{"id":2486,"date":"2016-11-17T14:49:05","date_gmt":"2016-11-17T13:49:05","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=2486"},"modified":"2016-11-17T14:49:05","modified_gmt":"2016-11-17T13:49:05","slug":"black-hat-europe-2016-premiere-journee","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/black-hat-europe-2016-premiere-journee\/","title":{"rendered":"Black Hat Europe 2016 \u2013 Day One"},"content":{"rendered":"<h1>DAY 1<\/h1>\n<p>&nbsp;<\/p>\n<p>We were present at the 2016 edition of Black Hat Europe, held in the beautiful city of London!<\/p>\n<p>As expected, the conferences and tools presented, as well as the people we met, lived up to our expectations and made this event a quality experience.<\/p>\n<p>Given the large number of topics presented, we will only present here those that we were able to attend.<\/p>\n<p><a href=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/globalVue.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-2499 aligncenter\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/globalVue-1024x768.jpg\" alt=\"globalvue\" width=\"629\" height=\"503\" \/><\/a><\/p>\n<p><em>All the materials from the various conferences presented are available here: <\/em><a href=\"https:\/\/www.blackhat.com\/eu-16\/briefings.html\"><em>https:\/\/www.blackhat.com\/eu-16\/briefings.html<\/em><\/a><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">Links to reports from other days:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Black Hat Europe 2016 \u2013 Day One<\/li>\n<li style=\"text-align: justify;\"><a href=\"https:\/\/www.intrinsec.com\/en\/2016\/11\/17\/black-hat-europe-2016-deuxieme-journee\/\">Black Hat Europe 2016 \u2013 Day Two<\/a><\/li>\n<\/ul>\n<h2><\/h2>\n<h2>\u00ab&quot;WiFi-Based IMSI Catcher&quot;\u00bb<\/h2>\n<p>&nbsp;<\/p>\n<p>Piers O&#039;Hanlon and Ravishankar Borgaonkar, both members of Oxford University, presented us with a new approach to tracking mobile users using Wi-Fi networks.<\/p>\n<p>&nbsp;<\/p>\n<p>The aim of this approach is to exploit automatic authentication mechanisms (802.1x) based on the EAP SIM and AKA methods. Specifically, data streams are not encrypted with AKA, while the EAP SIM method exchanges identities in plain text. An attacker can therefore exploit these two vulnerabilities to retrieve the IMSI of phones connecting to malicious Wi-Fi networks and track users.<\/p>\n<p>&nbsp;<\/p>\n<p>The researchers then presented some recommendations to reduce the risks of espionage, such as disabling automatic connection, as well as certain protections towards telecommunications operators.<\/p>\n<p>&nbsp;<\/p>\n<h2>\u00abI know what you saw \u2013 The Chrome Browser Case\u00bb<\/h2>\n<p>&nbsp;<\/p>\n<p>This conference, given by Ran Dubin, dealt with the exploitation of new HTTP Adaptive Streaming (HAS) live streaming techniques, used notably by YouTube, to determine which videos users have viewed despite SSL encryption.<\/p>\n<p>&nbsp;<\/p>\n<p>In practice, a BPP (Bit Per Peak) analysis is used on the stream to determine the proportion of audio\/images sent to the user.<\/p>\n<p>&nbsp;<\/p>\n<h2>\u00abAnother Brick Off The Wall \u2013 Deconstructing Web Application Firewalls Using Automata Learning\u00bb<\/h2>\n<p>&nbsp;<\/p>\n<p>Presented by George Argyros and Ionnis Stais, the conference presented a new method for determining potential attacks that can bypass application firewalls, which are very popular with many Web players.<\/p>\n<p>&nbsp;<\/p>\n<p>The major problem being grammatical analysis, the speakers turned to the SFA algorithm in order to analyze the model used by WAFs and thus determine any vulnerabilities not taken into account by the protection engine.<\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/1.png\"><img decoding=\"async\" class=\"size-full wp-image-2490 aligncenter\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/1.png\" alt=\"1\" width=\"1016\" height=\"537\" \/><\/a><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>The presentation of the approach then moved on to that of &quot;LightBulb&quot;, a tool written by the authors that allows the creation of models of security equipment and browsers to be automated in order to compare them to a specific grammar in order to identify vulnerabilities.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/2.png\"><img decoding=\"async\" class=\"size-full wp-image-2491 aligncenter\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2016\/11\/2.png\" alt=\"2\" width=\"1200\" height=\"520\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>The analysis performed by the tool thus makes it possible to identify potential entry points which will be tested in order to determine whether we are dealing with a false positive or not.<\/p>\n<p>&nbsp;<\/p>\n<h2>\u00abAttacking Windows By Windows\u00bb<\/h2>\n<p>&nbsp;<\/p>\n<p>The day continued with a presentation of new attack methods used by Yin Liang and Zhou Li of Tencent PC Manager to take control of Windows systems.<\/p>\n<p>&nbsp;<\/p>\n<p>The presentation was structured around three questions raised during an experiment:<\/p>\n<ul>\n<li>Where to write?<\/li>\n<li>What should I write?<\/li>\n<li>What can be done?<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>After a brief review of old exploitation techniques (e.g., nt!HalDispatchTable) and new protections (SMEP), the authors focused on the &quot;MmMapViewOfSection&quot; function, which allows them to retrieve memory addresses available for writing.<\/p>\n<p>&nbsp;<\/p>\n<p>An analysis of the Windows objects &quot;TagMENU&quot; and &quot;TagWND&quot; is then carried out in order to demonstrate the possibilities of exploitation.<\/p>","protected":false},"excerpt":{"rendered":"<p>DAY 1 We were present at the 2016 edition of Black Hat Europe located [\u2026]<\/p>","protected":false},"author":1,"featured_media":2512,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,19,22],"tags":[],"class_list":["post-2486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-evaluation-securite","category-soc-securite-operationnelle","category-veille-securite"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Black Hat Europe 2016 - Premi\u00e8re Journ\u00e9e - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/black-hat-europe-2016-premiere-journee\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Black Hat Europe 2016 - Premi\u00e8re Journ\u00e9e\" \/>\n<meta property=\"og:description\" content=\"JOUR 1 &nbsp; Nous \u00e9tions pr\u00e9sents \u00e0 l\u2019\u00e9dition 2016 de la Black Hat Europe situ\u00e9e [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/black-hat-europe-2016-premiere-journee\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-17T13:49:05+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"Black Hat Europe 2016 &#8211; Premi\u00e8re Journ\u00e9e\",\"datePublished\":\"2016-11-17T13:49:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/\"},\"wordCount\":714,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Evaluation S\u00e9curit\u00e9\",\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\",\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/\",\"name\":\"Black Hat Europe 2016 - Premi\u00e8re Journ\u00e9e - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2016-11-17T13:49:05+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/black-hat-europe-2016-premiere-journee\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Black Hat Europe 2016 &#8211; Premi\u00e8re Journ\u00e9e\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Black Hat Europe 2016 - Day One - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/black-hat-europe-2016-premiere-journee\/","og_locale":"en_US","og_type":"article","og_title":"Black Hat Europe 2016 - Premi\u00e8re Journ\u00e9e","og_description":"JOUR 1 &nbsp; Nous \u00e9tions pr\u00e9sents \u00e0 l\u2019\u00e9dition 2016 de la Black Hat Europe situ\u00e9e [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/black-hat-europe-2016-premiere-journee\/","og_site_name":"INTRINSEC","article_published_time":"2016-11-17T13:49:05+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"Black Hat Europe 2016 &#8211; Premi\u00e8re Journ\u00e9e","datePublished":"2016-11-17T13:49:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/"},"wordCount":714,"commentCount":0,"image":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#primaryimage"},"thumbnailUrl":"","articleSection":["Evaluation S\u00e9curit\u00e9","SOC S\u00e9curit\u00e9 Op\u00e9rationnelle","Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/","url":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/","name":"Black Hat Europe 2016 - Day One - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#primaryimage"},"thumbnailUrl":"","datePublished":"2016-11-17T13:49:05+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/black-hat-europe-2016-premiere-journee\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Black Hat Europe 2016 &#8211; Premi\u00e8re Journ\u00e9e"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/2486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=2486"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/2486\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=2486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=2486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=2486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}