Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 2-5, 2019
London UK
5/30/2017
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2017:
Predominance of Internet of Things

Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Predominance of Internet of Things (IoT) related breaches has heightened concern over the security of network connected devices. Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Awareness of points of compromise is critical to defensive threat recon and planning. Analyzing an IoT Empire will teach you to test and defend modern IoT systems through a dual “build and penetrate” style training. Adopt an adversarial mindset and exploit contemporary consumer and industrial tools including automotive (IVI and CAN Bus controls), resource management systems (water and energy consumption abatement), health analysis implements (temperature, blood pressure, heart rate) and more. This extensive, exploratory Training delves into embedded controls, teaches less adopted ZeroMQ protocols and provides students with a complimentary Kali toolset for future use.

Compound your IoT threat intelligence with comprehension of exploits of ARM technologies, found in many modern smart electronics. Veteran Black Hat Trainer, Saumil Shah provides a complete foundation in Arm Iot Exploit Laboratory: Intro.  Familiarizing students with the basic ARM architecture and assembly language and advances techniques for debugging, exploiting and writing shellcode. Build upon this skillset or enhance your existing ARM knowledge with Arm Iot Exploit Laboratory: Advanced. The Intro and Advanced courses are taught back to back on differing days, allowing students to take the complete stack for thorough comprehension of ARM exploits and mitigations. Practical lab exercises encompassing hardware and virtual machine targets offers end-end skill development in compact timing.

When IoT Attacks: Understanding The Safety Risks Associated With Connected Devices elaborates existing IoT attack vectors and examine further risks including the potential for repurposing devices for physical attack. We have seen recent DDoS hacks, including the new Leet IoT Botnet, BrickerBot and Mirai IoT variants. Internet connected refrigerators and baby monitors have also been possessed and reprised. Presenters in this Briefing move beyond these existing attacks to answer the budding physical security question and explain the prospect of IoT hacks posing physical threats.

Discovering probable attack modes and vulnerabilities is critical. Honeypots are commonly used to spotlight anomalies and preempt attacks. Iotcandyjar: Towards An Intelligent-interaction Honeypot For Iot Devices presents the opportunity for enhancing honeypots utilizing machine learning technology for IoT device security. Researchers explain how they produced a high-interaction honeypot capable of the full coverage of low-interaction honeypots and dependability and replicability of high-interaction honeypots using machine learning. Through this adaption, detection and device signatures can be seamless and secure.

Security testing and threat identification are uniquely impacted by the IoT infrastructure. PtIoT: An Automated Security Testing Framework For the Internet of Things presents the complexities of identifying attack patterns and a new technology that has shown success testing 360 products as a basis for analyzing other IoT device systems. PtIoT combined with apprehension of breach trajectories can assess external ports, ROMS and more.

Vehicle cyber security testing has also been impacted by the influx of IoT. VT Auto-X Vehicle Automated Security Testing Tool dawns the Arsenal Theatre to discuss complications of automotive security testing and preeminent tools plus show new vulnerability detection tool Auto-X. With Auto-X provides stability and operates under heavy-traffic testing scenarios found to be missing from other tools by Auto-X designers. Universal Radio Hacker: Investigate Wireless Protocols Like a Boss also displays at Arsenal, supporting navigation of complex Software Defined Radios (SDR) protocol logic. Employ Universal Radio Hacker (URH) for more seamless demodulation, reverse engineering and fuzzing with cross platform integration in a self-contained and expandable application.

Navigate the IoT threat surface and more at Black Hat USA 2017. Briefings, Trainings and Arsenal tools provide extensive opportunities for skill development and threat awareness. Register today to join leading InfoSec Professionals and Researchers at Mandalay Bay in Las Vegas, July 22-27, 2017.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9678
PUBLISHED: 2019-09-18
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for v...
CVE-2019-9679
PUBLISHED: 2019-09-18
Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time i...
CVE-2019-9680
PUBLISHED: 2019-09-18
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-...
CVE-2019-9677
PUBLISHED: 2019-09-18
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X fo...
CVE-2019-14458
PUBLISHED: 2019-09-18
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.