The Summer Siren Song: What I’m Looking Forward to at Black Hat USA 2017

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Every year, around mid-July I get excited. It could be the warm weather, but more than likely it’s due to Black Hat. Ever since I started my career in information security, Black Hat has been the siren song for hackers around the globe. Like moths to the flame, security practitioners flock to Black Hat for the opportunity to combine highly technical content, networking opportunities, and debauchery in one place. This year, I was fortunate enough to be part of the Black Hat Review Board. This was an amazing experience that I hope to repeat in the coming years. Being part of the Review Board gave me a unique opportunity to review talks that I found particularly interesting. In this blog, I’ll share a summary of the talks I find most enticing, and why.

Adventures in Attacking Wind Farm Control Networks by Jason Staggs

Date and Time: Wednesday, July 26 | 10:30am-10:55am | Lagoon ABCGHI

Plain and simple, this talk looks awesome. An area of research I’ve focused on for years is operational technology like SCADA devices. This talk covers an area that has flown under the radar for several years – wind farms. Jason promises that this talk will cover wind farm control system networks and how to compromise them. Who doesn’t want to hear and learn about compromising giant, bladed structures? I do!

(Image care of: http://wonderopolis.org/wp-content/uploads//2014/08/wind-farm-shutterstock_56953921-800×460.jpg)

Breaking the Laws of Robotics: Attacking Industrial Robots by a whole bunch of great researchers

Date and Time: Thursday, July 27 | 11:00am-11:50am | Mandalay Bay AB

Before Skynet became aware, industrial robots were running the world. Industrial robots control most of our daily lives, whether we like it or not. In this talk, several researchers plan to cover vulnerabilities related to industrial robots and networking equipment. SCADA environment and technology vulnerabilities have been widely discussed in the past, but these researchers are promising to bring a new research perspective, which seems promising. Anything that involves compromising robots, I’m there.

(Image care of https://static1.businessinsider.com/image/53aac22f5afbd3b1548b4570/us-factory-activity-hits-two-year-high-private-payrolls-surge.jpg)

RBN Reloaded- Amplifying Signals From The Underground by Dhia Mahjoub, David Rodriguez & Jason Passwaters

Date and Time: Thursday, July 27 | 5:00pm-5:25pm | Mandalay Bay CD

Being a researcher primarily focused on threat intelligence, I’m a sucker for talks that demonstrate new ways of performing hunting, intelligence gathering, human intelligence (HUMINT), and signals intelligence (SIGINT). This talk will showcase some new methodologies for network and actor intelligence gathering. Also, it appears the talk is going to introduce some interesting topics regarding bulletproof hosting (BPH) services which are always interesting.

(Image care of https://myspace.com/therussianbusinessnetwork/mixes/classic-my-photos-399376/photo/129704733)

Cracking The Lens: Targeting HTTP’s Hidden Attack Surface by James Kettle

Date and Time: Wednesday, July 26 | 4:00pm-4:50pm | Mandalay Bay GH

Any new attack methodology that include HTTP or HTTPS automatically gets my attention. Given that the world relies on these communication protocols, this talk seems interesting. James plans to reveal hidden systems using malformed requests and headers… And to sweeten the pot, he’s also releasing a new Burp Suite extension called Collaborator Everywhere. New Burp Suite extension on top of revealing hidden systems with fundamental protocol weakness? Sounds awesome to me!

(Image care of https://mahafreed.files.wordpress.com/2008/09/untitled.jpg)



“Friday the 13th: JSON Attacks” by Alvaro Muñoz & Oleksandr Mirosh

Thursday, July 27 | 2:30pm-3:20pm | Mandalay Bay EF

And my personal winner for the best title of the year for Black Hat USA 2017: Amazing.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
138 Followers
About DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com.
Promoted Content
The Distribution of Malicious Domains
In our previous reports, we profled malicious domains by describing patterns in theirregistration details: top level domain (TLD), free email provider, Whois privacy provider, andhosting location. In this edition, we compared the distributions of malicious domains vs neutraldomains across a measure of age (both of the domain and of the name server domain) anda measure of the entropy of the domain name. We also examined malicious domains acrossregistrars to fnd additional clues as to how and when these domains were registered.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel