Black Hat USA 2016
Our CEO George Pagkos attended the Black Hat* six day event. Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Training for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards and more (August 3-4).
Here you can see the training, briefings and Arsenal list:
https://www.blackhat.com/us-16.
The training selected for Mr. Pagkos to attend was not a personal decision, but of the Digital-Investigations team and was one of the most difficult as there were many choices (70 training modules) with many of them being excellent. A month's research on previous Black Hat presentation and trainer reviews were required to form a decision.
Finally, it was decided that Mr. Pagkos would attend the Advanced Infrastructure hacking: 4 day (https://www.blackhat.com/us-16/training/advanced-infrastructure-hacking-4-day.html), in order to gain knowledge and expertise on the latest hacking techniques used.
The course, which involved a variety of hacking techniques for common operating systems and networking devices, was as follows:
Day 1:
TCP/IP basics
Network Enumeration
Port scanning
TCP/UDP/ICMP scanning
Windows/Linux enumeration
The Art of brute-forcing
Database Exploitation (Oracle, Postgres, Mysql)
Hacking Application servers
Hacking Third party applications (Wordpress, Joomla)
Day 2:
Windows Vulnerabilities
Mastering Metasploit, Mimikatz and other tools
Latest remote exploits
Local privilege escalation
Pass the hash/Pass the ticket
Custom payloads
Post-exploitation
Pivoting to different networks
Day 3:
Linux Vulnerabilities
Finger
Rservices
NFS Hacks
SSH hacks
X11 vulnerabilities
Local Privilege escalation
Kernel exploits
Weak file permissions
SUID/SGID scripts
CRON Jobs
Inetd services
Day 4:
VLAN Hopping
Hacking VoIP
VPN
Exploiting insecure VPN configuration
Switch/Router vulnerabilities
Insecure SNMP configuration
B33r 101
The 2 day main event that followed, with briefings, the Business Hall, the state-of-the-art Arsenal and the many acquaintances made there, were also especially of interest.
The Business Hall featured many of the industry's top solution providers and start-ups, showcasing the latest tools, technologies and services supporting the security community. The 2016 expansion brought more opportunities for vendor, attendee and community engagement.
As participants we were given many opportunities to actively engage with the community, and we seized the opportunity to utilize the Business Center area, where we held many private meetings and expanded our network.
The Arsenal, the Tool/Demo area where independent researchers and the open source community showcased some awesome products, was bigger than ever, giving greater value to both the Black Hat event and the participation.
The full list of the main event briefings with material is posted here: https://www.blackhat.com/us-16/briefings.html
Some of the selected briefings which Mr. Pagkos attended: Beyond the MCSE: Active Directory for the Security Professional
This presentation covered key Active Directory components which are critical for security professionals to know in order to defend AD.
The presentation highlighted areas attackers go after, including some recently at the time patched vulnerabilities and the exploited weaknesses. This included the critical Kerberos vulnerability (MS14-068), Group Policy Man-in-the-Middle (MS15-011 & MS15-014) and how they took advantages of AD communication.
Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness
It has been proven that it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).
The briefing contained a detailed reference to relevant research findings and recommendations were given to companies and security professionals.
Drone Attacks on Industrial Wireless A new front in cyber security
The main subjects of this briefing were Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, defensive planning, and Electronic Attack Threats with Drones as a delivery platform.
An Insider's Guide to Cyber-Insurance and Security Guarantees
The economic consequences of the cyber-attacks on companies and the recent years’ trend for cyber-insurance were analyzed during the briefing.
The idea behind cyber-insurance was that in addition to providing companies with security products, services would also be provided, including conditional guarantees and insurance from cyber attack.
Design approaches for security automation
Organizations often scale at a faster pace than their security teams. This presentation discussed criteria for designing and evaluating security automation tools for organizations. The goal was to provide audience members with effective small and large scale automation techniques, for securing their environments.
The Remote Malicious Butler Did It!
Starting from the relevant Black Hat presentation of 2015 "Bypassing Local Windows Authentication to Defeat Full Disk Encryption", where the attacker using a rogue Domain Controller and having physical presence on premises could use local authentication vulnerabilities, the aim of this briefing was to raise the publics awareness as to the possibility of something similar being performed remotely. The process and technical details of taking advantage of a rogue Domain Controller were presented. General detection and prevention methods against Domain Controllers were analyzed.
Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
In Windows 10, Microsoft introduced virtualization-based security (VBS), the set of security solutions based on a hypervisor. Details of VBS implementation were described and assessments of the attack surface of Windows 10 were presented, which is very different from other virtualization solutions. Besides a lot of theory, they also demonstrated actual exploits: one against VBS itself and one against vulnerable firmware.
AirBnBeware: Short Term Rentals Long Term Pwnage
This presentation covered the issue of a lack of network security of short term rentals' common networks. Common attacks and their corresponding defense (conventional or otherwise) were discussed, with a strong emphasis on practicality and simplicity. This presentation contained demos of attacks and introduced a typical hardware for defense.
Iran's Soft-War for Internet Dominance
Civil society and political opponents are a primary target of Iranian intrusion campaigns, which gives rise to the motivation and basis for Claudio Guarnieri’s & Collin Anderson’s research into the ecosystems and threats originating from the country.
The briefing served as an initial technical overview complementing their forthcoming publication on Iran based computer network operations, providing the following:
first accounting of a new threat actor targeting interests aligned with the Iranian state;
additional research on the activities of the Infy group
documentation of new developments in the malware and activities believed to be connected to known threat actors Rocket Kitten and Operation Cleaver
descriptions of tactics by known actors in response to political events inside of Iran.
*BlackHat: Conference organized by UBM **notsosecure: registered trademark of NotSoSecure Global Services Limited
