Black Hat USA 2016

Our CEO George Pagkos attended the Black Hat* six day event. Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Training for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards and more (August 3-4).

Here you can see the training, briefings and Arsenal list:

The training selected for Mr. Pagkos to attend was not a personal decision, but of the Digital-Investigations team and was one of the most difficult as there were many choices (70 training modules) with many of them being excellent. A month's research on previous Black Hat presentation and trainer reviews were required to form a decision.

Finally, it was decided that Mr. Pagkos would attend the Advanced Infrastructure hacking: 4 day (, in order to gain knowledge and expertise on the latest hacking techniques used.

The course, which involved a variety of hacking techniques for common operating systems and networking devices, was as follows:

Day 1:

  • TCP/IP basics

  • Network Enumeration

  • Port scanning

  • TCP/UDP/ICMP scanning

  • Windows/Linux enumeration

  • The Art of brute-forcing

  • Database Exploitation (Oracle, Postgres, Mysql)

  • Hacking Application servers

  • Hacking Third party applications (Wordpress, Joomla)

Day 2:

  • Windows Vulnerabilities

  • Mastering Metasploit, Mimikatz and other tools

  • Latest remote exploits

  • Local privilege escalation

  • Pass the hash/Pass the ticket

  • Custom payloads

  • Post-exploitation

  • Pivoting to different networks

Day 3:

  • Linux Vulnerabilities

  • Finger

  • Rservices

  • NFS Hacks

  • SSH hacks

  • X11 vulnerabilities

  • Local Privilege escalation

  • Kernel exploits

  • Weak file permissions

  • SUID/SGID scripts

  • CRON Jobs

  • Inetd services

Day 4:

  • VLAN Hopping

  • Hacking VoIP

  • VPN

  • Exploiting insecure VPN configuration

  • Switch/Router vulnerabilities

  • Insecure SNMP configuration

  • B33r 101

The 2 day main event that followed, with briefings, the Business Hall, the state-of-the-art Arsenal and the many acquaintances made there, were also especially of interest.

The Business Hall featured many of the industry's top solution providers and start-ups, showcasing the latest tools, technologies and services supporting the security community. The 2016 expansion brought more opportunities for vendor, attendee and community engagement.

As participants we were given many opportunities to actively engage with the community, and we seized the opportunity to utilize the Business Center area, where we held many private meetings and expanded our network.

The Arsenal, the Tool/Demo area where independent researchers and the open source community showcased some awesome products, was bigger than ever, giving greater value to both the Black Hat event and the participation.

The full list of the main event briefings with material is posted here:

Some of the selected briefings which Mr. Pagkos attended: Beyond the MCSE: Active Directory for the Security Professional

This presentation covered key Active Directory components which are critical for security professionals to know in order to defend AD.

The presentation highlighted areas attackers go after, including some recently at the time patched vulnerabilities and the exploited weaknesses. This included the critical Kerberos vulnerability (MS14-068), Group Policy Man-in-the-Middle (MS15-011 & MS15-014) and how they took advantages of AD communication.

Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness

It has been proven that it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).

The briefing contained a detailed reference to relevant research findings and recommendations were given to companies and security professionals.

Drone Attacks on Industrial Wireless A new front in cyber security

The main subjects of this briefing were Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, defensive planning, and Electronic Attack Threats with Drones as a delivery platform.

An Insider's Guide to Cyber-Insurance and Security Guarantees

The economic consequences of the cyber-attacks on companies and the recent years’ trend for cyber-insurance were analyzed during the briefing.

The idea behind cyber-insurance was that in addition to providing companies with security products, services would also be provided, including conditional guarantees and insurance from cyber attack.

Design approaches for security automation

Organizations often scale at a faster pace than their security teams. This presentation discussed criteria for designing and evaluating security automation tools for organizations. The goal was to provide audience members with effective small and large scale automation techniques, for securing their environments.

The Remote Malicious Butler Did It!

Starting from the relevant Black Hat presentation of 2015 "Bypassing Local Windows Authentication to Defeat Full Disk Encryption", where the attacker using a rogue Domain Controller and having physical presence on premises could use local authentication vulnerabilities, the aim of this briefing was to raise the publics awareness as to the possibility of something similar being performed remotely. The process and technical details of taking advantage of a rogue Domain Controller were presented. General detection and prevention methods against Domain Controllers were analyzed.

Analysis of the Attack Surface of Windows 10 Virtualization-Based Security

In Windows 10, Microsoft introduced virtualization-based security (VBS), the set of security solutions based on a hypervisor. Details of VBS implementation were described and assessments of the attack surface of Windows 10 were presented, which is very different from other virtualization solutions. Besides a lot of theory, they also demonstrated actual exploits: one against VBS itself and one against vulnerable firmware.

AirBnBeware: Short Term Rentals Long Term Pwnage

This presentation covered the issue of a lack of network security of short term rentals' common networks. Common attacks and their corresponding defense (conventional or otherwise) were discussed, with a strong emphasis on practicality and simplicity. This presentation contained demos of attacks and introduced a typical hardware for defense.

Iran's Soft-War for Internet Dominance

Civil society and political opponents are a primary target of Iranian intrusion campaigns, which gives rise to the motivation and basis for Claudio Guarnieri’s & Collin Anderson’s research into the ecosystems and threats originating from the country.

The briefing served as an initial technical overview complementing their forthcoming publication on Iran based computer network operations, providing the following:

  • first accounting of a new threat actor targeting interests aligned with the Iranian state;

  • additional research on the activities of the Infy group

  • documentation of new developments in the malware and activities believed to be connected to known threat actors Rocket Kitten and Operation Cleaver

  • descriptions of tactics by known actors in response to political events inside of Iran.

*BlackHat: Conference organized by UBM **notsosecure: registered trademark of NotSoSecure Global Services Limited

#blackhat #mnorel

Featured Posts
Follow Us
  • Mnorel Linkedin
  • Digital Investigations Linkedin
  • Mnorel Facebook