Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9).
(Source: Black Hat Conference USA 2018)
1)Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
Speaker: Louis Dion-Marcil
Through our research, we explored the risks that may be encountered through ESI injection: We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and silently extract cookies.
2) Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
Speaker: Matt Wixey
This approach, which we call ROSE (Remote Online Social Engineering), is a variant of catfishing, and is performed with the specific aim of compromising an organisation's network. By building rapport with targeted victims, attackers are able to elicit sensitive information, gather material for extortion, and persuade users to take actions leading to compromises. In this talk, we place ROSE within the context of other false personae activities – trolling, sockpuppetry, bots, catfishing, and others – using detailed case studies, and provide a comprehensive and in-depth methodology of an example ROSE campaign, from target selection and profile building, through to first contact and priming victims, and finally to the pay-off and exit strategies, based on experiences from red team campaigns. We'll discuss three case studies of ROSE attacks in the wild, comparing them to the methodology we developed, and will then discuss the ethical, social, and legal issues involved in ROSE attacks. We'll proceed to cover ROSE from a defender's perspective, examining ways in which specific techniques can be detected and prevented, through technical controls, attribution, linguistic analysis, and responses to specific enquiries. To take this approach one step further, We'll also explore ways in which ROSE techniques could be used for 'offensive defence'. Finally, We'll wrap up by examining future techniques which could be of use during ROSE campaigns or for their detection, and will invite the audience to suggest other ways in which ROSE techniques could be combatted.
3) From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it
Speaker: Sean Metcalf
Some of the areas explored in this talk: * Explore how common methods of administration fail. * Demonstrating how attackers can exploit flaws in typical Active Directory administration. * Highlight common mistakes organizations make when administering Active Directory. * Discuss what's required to protect admins from modern attacks. * Provide the best methods to ensure secure administration and how to get executive, operations, and security team acceptance.
4) LTE Network Automation Under Threat
Speaker: Altaf Shaik, Ravishankar Borgaonkar
The control and management of mobile networks is shifting from manual to automatic in order to boost performance and efficiency and reduce expenditures. Especially, base stations in today's 4G/LTE networks can automatically configure and operate themselves which is technically referred to as Self Organizing Networks (SON). Additionally, they can auto-tune themselves by learning from their surrounding base stations. This talk inspects the consequences of operating a rogue base station in an automated 4G/LTE network. We exploit the weaknesses we discovered in 4G/LTE mobile phones and SON protocols to inject malicious packets into the network. We demonstrate several attacks against the network and discuss mitigation from the mobile network operators perspective.
5)Open Sesame: Picking Locks with Cortana
Speaker: Amichai Shulman,Ron Marcovich, Tal Be'ery, Yuval Ron
In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges. To make matters even worse, exploiting the vulnerability does not involve ANY external code, nor shady system calls, hence making code focused defenses such as Antivirus, Anti-malware and IPS blind to the attack. We would conclude by suggesting some defense mechanisms and compensating controls to detect and defend against such attacks.
6)Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
Speaker: Kevin Perlow
This talk is intended to providing high and medium-confidence methodologies for mapping out these blockchains through TTP analysis, script-based transaction mapping, and index-based infrastructure correlation. In doing so, analysts will be able to generate additional intelligence surrounding a threat and proactively identify likely malicious domains as they are registered or become active on the blockchain.
7)Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
Speaker: Brad Geesaman
Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage. But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization? Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.
8)The Finest Penetration Testing Framework for Software-Defined Networks
Speaker: Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo
In this talk, we introduce a powerful penetration testing tool for SDN called DELTA, which is officially supported by Open Networking Foundation (ONF). We will show nine new attack cases that have been found by DELTA but never been announced before. Also, we will discuss: - What control flows are in SDN, and why those are important as a key feature compared to the traditional networks. - What key components and workflow of DELTA to attack the real SDN components. - Which nine new attack cases have been discovered by DELTA, and we will demonstrate it. For example, one of the new attacks violates the table condition, leading to the black hole of handling packets in the switch.
Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)
Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.
Comments