Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
5/30/2017
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2017:
Predominance of Internet of Things

Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Predominance of Internet of Things (IoT) related breaches has heightened concern over the security of network connected devices. Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Awareness of points of compromise is critical to defensive threat recon and planning. Analyzing an IoT Empire will teach you to test and defend modern IoT systems through a dual “build and penetrate” style training. Adopt an adversarial mindset and exploit contemporary consumer and industrial tools including automotive (IVI and CAN Bus controls), resource management systems (water and energy consumption abatement), health analysis implements (temperature, blood pressure, heart rate) and more. This extensive, exploratory Training delves into embedded controls, teaches less adopted ZeroMQ protocols and provides students with a complimentary Kali toolset for future use.

Compound your IoT threat intelligence with comprehension of exploits of ARM technologies, found in many modern smart electronics. Veteran Black Hat Trainer, Saumil Shah provides a complete foundation in Arm Iot Exploit Laboratory: Intro.  Familiarizing students with the basic ARM architecture and assembly language and advances techniques for debugging, exploiting and writing shellcode. Build upon this skillset or enhance your existing ARM knowledge with Arm Iot Exploit Laboratory: Advanced. The Intro and Advanced courses are taught back to back on differing days, allowing students to take the complete stack for thorough comprehension of ARM exploits and mitigations. Practical lab exercises encompassing hardware and virtual machine targets offers end-end skill development in compact timing.

When IoT Attacks: Understanding The Safety Risks Associated With Connected Devices elaborates existing IoT attack vectors and examine further risks including the potential for repurposing devices for physical attack. We have seen recent DDoS hacks, including the new Leet IoT Botnet, BrickerBot and Mirai IoT variants. Internet connected refrigerators and baby monitors have also been possessed and reprised. Presenters in this Briefing move beyond these existing attacks to answer the budding physical security question and explain the prospect of IoT hacks posing physical threats.

Discovering probable attack modes and vulnerabilities is critical. Honeypots are commonly used to spotlight anomalies and preempt attacks. Iotcandyjar: Towards An Intelligent-interaction Honeypot For Iot Devices presents the opportunity for enhancing honeypots utilizing machine learning technology for IoT device security. Researchers explain how they produced a high-interaction honeypot capable of the full coverage of low-interaction honeypots and dependability and replicability of high-interaction honeypots using machine learning. Through this adaption, detection and device signatures can be seamless and secure.

Security testing and threat identification are uniquely impacted by the IoT infrastructure. PtIoT: An Automated Security Testing Framework For the Internet of Things presents the complexities of identifying attack patterns and a new technology that has shown success testing 360 products as a basis for analyzing other IoT device systems. PtIoT combined with apprehension of breach trajectories can assess external ports, ROMS and more.

Vehicle cyber security testing has also been impacted by the influx of IoT. VT Auto-X Vehicle Automated Security Testing Tool dawns the Arsenal Theatre to discuss complications of automotive security testing and preeminent tools plus show new vulnerability detection tool Auto-X. With Auto-X provides stability and operates under heavy-traffic testing scenarios found to be missing from other tools by Auto-X designers. Universal Radio Hacker: Investigate Wireless Protocols Like a Boss also displays at Arsenal, supporting navigation of complex Software Defined Radios (SDR) protocol logic. Employ Universal Radio Hacker (URH) for more seamless demodulation, reverse engineering and fuzzing with cross platform integration in a self-contained and expandable application.

Navigate the IoT threat surface and more at Black Hat USA 2017. Briefings, Trainings and Arsenal tools provide extensive opportunities for skill development and threat awareness. Register today to join leading InfoSec Professionals and Researchers at Mandalay Bay in Las Vegas, July 22-27, 2017.

 

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.