifiers and How to Avoid Them
标题:生物统计鉴别的隐患及其防范措施
Title: Server Side Template Injection RCE for the Modern Web App
标题:针对现代Web应用程序的服务器端模板注入攻击RCE
Title: Taking Event Correlation with You
标题:让事件与你同在
Title: Most Ransomware isn’t as Complex as You Might Think
标题:大多数勒索软件没有你想象中的复杂
Title: Internet-facing PLCs—A New Back Orifice
标题:面向互联网的PLCs——一个新的后门
Title: Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
标题:震动的口袋书:为了竞争和敲诈,非法入侵化学工厂
Title: Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
标题:在固件中使用静态二进制分析寻找漏洞和后门
Title: How to Implement IT Security after a Cyber Meltdown
标题:网络崩溃后如何实现IT安全
Title: Harnessing Intelligence from Malware Repositories
标题:从恶意软件资料库中提取情报
Title: Remote Physical Damage 101: Bread and Butter Attacks
标题:远程物理损害101:黄油面包式的攻击
Title: Optimized Fuzzing IOKit in iOS
标题:iOS最佳模糊测试工具——IOKit
Title: Attacking Interoperability: An OLE Edition
标题:攻击互操作性:对象链接与嵌入的一个版本
Title: Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware
标题:图形内容前瞻:对嵌入恶意软件内的图形图像的自动化、可扩展性分析
Title: Big Game Hunting: The Peculiarities of Nation-State Malware Research
标题:大型狩猎游戏:民族国家间恶意软件的独特性研究
Title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
标题:Faux磁盘加密:移动设备存储安全的实情
Title: Mobile Point of Scam: Attacking the Square Reader
标题:手机诈骗的关键点:攻击移动支付设备
Title: Red vs Blue: Modern Active Directory Attacks, Detection, and-Protection
标题:红与蓝:现代活动目录的攻击,检测和保护
Title: Defeating Pass-the-Hash: Separation of Powers
标题:击溃哈希传递攻击:权力的分离
Title: Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service
标题:非法入侵扩频通信卫星:攻击全球星的单一数据服务
Title: Morgan Web: Timing Attacks Made Practical
标题:摩根网络:时序攻击成为现实
Title: CrackLord Maximizing Password Cracking
标题:CrackLord使密码破解得以最高效化
Title: Breaking Payloads with Runtime Code Stripping and Image Freezing
标题:通过运行时间代码剥离和图像冻结破解有效载荷
Title: Dom Flow: Untangling the Dom for More Easy Juicy Bugs
标题:Dom流:解决DOM更易涉及隐私的漏洞问题
Title: The NSA Playset: A Year of Toys and Tools
标题:NSA(美国国安局)玩具:一年的玩具和工具
Title: This is DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
标题:DeepERENT:规避安卓恶意软件追踪应用程序的行为
Title: Winning the Online Banking War
标题:赢得网银战争的胜利
Title: GameOver Zeus: Bad guys and Backends
标题:宙斯游戏结束:坏人和后端
Title: Staying Persistent in Software Defined Networks
标题:在软件定义的网络(SDN)中保持持久性
Title: Repurposing OnionDuke: A Single Case Study around Reusing Nation State Malware
标题:OnionDuke的再利用:关于国家恶意软件再利用的一个案例分析
Title: Understanding and Managing Entropy Usage
标题:理解和解决熵的使用
Title: Hi! This is Urgent Plz Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs
标题:嘿,这是迫切需要尽快修复的:重要的漏洞发现奖励制度
Title: The State of BGP Security: Internet Plumbing For Security Professionals
标题:BGP的安全状况:网络需要安全专家
Title: When IoT Attacks: Hacking a Linux-Powered Rifle
标题:在物联网攻击时:入侵一把Linux驱动的步枪
Title: Why Security Data Science Matters and How it’s Different?
标题:数据安全技术的重要性及其独特性
Title: The Tactical Application Security Program Getting Stuff Done
标题:把事情做好的战术型应用安全程序
Title: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
标题:利用DRAM Rowhammer漏洞获取Kernel权限
Title: Attacking Your Trusted Core: Exploiting TrustZone on Android
标题:攻击你“信赖的核心”:在安卓系统上利用信任区域
Title: Attacking ECMA Script Engines with Redefinition
标题:重新定义ECMA攻击脚本引擎
Title: The Node. Js Highway—Attacks are at Full Throttle
标题:Node. Js高速路——攻击都是开足马力的
Title: My Bro The ELK: Obtaining Context from Security Events
标题:我的兄弟“麋鹿”:从安全事件中获取事件的背景
Title: WSUSpect: Compromising the Windows Enterprise via Windows Update
标题:WSUSpect——通过更新Windows入侵Windows企业
Title: Subverting Satellite Receivers for Botnet and Profit
标题:利益驱使被僵尸网络破坏的卫星信号接收
Title: Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card
标题:先进的集成电路逆向工程技术:对现代智能卡的详细分析
Title: Exploiting XXE Vulnerabilities in File Parsing/Upload Functionality
标题:利用文件解析/上载功能中的XXE漏洞
Title: Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS
标题:有针对性的击杀:使用被动DNS将附带损害最小化
Title: FileCry: The New Age of XXE
标题:cry文件:XXE的新时代
Title: Review and Exploit Neglected Attack Surface in iOS 8
标题:iOS 8中被忽视攻击界面的研究和开发利用
Title: The Applications of Deep Learning on Traffic Identification
标题:深度学习技术在流量识别领域的应用
Title: Writing Bad @$$ Malware for OS X
标题:针对苹果操作系统编写恶意软件
Title: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems
标题:可以对气泵监测系统进行攻击的小泵测量仪
Title: ROPInjector: Using Return-Oriented Programming for Polymorphism and Antivirus Evasion
标题:ROP注射:使用面向对象的多态性与反病毒规避程序设计
Title: Ah! Universal Android Rooting is Back
标题:通用安卓Root回来了
Title: Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine
标题:了解斯巴达项目的新款EdgeHTML渲染引擎的攻击界面和攻击韧性
Title: Cloning 3G/4G SIM Cards With a PC and an Oscilloscope: Lessons Learned in Physical Security
标题:用一台计算机和示波器克隆3G/4G SIM卡:物理/实体安全的经验教训
Title: From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning And The SOC
标题:从错误的结果到可操作的分析:行为入侵检测机器学习和SOC
Title: Bypass Control Flow Guard Comprehensively
标题:全面绕过控制流的守卫(CFG)
Title: Fingerprints On Mobile Devices: Abusing and Leaking
标题:移动设备的指纹:滥用和泄漏
Title: ZigBee Exploited—The Good, the Bad, and the Ugly
标题: ZigBee的开发利用——善,恶,丑