Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/13/2015
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Europe 2015: The Best Response

Forensics and incident response: two disciplines in ever-higher demand in today's world of subtle intrusions and stealthy attacks. This trio of Black Hat Europe 2015 Briefings highlights grapple with different aspects of the art of intelligent counter-intelligence.

The Domain Name System that makes the web so human-friendly is highly dynamic and continually changing -- a single domain can return 100 resource records at once. Come to New (and Newly-Changed) Fully Qualified Domain Names: A View of Worldwide Changes to the Internet's DNS to learn about a ground-breaking approach that tames this information fire hose: the creation of two winnowed, real-time data streams, one consisting of newly-observed fully-qualified domain names, and another of DNS changes. These new streams make it easy to identify numerous security-relevant DNS changes and will allow for more timely and effective approaches to combating malicious Internet behavior.

Despite its importance, Microsoft's Application Compatibility Toolkit is not well known to security researchers. It should be, because its rootkit-like behavior can be leveraged to achieve persistence and privilege escalation via Shim Database Files ("shims"). Defending Against Malicious Application Compatibility Shims will demonstrate very advanced techniques such as in-memory patching, malware obfuscation, evasion, and system integrity subversion using malicious shims. Expect extensive information on countermeasures and detection, including the release of a number of specialized tools.

Finally, Linux's increasing ubiquity, particularly in embedded applications, unfortunately makes it more attractive to malware authors. As such, researchers need better tools to analyze rogue programs. That's where Limon comes in. Come to Automating Linux Malware Analysis Using Limon Sandbox for an introduction to Limon, a Python-based, open-source sandbox which automatically collects, analyzes, and reports on the run time indicators of Linux malware. Coming up, some thoroughly dissected Linux malware. Let's hope it squirms.

Black Hat Europe 2015 takes place November 10-13 in Amsterdam. Now's a great time to register!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-21547
PUBLISHED: 2021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
CVE-2020-21548
PUBLISHED: 2021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
CVE-2021-39218
PUBLISHED: 2021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...
CVE-2021-41387
PUBLISHED: 2021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2021-41390
PUBLISHED: 2021-09-17
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.