Top 7 'Enterprise Security' Talks From Black Hat Conference 2018 (USA)

Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world. 

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9).

(Source: Black Hat Conference USA 2018)

1) Remotely Attacking System Firmware

Speaker: Jesse Michael, Mickey Shkatov, Oleksandr Bazhaniuk

In this talk, we will show different remote attack vectors into system firmware, including networking, updates over the Internet, and error reporting. We will also be demonstrating and remotely exploiting vulnerabilities in different UEFI firmware implementations which can lead to installing persistent implants remotely at scale. The proof-of-concept exploit is less than 800 bytes. How can we defend against such firmware attacks? We will analyze the remotely exploitable UEFI and BMC attack surface of modern systems, explain specific mitigations for the discussed vulnerabilities, and provide recommendations to detect such attacks and discover compromised systems.

>>Go To Presentation


2) An Attacker Looks at Docker: Approaching Multi-Container Applica...

Speaker: Wesley McGrew

The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A penetration tester can expect to leave this presentation with a practical exposure to multi-container application post-exploitation that is as buzzword-free as is possible with such a trendy topic.

>>Go To Presentation

 

3) From Workstation to Domain Admin: Why Secure Administration isn'...

Speaker: Sean Metcalf

Some of the areas explored in this talk: * Explore how common methods of administration fail. * Demonstrating how attackers can exploit flaws in typical Active Directory administration. * Highlight common mistakes organizations make when administering Active Directory. * Discuss what's required to protect admins from modern attacks. * Provide the best methods to ensure secure administration and how to get executive, operations, and security team acceptance.

>>Go To Presentation

 

4) Open Sesame: Picking Locks with Cortana

Speaker: Amichai Shulman,Ron Marcovich, Tal Be'ery, Yuval Ron

In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges. To make matters even worse, exploiting the vulnerability does not involve ANY external code, nor shady system calls, hence making code focused defenses such as Antivirus, Anti-malware and IPS blind to the attack. We would conclude by suggesting some defense mechanisms and compensating controls to detect and defend against such attacks.

>>Go To Presentation

5) Money-rity Report: Using Intelligence to Predict the Next Paymen...

Speaker: Cathal Smyth, Clare Gollnick

By using intelligence gathered from online sources such as the dark web combined with transactional data, we demonstrate predictive analytics that can not only identify who the next fraud victims will be, but also where card data is being stolen from, all before any fraudulent transactions have occurred.

>>Go To Presentation


6) Stop that Release, There's a Vulnerability!

Speaker: Christine Gadsby

This presentation looks at the real world process of the BlackBerry Product Security team. In partnership with product owners, developers, and senior leaders, they've spent many years developing and refining a software defect tracking system and a risk-based release evaluation process that provides an effective software 'security gate.' Working with readily available tools and longer-term solutions including automation, we will provide solutions attendees can take away and implement immediately. • Tips on how to document, prioritize, tag, and track security vulnerabilities, their fixes, and how to prioritize them into release targets • Features of common tools [JIRA, Bugzilla, and Excel] you may not know of and examples of simple automation you can use to verify ticket resolution. • A guide to building a release review process, when to escalate to gate a release, who to inform, and how to communicate.

>>Go To Presentation

 

7) A Deep Dive into macOS MDM (and How it can be Compromised)

Speaker: Jesse Endahl, Max Bélanger

Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac.

>>Go To Presentation

Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Views: 149

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service