BlackHat USA 2015 文章中英文索引

      BlackHat USA 2015 文章中英文索引无评论

著名的BlackHat 2015黑帽盛会早已结束,会议之后放出了近百篇会议文章或PPT,英文文章传送门。这里对其中的文章英文标题进行了中文翻译,方便大家快速找到感兴趣的文章话题。

本人也不是专职翻译,翻译不好的地方还望见谅,这里权当抛砖引玉。

BlackHat 2015黑客盛会文章和PPT集锦

Title: Abusing XSLT For Practical Attacks

标题:滥用XSLT进行高效攻击

Title: Take A Hacker To Work Day——How Federal Prosecutors Use The CFAA

标题:带着黑客去工作——论联邦检察官对CFAA的运用

Title: Automated Human Vulnerability Scanning With AVA

标题:基于AVA的人类自动化漏洞扫描

Title: Certifigate——Front Door Access To Pwning Millions Of Androids

标题:证书漏洞——攻破无数安卓系统的前门路径

Title: SMB: Sharing More Than Just Your Files

标题:SMB协议:不只是共享你的文件

Title: Switches Get Stitches

标题:让网络交换设备得到修补

Title: API Deobfuscator: Resolving Obfuscated API Functions In Modern Packers

标题:API混淆代码阅读器——解析现代软件壳中的混淆API功能

Title: Pen Testing A City

标题:一座城市的渗透测试

Title: Commercial Spyware-Detecting The Undetectable

标题:商业间谍软件——检测那些不可测的

Title: Exploiting Out-of-order Execution: Processor Side Channels to Enable Cross VM Code Execution

标题:无序执行命令的运用——通过处理器旁道攻击实现跨VM代码执行

Title: Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as They Regulate Cybersecurity

标题:面具的背后:联邦贸易委员会规范网络安全的议程,窍门和战术

Title: Deep Learning on Disassembly

标题:利用深度学习分析恶意软件

Title: The Memory Sinkhole: An Architectural Privilege Escalation Vunerability /Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation

标题:记忆的深坑:一个设计上的通用权限升级漏洞/x86的设计缺陷导致通用提权

Title: Crash Pay: How to Own and Clone Contactless Payment Devices/ Crash and Pay: Owning and Cloning Payment Devices

标题:如何拥有和克隆一个非接触式支付设备

Title: Securing Your Bigdata Environment

标题:保护你的大数据环境

Title: Breaking HTTPS with BGP Hijacking

标题:通过BGP劫持击破HTTPS

Title: Fuzzing Android System Services by Binder Call to Escalate Privilege

标题:通过绑定调用挖掘Android系统服务漏洞提权

Title: Abusing Silent Mitigations: Understanding Weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection

标题:沉默缓解的滥用:了解IE浏览器堆栈和内存保护的不足之处

Title: Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor

标题:滥用Windows管理诊断建立持久的异步无文件后门

Title: The Lifecycle of a Revolution

标题:革命的生命周期

Title: Internet-Scale File Analysis

标题:互联网规模的文件分析

Title: These are not your Grand Daddy’s CPU Performance Counters: CPU Hardware Performance Counters for Security

标题:这不是你爷爷的CPU性能计数器:CPU硬件安全性能计数器

Title: Taxonomic Modeling of Security Threats in Software Defined Networking

标题:软件定义的网络中(SDN)安全威胁的分类模型

Title: Thunderstrike 2: Sith Strike

标题:Thunderstrike(病毒名称) 2: Sith方式的攻击

Title: How Vulnerable Are We to Scams?

标题:在骗局面前我们有多么弱?

Title: Hidden Risks of Biometric Identifiers and How to Avoid Them

标题:生物统计鉴别的隐患及其防范措施

Title: Server Side Template Injection RCE for the Modern Web App

标题:针对现代Web应用程序的服务器端模板注入攻击RCE

Title: Taking Event Correlation with You

标题:让事件与你同在

Title: Most Ransomware isn’t as Complex as You Might Think

标题:大多数勒索软件没有你想象中的复杂

Title: Internet-facing PLCs—A New Back Orifice

标题:面向互联网的PLCs——一个新的后门

Title: Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion

标题:震动的口袋书:为了竞争和敲诈,非法入侵化学工厂

Title: Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware

标题:在固件中使用静态二进制分析寻找漏洞和后门

Title: How to Implement IT Security after a Cyber Meltdown

标题:网络崩溃后如何实现IT安全

Title: Harnessing Intelligence from Malware Repositories

标题:从恶意软件资料库中提取情报

Title: Remote Physical Damage 101: Bread and Butter Attacks

标题:远程物理损害101:黄油面包式的攻击

Title: Optimized Fuzzing IOKit in iOS

标题:iOS最佳模糊测试工具——IOKit

Title: Attacking Interoperability: An OLE Edition

标题:攻击互操作性:对象链接与嵌入的一个版本

Title: Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware

标题:图形内容前瞻:对嵌入恶意软件内的图形图像的自动化、可扩展性分析

Title: Big Game Hunting: The Peculiarities of Nation-State Malware Research

标题:大型狩猎游戏:民族国家间恶意软件的独特性研究

Title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices

标题:Faux磁盘加密:移动设备存储安全的实情

Title: Mobile Point of Scam: Attacking the Square Reader

标题:手机诈骗的关键点:攻击移动支付设备

Title: Red vs Blue: Modern Active Directory Attacks, Detection, and-Protection

标题:红与蓝:现代活动目录的攻击,检测和保护

Title: Defeating Pass-the-Hash: Separation of Powers

标题:击溃哈希传递攻击:权力的分离

Title: Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service

标题:非法入侵扩频通信卫星:攻击全球星的单一数据服务

Title: Morgan Web: Timing Attacks Made Practical

标题:摩根网络:时序攻击成为现实

Title: CrackLord Maximizing Password Cracking

标题:CrackLord使密码破解得以最高效化

Title: Breaking Payloads with Runtime Code Stripping and Image Freezing

标题:通过运行时间代码剥离和图像冻结破解有效载荷

Title: Dom Flow: Untangling the Dom for More Easy Juicy Bugs

标题:Dom流:解决DOM更易涉及隐私的漏洞问题

Title: The NSA Playset: A Year of Toys and Tools

标题:NSA(美国国安局)玩具:一年的玩具和工具

Title: This is DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware

标题:DeepERENT:规避安卓恶意软件追踪应用程序的行为

Title: Winning the Online Banking War

标题:赢得网银战争的胜利

Title: GameOver Zeus: Bad guys and Backends

标题:宙斯游戏结束:坏人和后端

Title: Staying Persistent in Software Defined Networks

标题:在软件定义的网络(SDN)中保持持久性

Title: Repurposing OnionDuke: A Single Case Study around Reusing Nation State Malware

标题:OnionDuke的再利用:关于国家恶意软件再利用的一个案例分析

Title: Understanding and Managing Entropy Usage

标题:理解和解决熵的使用

Title: Hi! This is Urgent Plz Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs

标题:嘿,这是迫切需要尽快修复的:重要的漏洞发现奖励制度

Title: The State of BGP Security: Internet Plumbing For Security Professionals

标题:BGP的安全状况:网络需要安全专家

Title: When IoT Attacks: Hacking a Linux-Powered Rifle

标题:在物联网攻击时:入侵一把Linux驱动的步枪

Title: Why Security Data Science Matters and How it’s Different?

标题:数据安全技术的重要性及其独特性

Title: The Tactical Application Security Program Getting Stuff Done

标题:把事情做好的战术型应用安全程序

Title: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

标题:利用DRAM Rowhammer漏洞获取Kernel权限

Title: Attacking Your Trusted Core: Exploiting TrustZone on Android

标题:攻击你“信赖的核心”:在安卓系统上利用信任区域

Title: Attacking ECMA Script Engines with Redefinition

标题:重新定义ECMA攻击脚本引擎

Title: The Node. Js Highway—Attacks are at Full Throttle

标题:Node. Js高速路——攻击都是开足马力的

Title: My Bro The ELK: Obtaining Context from Security Events

标题:我的兄弟“麋鹿”:从安全事件中获取事件的背景

Title: WSUSpect: Compromising the Windows Enterprise via Windows Update

标题:WSUSpect——通过更新Windows入侵Windows企业

Title: Subverting Satellite Receivers for Botnet and Profit

标题:利益驱使被僵尸网络破坏的卫星信号接收

Title: Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card

标题:先进的集成电路逆向工程技术:对现代智能卡的详细分析

Title: Exploiting XXE Vulnerabilities in File Parsing/Upload Functionality

标题:利用文件解析/上载功能中的XXE漏洞

Title: Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS

标题:有针对性的击杀:使用被动DNS将附带损害最小化

Title: FileCry: The New Age of XXE

标题:cry文件:XXE的新时代

Title: Review and Exploit Neglected Attack Surface in iOS 8

标题:iOS 8中被忽视攻击界面的研究和开发利用

Title: The Applications of Deep Learning on Traffic Identification

标题:深度学习技术在流量识别领域的应用

Title: Writing Bad @$$ Malware for OS X

标题:针对苹果操作系统编写恶意软件

Title: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems

标题:可以对气泵监测系统进行攻击的小泵测量仪

Title: ROPInjector: Using Return-Oriented Programming for Polymorphism and Antivirus Evasion

标题:ROP注射:使用面向对象的多态性与反病毒规避程序设计

Title: Ah! Universal Android Rooting is Back

标题:通用安卓Root回来了

Title: Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine

标题:了解斯巴达项目的新款EdgeHTML渲染引擎的攻击界面和攻击韧性

Title: Cloning 3G/4G SIM Cards With a PC and an Oscilloscope: Lessons Learned in Physical Security

标题:用一台计算机和示波器克隆3G/4G SIM卡:物理/实体安全的经验教训

Title: From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning And The SOC

标题:从错误的结果到可操作的分析:行为入侵检测机器学习和SOC

Title: Bypass Control Flow Guard Comprehensively

标题:全面绕过控制流的守卫(CFG)

Title: Fingerprints On Mobile Devices: Abusing and Leaking

标题:移动设备的指纹:滥用和泄漏

Title: ZigBee Exploited—The Good, the Bad, and the Ugly

标题: ZigBee的开发利用——善,恶,丑

* 作者/damage,转载请注明来自FreeBuf黑客与极客(FreeBuf.COM)

发表评论