著名的BlackHat 2015黑帽盛會早已結(jié)束，會議之后放出了近百篇會議文章或PPT，英文文章傳送門。這里對其中的文章英文標題進行了中文翻譯，方便大家快速找到感興趣的文章話題。

[[145763]]

本人也不是專職翻譯，翻譯不好的地方還望見諒，這里權(quán)當(dāng)拋磚引玉。

BlackHat 2015黑客盛會文章和PPT集錦：

Title: Abusing XSLT For Practical Attacks

標題：濫用XSLT進行高效攻擊

Title: Take A Hacker To Work Day——How Federal Prosecutors Use The CFAA

標題：帶著黑客去工作——論聯(lián)邦檢察官對CFAA的運用

Title: Automated Human Vulnerability Scanning With AVA

標題：基于AVA的人類自動化漏洞掃描

Title: Certifigate——Front Door Access To Pwning Millions Of Androids

標題：證書漏洞——攻破無數(shù)安卓系統(tǒng)的前門路徑

Title: SMB: Sharing More Than Just Your Files

標題：SMB協(xié)議：不只是共享你的文件

Title: Switches Get Stitches

標題：讓網(wǎng)絡(luò)交換設(shè)備得到修補

Title: API Deobfuscator: Resolving Obfuscated API Functions In Modern Packers

標題：API混淆代碼閱讀器——解析現(xiàn)代軟件殼中的混淆API功能

Title: Pen Testing A City

標題：一座城市的滲透測試

Title: Commercial Spyware-Detecting The Undetectable

標題：商業(yè)間諜軟件——檢測那些不可測的

Title: Exploiting Out-of-order Execution: Processor Side Channels to Enable Cross VM Code Execution

標題：無序執(zhí)行命令的運用——通過處理器旁道攻擊實現(xiàn)跨VM代碼執(zhí)行

Title: Behind the Mask: The Agenda, Tricks, and Tactics of the Federal Trade Commission as They Regulate Cybersecurity

標題：面具的背后：聯(lián)邦貿(mào)易委員會規(guī)范網(wǎng)絡(luò)安全的議程，竅門和戰(zhàn)術(shù)

Title: Deep Learning on Disassembly

標題：利用深度學(xué)習(xí)分析惡意軟件

Title: The Memory Sinkhole: An Architectural Privilege Escalation Vunerability /Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation

標題：記憶的深坑：一個設(shè)計上的通用權(quán)限升級漏洞/x86的設(shè)計缺陷導(dǎo)致通用提權(quán)

Title: Crash Pay: How to Own and Clone Contactless Payment Devices/ Crash and Pay: Owning and Cloning Payment Devices

標題：如何擁有和克隆一個非接觸式支付設(shè)備

Title: Securing Your Bigdata Environment

標題：保護你的大數(shù)據(jù)環(huán)境

Title: Breaking HTTPS with BGP Hijacking

標題：通過BGP劫持擊破HTTPS

Title: Fuzzing Android System Services by Binder Call to Escalate Privilege

標題：通過綁定調(diào)用挖掘Android系統(tǒng)服務(wù)漏洞提權(quán)

Title: Abusing Silent Mitigations: Understanding Weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection

標題：沉默緩解的濫用：了解IE瀏覽器堆棧和內(nèi)存保護的不足之處

Title: Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor

標題：濫用Windows管理診斷建立持久的異步無文件后門

Title: The Lifecycle of a Revolution

標題：革命的生命周期

Title: Internet-Scale File Analysis

標題：互聯(lián)網(wǎng)規(guī)模的文件分析

Title: These are not your Grand Daddy’s CPU Performance Counters: CPU Hardware Performance Counters for Security

標題：這不是你爺爺?shù)腃PU性能計數(shù)器：CPU硬件安全性能計數(shù)器

Title: Taxonomic Modeling of Security Threats in Software Defined Networking

標題：軟件定義的網(wǎng)絡(luò)中(SDN)安全威脅的分類模型

Title: Thunderstrike 2: Sith Strike

標題：Thunderstrike(病毒名稱) 2: Sith方式的攻擊

Title: How Vulnerable Are We to Scams?

標題：在騙局面前我們有多么弱?

Title: Hidden Risks of Biometric Identifiers and How to Avoid Them

標題：生物統(tǒng)計鑒別的隱患及其防范措施

Title: Server Side Template Injection RCE for the Modern Web App

標題：針對現(xiàn)代Web應(yīng)用程序的服務(wù)器端模板注入攻擊RCE

Title: Taking Event Correlation with You

標題：讓事件與你同在

Title: Most Ransomware isn’t as Complex as You Might Think

標題：大多數(shù)勒索軟件沒有你想象中的復(fù)雜

Title: Internet-facing PLCs—A New Back Orifice

標題：面向互聯(lián)網(wǎng)的PLCs——一個新的后門

Title: Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion

標題：震動的口袋書：為了競爭和敲詐，非法入侵化學(xué)工廠

Title: Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware

標題：在固件中使用靜態(tài)二進制分析尋找漏洞和后門

Title: How to Implement IT Security after a Cyber Meltdown

標題：網(wǎng)絡(luò)崩潰后如何實現(xiàn)IT安全

Title: Harnessing Intelligence from Malware Repositories

標題：從惡意軟件資料庫中提取情報

Title: Remote Physical Damage 101: Bread and Butter Attacks

標題：遠程物理損害101：黃油面包式的攻擊

Title: Optimized Fuzzing IOKit in iOS

標題：iOS最佳模糊測試工具——IOKit

Title: Attacking Interoperability: An OLE Edition

標題：攻擊互操作性：對象鏈接與嵌入的一個版本

Title: Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware

標題：圖形內(nèi)容前瞻：對嵌入惡意軟件內(nèi)的圖形圖像的自動化、可擴展性分析

Title: Big Game Hunting: The Peculiarities of Nation-State Malware Research

標題：大型狩獵游戲：民族國家間惡意軟件的獨特性研究

Title: Faux Disk Encryption: Realities of Secure Storage on Mobile Devices

標題：Faux磁盤加密：移動設(shè)備存儲安全的實情

Title: Mobile Point of Scam: Attacking the Square Reader

標題：手機詐騙的關(guān)鍵點：攻擊移動支付設(shè)備

Title: Red vs Blue: Modern Active Directory Attacks, Detection, and-Protection

標題：紅與藍：現(xiàn)代活動目錄的攻擊，檢測和保護

Title: Defeating Pass-the-Hash: Separation of Powers

標題：擊潰哈希傳遞攻擊：權(quán)力的分離

Title: Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service

標題：非法入侵擴頻通信衛(wèi)星：攻擊全球星的單一數(shù)據(jù)服務(wù)

Title: Morgan Web: Timing Attacks Made Practical

標題：摩根網(wǎng)絡(luò)：時序攻擊成為現(xiàn)實

Title: CrackLord Maximizing Password Cracking

標題：CrackLord使密碼破解得以最高效化

Title: Breaking Payloads with Runtime Code Stripping and Image Freezing

標題：通過運行時間代碼剝離和圖像凍結(jié)破解有效載荷

Title: Dom Flow: Untangling the Dom for More Easy Juicy Bugs

標題：Dom流：解決DOM更易涉及隱私的漏洞問題

Title: The NSA Playset: A Year of Toys and Tools

標題：NSA(美國國安局)玩具：一年的玩具和工具

Title: This is DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware

標題：DeepERENT：規(guī)避安卓惡意軟件追蹤應(yīng)用程序的行為

Title: Winning the Online Banking War

標題：贏得網(wǎng)銀戰(zhàn)爭的勝利

Title: GameOver Zeus: Bad guys and Backends

標題：宙斯游戲結(jié)束：壞人和后端

Title: Staying Persistent in Software Defined Networks

標題：在軟件定義的網(wǎng)絡(luò)(SDN)中保持持久性

Title: Repurposing OnionDuke: A Single Case Study around Reusing Nation State Malware

標題：OnionDuke的再利用：關(guān)于國家惡意軟件再利用的一個案例分析

Title: Understanding and Managing Entropy Usage

標題：理解和解決熵的使用

Title: Hi! This is Urgent Plz Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs

標題：嘿，這是迫切需要盡快修復(fù)的：重要的漏洞發(fā)現(xiàn)獎勵制度

Title: The State of BGP Security: Internet Plumbing For Security Professionals

標題：BGP的安全狀況：網(wǎng)絡(luò)需要安全專家

Title: When IoT Attacks: Hacking a Linux-Powered Rifle

標題：在物聯(lián)網(wǎng)攻擊時：入侵一把Linux驅(qū)動的步槍

Title: Why Security Data Science Matters and How it’s Different?

標題：數(shù)據(jù)安全技術(shù)的重要性及其獨特性

Title: The Tactical Application Security Program Getting Stuff Done

標題：把事情做好的戰(zhàn)術(shù)型應(yīng)用安全程序

Title: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

標題：利用DRAM Rowhammer漏洞獲取Kernel權(quán)限

Title: Attacking Your Trusted Core: Exploiting TrustZone on Android

標題：攻擊你“信賴的核心”：在安卓系統(tǒng)上利用信任區(qū)域

Title: Attacking ECMA Script Engines with Redefinition

標題：重新定義ECMA攻擊腳本引擎

Title: The Node. Js Highway—Attacks are at Full Throttle

標題：Node. Js高速路——攻擊都是開足馬力的

Title: My Bro The ELK: Obtaining Context from Security Events

標題：我的兄弟“麋鹿”：從安全事件中獲取事件的背景

Title: WSUSpect: Compromising the Windows Enterprise via Windows Update

標題：WSUSpect——通過更新Windows入侵Windows企業(yè)

Title: Subverting Satellite Receivers for Botnet and Profit

標題：利益驅(qū)使被僵尸網(wǎng)絡(luò)破壞的衛(wèi)星信號接收

Title: Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card

標題：先進的集成電路逆向工程技術(shù)：對現(xiàn)代智能卡的詳細分析

Title: Exploiting XXE Vulnerabilities in File Parsing/Upload Functionality

標題：利用文件解析/上載功能中的XXE漏洞

Title: Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS

標題：有針對性的擊殺：使用被動DNS將附帶損害最小化

Title: FileCry: The New Age of XXE

標題：cry文件：XXE的新時代

Title: Review and Exploit Neglected Attack Surface in iOS 8

標題：iOS 8中被忽視攻擊界面的研究和開發(fā)利用

Title: The Applications of Deep Learning on Traffic Identification

標題：深度學(xué)習(xí)技術(shù)在流量識別領(lǐng)域的應(yīng)用

Title: Writing Bad @$$ Malware for OS X

標題：針對蘋果操作系統(tǒng)編寫惡意軟件

Title: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems

標題：可以對氣泵監(jiān)測系統(tǒng)進行攻擊的小泵測量儀

Title: ROPInjector: Using Return-Oriented Programming for Polymorphism and Antivirus Evasion

標題：ROP注射：使用面向?qū)ο蟮亩鄳B(tài)性與反病毒規(guī)避程序設(shè)計

Title: Ah! Universal Android Rooting is Back

標題：通用安卓Root回來了

Title: Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine

標題：了解斯巴達項目的新款EdgeHTML渲染引擎的攻擊界面和攻擊韌性

Title: Cloning 3G/4G SIM Cards With a PC and an Oscilloscope: Lessons Learned in Physical Security

標題：用一臺計算機和示波器克隆3G/4G SIM卡：物理/實體安全的經(jīng)驗教訓(xùn)

Title: From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning And The SOC

標題：從錯誤的結(jié)果到可操作的分析：行為入侵檢測機器學(xué)習(xí)和SOC

Title: Bypass Control Flow Guard Comprehensively

標題：全面繞過控制流的守衛(wèi)(CFG)

Title: Fingerprints On Mobile Devices: Abusing and Leaking

標題：移動設(shè)備的指紋：濫用和泄漏

Title: ZigBee Exploited—The Good, the Bad, and the Ugly

標題： ZigBee的開發(fā)利用——善，惡，丑