11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
More than 130 security researchers and developers are ready to showcase their work.
July 29, 2020
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt2c77e2cbfddacc11/64f0d301aee48c6ac8c684fb/1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Black Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community.
Independent researchers and others use Arsenal to demonstrate their work and discuss the benefits and best practices for using them.
At this year's virtual event, to be held between August 1 to August 6, more than 130 presenters will demonstrate dozens of tools, frameworks, and approaches for securing software, firmware, hardware, and mobile systems against a variety of threats.
The tools have been categorized under 16 different tracks, including app security, code assessment, mobile app security, smart grid and industrial security, malware defense, and the Internet of Things (IoT).
Here is a sampling of the tools and frameworks to be highlighted from eight categories.
UFO
UFO is a tool designed to let security researchers and firmware developers assess the security robustness of IoT device firmware. The tool allows security verification assessors to look for known vulnerabilities, check the strength of passwords and certificates, and provide a guide of backdoor paths in the firmware.
Key feature/capability: UFO profiles the IoT firmware in many surfaces, such as known vulnerabilities, sensitive data, cracked passwords, and hidden backdoors. It saves penetration testers the time to gather information and helps create attack vectors."
MUD-Visualizer
MUD-Visualizer is a tool designed to let developers ensure their access control mechanisms for an IoT device are not in conflict with the manufacturer usage description (MUD) for the device. MUD is an IETF standard for defining the behavior of specific IoT devices so common defensive mechanisms can be implemented for the device.
Key feature/capability: "MUD-Visualizer is a tool that provides a visualization of any number of MUD-Files and is designed to enable developers to produce correct MUD-Files by providing format corrections, integrating them with other MUD-Files, and identifying conflicts through visualization."
Capa
Capa is an open source tool designed to automatically identify the full range of capabilities of a malware sample. The tool is aimed at anyone dealing with potentially malicious software, including malware, intelligence, and forensic analysts. It allows these professionals to determine whether the malware is a downloader, a backdoor, or if it has any suspicious or unique malicious functionality.
Key feature/capability: "Capa takes automated malware triage to the next level going from simply saying 'this is probably bad' to providing a concise description of what a program actually does."
BSF
The Botnet Simulation Framework (BSF) is a tool that allows security admins to create realistic simulations of peer-to-peer botnet activity, according to its official description. It allows security admins to simulate different botnet behavior, including churn and variable bot activity and also anti-detection and monitoring mechanisms.
Key feature/capability: "BSF allows defenders to get ahead in the arms race by developing and evaluating new botnet monitoring techniques and countermeasures."
PurpleSharp
PurpleSharp, according to its official description, is an open source tool designed to provide insight into how adversaries target Windows Active Directory (AD) environments. The tool allows security testers to execute different attack behaviors against AD environments, including malware execution, privilege escalation, persistence, and credential access.
Key feature/capability: "PurpleSharp executes simulations on remote hosts by leveraging administrative credentials and native Windows services/features such as Server Message Block (SMB), Windows Management Instrumentation (WMI), Remote Procedure Call (RPC) and Named Pipes."
C2 Matrix
The C2 Matrix is designed to provide enterprise red teams, blue teams, and purple teams a way to understand adversary tactics, techniques, and procedures (TTPs) and to perform emulations of adversary command-and-control (C2) frameworks in order to improve threat detection and prevention controls. The framework lists almost all known C2 features, including coding language, most common communication channels, and key exchange.
Key feature/capability: "The C2 Matrix was created to aggregate all the Command and Control frameworks publicly available (open-source and commercial) in a single resource to assist teams in testing their own controls through adversary emulations."
ControlThings Platform
The ControlThings Platform is described as giving security administrators a way to perform penetration testing of SCADA, DCS, field devices, and other industrial control systems. The platform combines the capabilities of security-assessment tools for traditional IT infrastructures and those of tools designed for ICS environments.
Key feature/capability: "ControlThings Platform takes the best-in-breed security assessment tools for traditional IT infrastructures and adds specialized tools for embedded electronics, proprietary wireless, and a healthy dose of ICS specific assessment tools, both from the greater community and custom created from our own teams."
Manuka
Manuka is an open source intelligence (OSINT) honeypot aimed at providing threat hunters and defenders with early warning about attacker reconnaissance activity. Unlike traditional honeypots that are designed to give defenders early warning about weaponization activity and actual malicious activity, Manuka is designed to alert defenders about pre-attack activity so they have a way to prepare for it.
Key feature/capability: "Manuka is built to scale. Users can easily add new listener modules and plug them into the Dockerized environment. They can coordinate multiple campaigns and honeypots simultaneously to broaden the honeypot surface."
MobSF
Mobile Security Framework (MobSF) is an automated malware analysis, security assessment, and pen-testing framework for Android and iOS mobile applications. It can be used to perform static and dynamic analysis of mobile applications based on these two operating systems.
Key feature/capability: "MobSF supports mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline."
MobSF
Mobile Security Framework (MobSF) is an automated malware analysis, security assessment, and pen-testing framework for Android and iOS mobile applications. It can be used to perform static and dynamic analysis of mobile applications based on these two operating systems.
Key feature/capability: "MobSF supports mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline."
Black Hat Arsenal is a venue for developers and researchers to showcase the latest open source tools to members of the cybersecurity community.
Independent researchers and others use Arsenal to demonstrate their work and discuss the benefits and best practices for using them.
At this year's virtual event, to be held between August 1 to August 6, more than 130 presenters will demonstrate dozens of tools, frameworks, and approaches for securing software, firmware, hardware, and mobile systems against a variety of threats.
The tools have been categorized under 16 different tracks, including app security, code assessment, mobile app security, smart grid and industrial security, malware defense, and the Internet of Things (IoT).
Here is a sampling of the tools and frameworks to be highlighted from eight categories.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024