Blackhat.2015 !!exclusive!! | Best PICK |

Black Hat USA 2015 was a significant milestone in the cybersecurity conference circuit, marking the 18th year of the event. It was held at the Mandalay Bay Hotel in Las Vegas.

If you are looking for a guide on the major themes, notable talks, and the general landscape of that specific year, here is an overview of what defined Black Hat 2015. blackhat.2015

Technical Highlights for Reverse Engineers

If you are digging into blackhat.2015 for technical analysis, the slide decks and white papers you want to look for from that year include: Black Hat USA 2015 was a significant milestone

• CVE-2015-6639 (Stagefright 2.0 - MPEG4 parsing integer overflow).
• GLitch: Generic Disclosure of Latent Bluetooth Vulnerabilities.
• The Pwningarama presentation by Will Schroeder (Which launched the modern "BloodHound" Active Directory attack pathing).
• BEEMKA: Breaking mobile network authentication.

The Dropcam Decimation

A researcher known as "Birdman" dissected the Dropcam Pro. He found that the device’s "secure" firmware updates were signed with a 512-bit RSA key that was easily factorable. He extracted the private key and demonstrated how to push custom firmware to any Dropcam on the planet. CVE-2015-6639 (Stagefright 2

The Sting

The duo demonstrated that via a vulnerable Uconnect entertainment system, they could send commands through the Sprint cellular network to the vehicle’s CAN bus (Controller Area Network). From a laptop in a basement, miles away from the driver, they could:

• Control the radio and air conditioning.
• Turn the windshield wipers on.
• Disable the transmission.
• Kill the engine while the car was moving at low speed.

This was not a "trick." It was a full remote takeover of physical machinery.