Exploit This

Security News, Exploits, and Vulnerabilities.

Blackhat USA and Defcon 2015


Blackhat and Defcon 2015 are being held in Las Vegas this year in the Mandalay Bay and Paris hotels, with 9,000 people in Blackhat attendance and more at Defcon. While attending Blackhat is far more expensive, you are almost assured a spot at the talks you intend on attending. At Defcon, it appears that most attendees have been assured to wait in line to miss most of the talks they are interested in, with other folks yelling about it in the halls. The Defcon organizers chose a new venue for the conference this year, and it needs to be fixed.


Blackhat had another fantastic lineup with some mind-blowing content, as in previous years. A wide range of topics were presented this year and we found several very interesting. You already may find tools on github and papers and slides for many the presentations on blackhat.com. We can expect videos of these talks on youtube in the near future. The Defcon organizers will upload a torrent of the talks as they have done in previous years:

  • four of the talks revolved around hypervisor implementations and related content, including strengths and weaknesses of current and upcoming Windows10 security architecture dependent on the hypervisor and system firmware. Pass-the-hash and golden and silver ticket defenses, Windows 10 Credential Guard and other services are all built on assumptions of a trusted boot
  • industrial PLC code injection with STL SOCKS proxy code and STL SNMP scanner for full industrial network compromise, abusing internet facing PLCs
  • unpatchable global vulnerabilities in the Globalstar GPS simplex satcom protocol, affecting military, SCADA networks, first response communications and transportation
  • a new class of escalation of privilege x86 ring -2 vulnerabilities only fixed in 2013+ intel processors, leaving 100,000,000’s that cannot be fixed

Of course, the hallway track is often as valuable as attending the talks themselves.


Leave a Reply

%d bloggers like this: