Welcome to Latest Intel, a new page where we'll keep you up to date on the latest announcements concerning Black Hat USA 2012, which will take place July 21-26 in Las Vegas. Black Hat conferences are the infosec world's premier meeting of the minds, but you probably already knew that.
To kick things off, we've got one very important reminder: The Black Hat USA 2012 registration fee increases on June 1st, so if you'd like to save $500 on your registration now is the time to act. Now, not tomorrow. We mean it! Hey, think of it as an extra $500 for the Blackjack tables.
Whether or not you snag those early-bird savings, we think everyone will enjoy the comprehensive program of talks and trainings we've got scheduled for the show. Here are three briefings and trainings to make note of.
Windows 8 Heap Internals by Chris Valasek and Tarjei Mandt
Generic heap exploits are long dead, but reliable heap exploitation is still achievable with intricate knowledge of the operating system's memory manager. Chris Valasek's training will focus on the transition of heap exploitation mitigations from Windows 7 to Windows 8, from both user and kernel perspectives. Expect to wade hip-deep into the inner workings of the Windows memory manager, with plenty of tips and tricks along the way.
Advanced ARM Exploitation by Stephen Ridley and Stephen Lawler
Stephen Ridley and Stephen Lawler are back from the front lines, ready to report on what they've learned from developing their five-day course on ARM exploitation. They'll tell you how to reliably defeat XN, ASLR, stack cookies, and more using nuances of the ARM architecture in Linux, demonstrating their tech and telling you how they developed it via custom-built ARM development platforms. That's not an incoming call you feel buzzing ñ thatís your devices is shaking in fear.
Torturing OpenSSL by Valeria Bertacco - If the hardware layer of a secure system is compromised, the software will inevitably follow. Valeria Bertacco will walk you through a complete end-to-end attack that will show how hardware vulnerabilities can be exploited to target software-secure systems, in this case via a side-channel attack on the RSA signature algorithm. Modest voltage variation faults are just one of several undetectable vectors Ms. Bertacco will detail that can lead to complete extraction of private RSA keys. How many servers in how many data centers are on their last leg, dutifully serving SSL connections? Answer: More than a handful.