Black Hat Asia 2014 March 25-28, 2014 Marina Bay Sands, Singapore.
Early registration pricing ends: January 24, 2014.
From the homepage:
Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days–two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
Black Hat Asia 2014: First Three Briefings
From the briefings page:
Welcome to 2014! Today we’re focusing on the first trio of Briefings selected for Black Hat Asia 2014. From hacking cars to the ins and outs of surveying the entire Internet, we’ve got an incredible amount of fascinating insider knowledge to share.
You might have caught Alberto Garcia Illera and Javier Vazquez Vidal’s Black Hat USA 2013 Arsenal presentation, “Dude, WTF in My Car!,” where they thoroughly dissected automobile ECUs (engine control units) and released a powerful tool to exploit them. Join the duo again for Dude, WTF in My CAN!, where their focus shifts to the CAN (controller area network) bus at the heart of many modern vehicles. They’ll show you how to build a device for only $20 that can pwn the CAN bus and allow an attacker to control it remotely. Also on the agenda: the current state of car forensics and how such data can be extracted and used in legal cases.
When flaws and exploits emerge in Microsoft products and the security hits the fan, the company has a history of issuing so-called “Fix It” patches that attempt to take care of the immediate threat. The In-Memory Fix It is one recently documented variation on the concept. In Persist It: Using and Abusing Microsoft’s Fix It Patches Jon Erickson will share his research on these in-memory patches. Through reverse engineering, he’s gained the ability to create new patches, which can maintain persistence on a host system. Microsoft’s Fix Its may need a fix themselves.
Between the Critical.IO and Internet Census 2012 scanning projects, there have been great strides made over the last year or two in Internet survey cost and practicality. While some of the results have been dismaying — i.e. misconfigured hardware across the Internet leaves it vulnerable to attack — the datasets generated by this massive-scale research provide rare evidence on risks and vulnerability exposure, and show where further security research is needed most. Come to Scan All the Things – Project Sonar with Mark Schloesser to learn how these surveys were conducted, as well as the eye-opening results they’ve generated so far.
If you are wavering about attending after reading about those briefings, see the full briefing page or the Training page. That should have you registering and making travel arrangements rather quickly.
The NSA will be there. Will you?