First of all, thank Orange Tsai for giving me the opportunity to participate in Black Hat USA 2021 in Las Vegas. This article would not exist without this ticket.

I am going to share my thoughts and some technical topics on the two days of Black Hat USA 2021 in this article.

The hotel and the conference venue are connected. It takes 10 minutes to walk from my room to the conference venue. It is very convenient to go back and forth between my room and the conference venue for switching between physical briefings and online briefings, considering the 20-minute gap between briefings.

Pic 1View outside my room

Pic 2Casino downstairs, it is the way to the conference venue.

Pic 4Pools outside, which make a huge contrast to the conference inside.

Pic 10The hallway

Here are the briefings I attend in chronological order.

Day 1

Keynote: Supply Chain Infections and the Future of Contactless Deliveries

9:00 ~ 10:00

Speaker: Matt Tait
Track: Keynote
Format: Briefings

First of all, Jeff Moss, the founder of Black Hat and DEF CON, did the opening, and then Matt Tait did the Keynote. Basically, He shared in a broad direction on supply chain security awareness and issues.

Pic 3Opening by the founder, Jeff Moss

A New Class of DNS Vulnerabilities Affecting Many DNS-as-Service Platforms

10:20 ~ 11:00

Speaker: Shir Tamari, Ami Luttwak
Tracks: CorpSec, Cloud & Platform Security
Format: Briefings

This briefing is made by Wiz. It mentions the Hijacking problem that may arise under the use of DNS as a Service, and took AWS Route53 as the example.

They found that in the Route53 service, the domain of its Name Server can be registered, e.g., ns-852.awsdns-42.net. After registration, if this domain is the same as the randomly assigned Name Server, and the A record of this domain points to our own server, you will intercept a lot of Dynamic DNS traffic on the server.

In Dynamic DNS, the Internal Primary Master Server is responsible for storing the IP of each computer in the intranet, and accepts the Update Query from each computer to change the corresponding IP. Computers find out where the Internal Primary Master Server is by looking up the SOA record from the Internal Recursive DNS Server.

When we use Route53 and the Internal Recursive DNS Server is not well-configured, computers may treat the IP corresponding to the A record of the Router53 Name Server as the IP of the Master Server and send an Update Query to it. From those packets, you can get the IP, physical location of the company, and even the computer name of the intranet information, etc.

There are no difficult techniques used in this briefing, it is a “oh~ there is such a thing” kind of share.

Here is the video from DEF CON.

Breaking the Isolation: Cross-Account AWS Vulnerabilities

11:20 ~ 12:00

Speaker: Shir Tamari, Ami Luttwak
Tracks: Cloud & Platform Security, AppSec
Format: Briefings

This briefing is made by Wiz as well. It is about vulnerabilities in three of the AWS services.

  • AWS CloudTrail
  • AWS Config (Same techniques used for CloudTrail)
  • AWS Serverless Application Repository

The first one is AWS CloudTrail, which makes records, exports logs, and puts them in S3 buckets. We can add a prefix for the path of the destination when exporting, and it is where the thing happened. Assume that the user with Account ID 123456789012 has a bucket victims-cloudtrail-bucket, the destination path will be victims-cloudtrail-bucket/AWSLogs/123456789012. If we add the prefix abc, the path will be victims-cloudtrail-bucket/abc/AWSLogs/123456789012.

If there is an attacker with ID 133713371337. He cannot write directly to victims-cloudtrail-bucket/AWSLogs/133713371337 if he wants to write to victims-cloudtrail-bucket. There is a path check. But, if he adds the prefix AWSLogs/123456789012, making the path to victims-cloudtrail-bucket/AWSLogs/123456789012/AWSLogs/133713371337, he can pass the check and write into the bucket.

AWS Config has the same vulnerability because it uses the same mechanism as AWS CloudTrail for interacting with S3 buckets.

Here comes the AWS Serverless Application Repository, it can fetch App images and resources from S3 buckets. To our surprise, the S3 bucket does not check who is the owner of the bucket. Anyone who knows the path of the Repository bucket with Actions set to GetObject can fetch data from the Repository bucket.

These techniques are not complicated. I think the difficult part is that there are more than 200 services in AWS. With the combination of services, these vulnerabilities are not that easy to find.

All-Purpose Remote Access Trojan

12:00 ~ 13:00

Speaker: David Hunt, Alex Manners
Tracks: Malware Offense
Format: Arsenal

In Black Hat Arsenal, each speaker introduces their open-source tools. As long as there is no Briefing at that time, I will choose to attend an Arsenal.

This article introduces Pneuma, it is an agent that can be used with C2.

The C2 demonstrated by the speaker is Prelude Operator. Pneuma supports multiple protocols (gRPC, TCP, UDP, and HTTP) and multiple operating systems. Because it is an open-source tool, users can easily customize Pneuma, such as adding commands.

Another Road Leads to the Host: From a Message to VM Escape on Nvidia vGPU

13:30 ~ 14:10

Speaker: Wenxiang Qian
Tracks: Exploit Development, Network Security
Format: Briefings

This is one of the Briefings I am looking forward to. It is about using Nvidia’s vGPU to escape from the virtual environment. I was very surprised by every Escape-related agenda.

nvidia-vgpu-mgr is running on the Host machine, handling vRPC messages from the Guest machine.

There are many kinds of vPRC commands, one of the command 0x35 – rpc_update_pde_2 can be used to leak the stack pointer, for bypassing ASLR.

When handling 0x1A - rpc_dma_control, it will copy data from the message to the memory. Since there is no boundary limit, heap overflow occurs. The overflown area will be used as an argument to the function set_item_value, which executes the unlink function from link list and mmap.

We can make the GOT of mmap to the address of the ROP gadget with the help of unlink, after that, we can use mmap to do RCE.

We have talked about the whole picture. The follow-up is the problem the presenter encounters. There is no useful gadget on the stack, so he uses 0x3C - rpc_get_engine_utilization to put gadgets on the stack.

When copying the data, it jumps between bytes, making lots of 4-bytes 0 on the heap. We can treat them as 0, as the higher 4 bytes of the address, or use the pop operation to solve this problem.

In conclusion, I think it is very interesting to make an exploit chain with vRPC messages. I just mention some important points above. If you read the slides from the presenter, you will know that it is a time-consuming process.

Diving Into Spooler: Discovering LPE and RCE Vulnerabilities in Windows Printer

14:30 ~ 15:00

Speaker: Zhiniang Peng, XueFeng Li, Lewis Lee
Tracks: Applied Security, Exploit Development
Format: Briefings

This is a Briefing from Sangfor. I would like to attend this briefing mainly because the recent PrintNightmare is a vulnerability from Printer Spooler, I want to know more about this program.

The speaker started with CVE-2020-1048 and introduced various vulnerabilities of Printer Spooler in the past two years, from arbitrary write after privilege escalation, bypass with a symbolic link, UNC path, NTFS Alternate Data Stream, to arbitrary delete, which is created from one of the patches. They kept fixing Printer Spooler.

And this year, memory corruption, multiple RCEs, finally making PrintNightmare the winner of “Most Epic Fail”, the nominee of “Best Server-Side Bug”. CVE-2020-1048 and CVE-2020-1337 are the nominees of “Best Privilege Escalation Bug”. CVE-2021-1675 is the nominee of “Best Server-Side Bug”. All from Pwnie Awards. There is Microsoft everywhere, including other vulnerabilities like ProxyLogon. Are they doing product placement advertising? I don’t know. But I am sure they are famous now in the security field, not sure it’s good or bad for them though

There are so many vulnerabilities coming out from Printer Spooler. The conclusion from the speakers totally makes sense,
“Disabled your spooler, if you don’t need it."

Put in One Bug and Pop Out More: An Effective Way of Bug Hunting in Chrome

15:20 ~ 16:00

Speaker: Leecraso, Rong Jian, Guang Gong
Tracks: AppSec, Exploit Development
Format: Briefings

This briefing is about how to find new bugs from older bugs in Chrome. They write patterns for CodeQL to find more similar bugs.

There are three parts

  1. From previous vulnerabilities, they found UAF can easily happen with RenderFrameHost pointer. Add some restrictions like the Base class of RenderFrameHost pointer should not belong to FrameServiceBase, which may clean up RenderFrameHost pointer, and false positive can be reduced.
  2. The next step is to make some mutations. They tried to find UAF from pointers that are accessed after they got erased from some unexpected conditional branches.
  3. The last one is WeakPtr Optimization. If no null test is performed, it can easily become null pointer dereference, which crashes the program. However, if they do optimization when compiling the program, it may not crash, further into UAF.

In conclusion, I think write patterns after analysis, and then use CodeQL to find vulnerabilities is a very effective way.

Locknote: Conclusions and Key Takeaways from Day 1

16:20 ~ 17:00

Speaker: Jeff Moss, Stephanie Domas, Alex Ionescu, Kymberlee Price, Chris Rohlf
Track: Keynote
Format: Briefings

This briefing is for guests to chat with the host on stage, like a Live Talk Show. This is not unique to the United States. I have seen the same kind of briefing at a security conference in Taiwan.

What impressed me the most is that almost everyone on the stage has a bottle of beer. I personally like this kind of feeling. Some exchanges, some discussions, telling others your ideas, with beer, chill ~

Pic 5Jeff Moss holds the rundown in one hand and the beer in the other, coooool

Pwnie Awards

17:30 ~ 18:30

Pic 6The Pwnie Awards

In fact, not many people came to the site for the Pwnie Awards. I think there are mainly two reasons. One is that this event is not advertising on the Black Hat webpage. The other is that there are many happy drinking social events at that time.

The presenters have prepared jokes between the awards, and the presenters are changing. It really feels like a large-scale awards ceremony.

I personally think that the most interesting part of the Pwnie Awards is that there are awards like “Lamest Vendor Response” and “Most Epic Fail”, letting everyone know what ridiculous things have happened in the information security industry in the past year. It is also a reminder to vendors, where there are many places they should be aware of. After all, vulnerabilities are not only related to hackers, vendors should cooperate with their best for minimizing the damage.

In addition, I think these awards not only give honors to the nominees and winners, but also have the advantage that they can be semi-motivating for those who want to participate to learn more. It’s like the “Song of the Year” at the Golden Melody Awards. If you are interested in this award, you should listen to every song at least once after the nominees are announced. Otherwise, on the day of the award, a song won, and you have no way to come up with more thoughts, “Ah, I actually like another song more. It’s a pity that it didn’t win the award”, “I didn’t expect this song to win the award, but the concept behind this song is indeed very interesting.” In the same way, when the research is in front of you and you want to participate in this awards ceremony, then understanding the general idea for every research is something you should do. Otherwise, you will only see a bunch of awards and corresponding winners, but have no idea about the meaning and reason behind both the awards and research.

Here is the website of the Pwnie Awards, there are outside resources for nearly every nominee.

Pic 7And, congratulations to Orange Tsai for winning the Best Server-Side Bug

Day 2

Business Hall

Business Hall is where the vendors are, it is on the first floor of Mandalay Bay Convention Center (P.S. Briefings are on the second and third floor). It lasts for two days, and it is a very big place. Luckily, I went to CyberSec this year, so I can make a comparison. The difference between the two is that Black Hat got food, alcohol, and live performances, making it a more casual place for vendors. It is because of the cultural difference I guess.

Pic 11Business Hall

Pic 12There are many mini bars

Pic 13CrowdStrike shows three huge figures

Pic 14Live Band

Pic 15Food Stand

Turing in a Box: Applying Artificial Intelligence as a Service to Targeted Phishing and Defending Against AI Generated Attacks

10:20 ~ 11:00

Speaker: Eugene Lim, Glenice Tan, Tan Kee Hock, Timothy Lee
Tracks: Human Factors
Format: Briefings

Pic 8Research from Government Technology Agency, Singapore

This briefing is from Singapore, talking about using AI as a Service(AIaaS)for phishing and how to prevent it. I choose this one because I’d like to have an update on what AI can do in the security field.

They mention that GPT-3 API from OpenAI is not only excellent, but also provides a “text in, text out” environment that is convenient for users. When the basic information of the target is provided to AI, it can generate a phishing letter for the target. Although the letter still needs manual inspection and minor modification, I believe it will be better in the near future, which is completely AI automation without any modification by humans.

In the second half of the briefing, they mention that although AI phishing letters are effective, automatic detection is very difficult, it is not completely impossible to deal with. You can build a model by calculating the word sequence, the entropy of the predicted distribution, and the absolute rank of the word, to check whether the letter is automatically generated by AI, but the outcome is not guaranteed. It depends on the phishing letter model.

At last, they talk about the regulation of GPT-3 API. OpenAI has a strong process governing the use of GPT-3 API, which means malicious usage is not allowed. But with more suppliers on AIaaS, it should be even more difficult to regulate, and here comes the malicious usage on GPT-3 API.

I think it is what cybersecurity is. As the offense gets better, the defensive side will get better, and then the offense will get better again, but the defensive side can still catch up because the technology and techniques received by both sides are the same. The same goes for vulnerabilities. Your current attack method will be blocked by the patch soon, and even if you patch it, there are still vulnerabilities in other places or in new features.

Keep learning, make progress, encourage for you and me XD

I’m a Hacker Get Me Out of Here! Breaking Network Segregation Using Esoteric Command & Control Channels

11:20 ~ 12:00

Speaker: James Coote, Alfie Champion
Tracks: Network Security, Defense
Format: Briefings

This briefing is from F-Secure. It is about the way to connect C2 and the client even if there is no direct internet connection between them.

The tool used is the open source tool provided from F-Secure, C3

And the presenters provide two references

  1. Using and detecting C2 printer pivoting
  2. Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #3

They introduce four ways

  1. C2 into VMs through vCenter and Guest Additions
  2. C2 using arbitrary network printers and print jobs
  3. C2 over Remote Desktop mapped drives and file shares
  4. C2 using LDAP attributes

The presenters explained in detail about the circumstance, limitations, principles behind the use of the above four methods, and how to implement them.

From logs, loaded modules, and even specific kind of connection appears may indicate that such a technique is being carried out.

In the end, the presenters conclude that when we want to isolate an environment, we should make sure that it is completely isolated, or if there is a connection to a printer, it can be an implicit connection route.

We have to think about how to detect this kind of situation, and whether we can further achieve complete isolation.

C2 is not necessarily used to do bad things. Today I may just want to control a machine with no direct connection. Then C3 and the content introduced in this briefing may be used as a reference for my future deployment.

reNgine: An Automated Reconnaissance Framework

12:00 ~ 13:00

Speaker: Yogesh Ojha
Tracks: Web AppSec
Format: Arsenal

This is an Arsenal introducing the open-source tool reNgine. As mentioned in the title, it is an automated reconnaissance framework.

There are many features, the most interesting part for me is filter and co-relation. For example, it can quickly list subdomains for port 22, or even subdomains using Apache. It has great visualization modules, which can show the big picture of the target.

Besides, it has an Interesting tag function. Users can set it up, and the match results will get this tag. They can even set up notifications for these match results. For now, it supports slack, discord, and telegram.

It has a history comparison function. For a single target, it can compare the last scan to the latest one, so users can know what are the differences between the two scans immediately. It also supports proxy, and it will send requests from a random one, preventing a potential ban.

I think it is a really great tool. For recon, if the target is huge, we may get tons of data. With this tool, all the data are organized, we can apply various filters, and it gives us a clear visualization graph. I should try it sometime.

HTTP/2: The Sequel is Always Worse

13:30 ~ 14:10

Speaker: James Kettle
Tracks: AppSec, Cloud & Platform Security
Format: Briefings

This is one of the briefings I am most interested in. HTTP/2 vulnerabilities by James Kettle from PortSwigger.

In summary, HTTP/2 downgrades create a lot of tricky points in the backend. After the request is downgraded, basically the security features in HTTP/2 are also discarded.

According to the presenter, if there is no downgrade happens, basically most of the vulnerabilities will no longer exist (except for URL prefix injection).

Here is the Blog post from PortSwigger, with videos included.

In addition, PortSwigger has released Burp Suite 2021.8, which adds many features for HTTP/2. Go download and play with it if you are interested.

P.S. At the moment I review this post, it has come to Burp Suite 2021.8.1

Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications

14:30 ~ 15:00

Speaker: Natalie Silvanovich
Tracks: Mobile, AppSec
Format: Briefings

This briefing is from Google, bringing in vulnerabilities related to calling state machines.

The presenter analyzed many mobile messaging applications, and found many vulnerabilities related to calling state machines, including Signal, Facebook Messenger, JioChat, Mocha, and Google Duo. It allows calls to be connected without user interaction.

The cause of this issue is that before the caller and callee start the connection, there are many messages exchanging, either with servers in the middle or without servers. If we mess up the order of the messages, or change the sending direction of the messages, it may confuse the state machine, which leads to audio and video transmission without consent.

No one would want their mobile phone to suddenly turn on the camera or the microphone and transmit it to the other end, right?

In conclusion, developers should be careful when designing calling state machines. They should be aware of unusual circumstances. Besides, this research is focusing on one-to-one connections, group calls could have other related issues for further research.

ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!

15:20 ~ 16:00

Speaker: Orange Tsai
Tracks: AppSec, Exploit Development
Format: Briefings

This is one of the briefings I am most interested in as well. It is the Microsoft Exchange Server vulnerabilities by Orange Tsai from Devcore. Start from a Facebook posting win 惹 and lasts for several months, basically everyone has heard of this Exchange Server issue if you follow the security news. Just don’t know about the technical details.

In this briefing, there are ProxyLogon, ProxyOracle, and ProxyShell, all in one, highly recommended.

Here is the Blog post from Devcore, and there are videos and slides included. Please read it yourself.


Timeless Timing Attacks

Speaker: Tom Van Goethem, Mathy Vanhoef
Tracks: Network Security, AppSec
Format: Briefings

I made up this online briefing after Black Hat USA 2021. Traditional timing attacks will be affected by the transmission between networks. It is difficult to implement in the real world. A small delay between routers can make a huge difference to the result.

In this briefing, the presenters introduce Timeless timing attack, which contains three requirements,

  1. Requests need to arrive at the same time at the server
  2. Server needs to process requests concurrently
  3. Response order needs to reflect difference in execution time

And three attack scenarios,

  1. direct timing attack
  2. cross-site timing attack
  3. Wi-Fi authentication

The broad concept is to put multiple requests in a single packet, one is test, and the other one is baseline. They will arrive at the same time, and be processed concurrently. The attacker can observe the response order and leak sensitive information.

With this kind of technique, we will not be affected by network jitter at all like the traditional timing attack.

Here is the video from DEF CON, and a previously private Hackerone Report, which disclosed right after this talk.


There are slides for most of the briefings. You can download them from Black Hat USA 2021.

Some people may wonder why I did not go to DEF CON as well. That is because DEF CON requires people to be fully vaccinated. I don’t meet the requirement. I hope I can go to DEF CON sometime in the future.

I am very lucky to take one of the student scholarships from Orange Tsai.

I really learned a lot from it, and I encourage everyone to attend Black Hat if you are interested.

Thanks to all the researchers and staff from Black Hat USA 2021.

If you have any questions, feel free to contact me.

Pic 16