Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 2-5, 2019
London UK
5/30/2017
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2017:
Predominance of Internet of Things

Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Predominance of Internet of Things (IoT) related breaches has heightened concern over the security of network connected devices. Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Awareness of points of compromise is critical to defensive threat recon and planning. Analyzing an IoT Empire will teach you to test and defend modern IoT systems through a dual “build and penetrate” style training. Adopt an adversarial mindset and exploit contemporary consumer and industrial tools including automotive (IVI and CAN Bus controls), resource management systems (water and energy consumption abatement), health analysis implements (temperature, blood pressure, heart rate) and more. This extensive, exploratory Training delves into embedded controls, teaches less adopted ZeroMQ protocols and provides students with a complimentary Kali toolset for future use.

Compound your IoT threat intelligence with comprehension of exploits of ARM technologies, found in many modern smart electronics. Veteran Black Hat Trainer, Saumil Shah provides a complete foundation in Arm Iot Exploit Laboratory: Intro.  Familiarizing students with the basic ARM architecture and assembly language and advances techniques for debugging, exploiting and writing shellcode. Build upon this skillset or enhance your existing ARM knowledge with Arm Iot Exploit Laboratory: Advanced. The Intro and Advanced courses are taught back to back on differing days, allowing students to take the complete stack for thorough comprehension of ARM exploits and mitigations. Practical lab exercises encompassing hardware and virtual machine targets offers end-end skill development in compact timing.

When IoT Attacks: Understanding The Safety Risks Associated With Connected Devices elaborates existing IoT attack vectors and examine further risks including the potential for repurposing devices for physical attack. We have seen recent DDoS hacks, including the new Leet IoT Botnet, BrickerBot and Mirai IoT variants. Internet connected refrigerators and baby monitors have also been possessed and reprised. Presenters in this Briefing move beyond these existing attacks to answer the budding physical security question and explain the prospect of IoT hacks posing physical threats.

Discovering probable attack modes and vulnerabilities is critical. Honeypots are commonly used to spotlight anomalies and preempt attacks. Iotcandyjar: Towards An Intelligent-interaction Honeypot For Iot Devices presents the opportunity for enhancing honeypots utilizing machine learning technology for IoT device security. Researchers explain how they produced a high-interaction honeypot capable of the full coverage of low-interaction honeypots and dependability and replicability of high-interaction honeypots using machine learning. Through this adaption, detection and device signatures can be seamless and secure.

Security testing and threat identification are uniquely impacted by the IoT infrastructure. PtIoT: An Automated Security Testing Framework For the Internet of Things presents the complexities of identifying attack patterns and a new technology that has shown success testing 360 products as a basis for analyzing other IoT device systems. PtIoT combined with apprehension of breach trajectories can assess external ports, ROMS and more.

Vehicle cyber security testing has also been impacted by the influx of IoT. VT Auto-X Vehicle Automated Security Testing Tool dawns the Arsenal Theatre to discuss complications of automotive security testing and preeminent tools plus show new vulnerability detection tool Auto-X. With Auto-X provides stability and operates under heavy-traffic testing scenarios found to be missing from other tools by Auto-X designers. Universal Radio Hacker: Investigate Wireless Protocols Like a Boss also displays at Arsenal, supporting navigation of complex Software Defined Radios (SDR) protocol logic. Employ Universal Radio Hacker (URH) for more seamless demodulation, reverse engineering and fuzzing with cross platform integration in a self-contained and expandable application.

Navigate the IoT threat surface and more at Black Hat USA 2017. Briefings, Trainings and Arsenal tools provide extensive opportunities for skill development and threat awareness. Register today to join leading InfoSec Professionals and Researchers at Mandalay Bay in Las Vegas, July 22-27, 2017.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...