Black Hat USA
August 4-9, 2018
Las Vegas, NV, USA
Black Hat Trainings
October 22-23, 2018
Chicago, IL USA
Black Hat Europe
December 3-6, 2018
London UK
5/30/2017
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2017:
Predominance of Internet of Things

Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Predominance of Internet of Things (IoT) related breaches has heightened concern over the security of network connected devices. Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Awareness of points of compromise is critical to defensive threat recon and planning. Analyzing an IoT Empire will teach you to test and defend modern IoT systems through a dual “build and penetrate” style training. Adopt an adversarial mindset and exploit contemporary consumer and industrial tools including automotive (IVI and CAN Bus controls), resource management systems (water and energy consumption abatement), health analysis implements (temperature, blood pressure, heart rate) and more. This extensive, exploratory Training delves into embedded controls, teaches less adopted ZeroMQ protocols and provides students with a complimentary Kali toolset for future use.

Compound your IoT threat intelligence with comprehension of exploits of ARM technologies, found in many modern smart electronics. Veteran Black Hat Trainer, Saumil Shah provides a complete foundation in Arm Iot Exploit Laboratory: Intro.  Familiarizing students with the basic ARM architecture and assembly language and advances techniques for debugging, exploiting and writing shellcode. Build upon this skillset or enhance your existing ARM knowledge with Arm Iot Exploit Laboratory: Advanced. The Intro and Advanced courses are taught back to back on differing days, allowing students to take the complete stack for thorough comprehension of ARM exploits and mitigations. Practical lab exercises encompassing hardware and virtual machine targets offers end-end skill development in compact timing.

When IoT Attacks: Understanding The Safety Risks Associated With Connected Devices elaborates existing IoT attack vectors and examine further risks including the potential for repurposing devices for physical attack. We have seen recent DDoS hacks, including the new Leet IoT Botnet, BrickerBot and Mirai IoT variants. Internet connected refrigerators and baby monitors have also been possessed and reprised. Presenters in this Briefing move beyond these existing attacks to answer the budding physical security question and explain the prospect of IoT hacks posing physical threats.

Discovering probable attack modes and vulnerabilities is critical. Honeypots are commonly used to spotlight anomalies and preempt attacks. Iotcandyjar: Towards An Intelligent-interaction Honeypot For Iot Devices presents the opportunity for enhancing honeypots utilizing machine learning technology for IoT device security. Researchers explain how they produced a high-interaction honeypot capable of the full coverage of low-interaction honeypots and dependability and replicability of high-interaction honeypots using machine learning. Through this adaption, detection and device signatures can be seamless and secure.

Security testing and threat identification are uniquely impacted by the IoT infrastructure. PtIoT: An Automated Security Testing Framework For the Internet of Things presents the complexities of identifying attack patterns and a new technology that has shown success testing 360 products as a basis for analyzing other IoT device systems. PtIoT combined with apprehension of breach trajectories can assess external ports, ROMS and more.

Vehicle cyber security testing has also been impacted by the influx of IoT. VT Auto-X Vehicle Automated Security Testing Tool dawns the Arsenal Theatre to discuss complications of automotive security testing and preeminent tools plus show new vulnerability detection tool Auto-X. With Auto-X provides stability and operates under heavy-traffic testing scenarios found to be missing from other tools by Auto-X designers. Universal Radio Hacker: Investigate Wireless Protocols Like a Boss also displays at Arsenal, supporting navigation of complex Software Defined Radios (SDR) protocol logic. Employ Universal Radio Hacker (URH) for more seamless demodulation, reverse engineering and fuzzing with cross platform integration in a self-contained and expandable application.

Navigate the IoT threat surface and more at Black Hat USA 2017. Briefings, Trainings and Arsenal tools provide extensive opportunities for skill development and threat awareness. Register today to join leading InfoSec Professionals and Researchers at Mandalay Bay in Las Vegas, July 22-27, 2017.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17407
PUBLISHED: 2018-09-23
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
CVE-2018-17358
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a ...
CVE-2018-17359
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
CVE-2018-17360
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executa...
CVE-2018-17361
PUBLISHED: 2018-09-23
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.