I spent a lot of time sifting through the THREE DAYS' worth of presentations of the BlackHat USA 2016 Speakers, to identify articles that would be useful to us as REVERSERS.
I hope the members of this forum would appreciate my efforts
and find this collection that I sorted out, useful.
Quote:
Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits
PDF LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits.pdf
White-Paper LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits-wp.pdf
|
Quote:
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX:
PDF LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf
WhitePaper LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX-wp.pdf
|
Quote:
PINdemonium: A DBI-Based Generic Unpacker for Windows Executable :
PDF LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables.pdf
White-Paper LINK :
https://www.blackhat.com/docs/us-16/materials/us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables-wp.pdf
|
Quote:
The Art of Reverse Engineering Flash Exploits:
PDF LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits.pdf
White-Paper LINK:
https://www.blackhat.com/docs/us-16/materials/us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits-wp.pdf
|
Quote:
The Linux Kernel Hidden Inside Windows 10:
Initially known as "Project Astoria" and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it's back and improved in Windows 10 Anniversary Update ("Redstone"), under the guise of Bash Shell interoperability. This new kernel and related components can run 100% native, unmodified Linux binaries, meaning that NT can now execute Linux system calls, schedule thread groups, fork processes, and access the VDSO!
As it's implemented using a full-blown, built-in, loaded-by-default, Ring 0 driver with kernel privileges, this not a mere wrapper library or user-mode system call converter like the POSIX subsystem of yore.
LINK:
https://www.blackhat.com/us-16/briefings.html#the-linux-kernel-hidden-inside-windows-10
|
Quote:
Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process:
PDF Link:
https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf
White-Paper Link:
https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process-wp.pdf
|
FULL LIST of briefings here (Not really recommended as they're too many) :
https://www.blackhat.com/us-16/briefings.html
Please click
THANKS if you appreciate this post