Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
7/12/2019
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA Arsenal Serves Up A Smorgasbord of Cybersecurity Tools

Visit the Arsenal this August to go hands-on with hackable gadgets and catch live demos of open-source security tools from some of the best in the business.

Black Hat USA is happening in Las Vegas this August, and all attendees are invited to check out the Arsenal to network with others in the cybersecurity community and catch live demonstrations of the latest open-source security tools.

To get the most out of the Arsenal check out Black Hat Day Zero, to get the inside scoop on what to see and do for both first time attendees and returning Black Hat veterans. There, you’ll have a chance to hear about how Arsenal tools are selected, how they benefit from attendee feedback, and what you should be spending your time seeing.

This year, at the all-new Arsenal Lab you can enjoy live demos and expert guidance from top hardware hackers while you build, test, and hack all sorts of gadgets and devices, including:

CQForensic: The Efficient Forensic Toolkit shows how to perform detailed computer forensic examinations. The Toolkit guides you through the information-gathering process, providing data for analysis and extracting the evidence!

Ghost in the Browser: Backdooring with Shadow Workers will help you implant a pseudo-backdoor in a browser and ghost through a victim's browser session to sniff, manipulate, and even proxy data silently. See a demo of the various persistence mechanisms this tool provides to keep service workers alive, and check out a compendium tool that provides various mitigation mechanisms against such attacks!

Alexa HackerMode 2.0: Voice Auto Pwn Using Kali Linux and Alexa Skill Combo is an Alexa-driven auto-sploit tool designed for the cloud. Not only will it help with syntax and encodings, but it will go full hacker mode and exploit systems automatically for you. For example, if you say, “Alexa, ask HackerMode to hack IP address 192.168.1.135" the tool will instruct Alexa to begin and manage the process of port scanning, fingerprinting, exploit selection, and smart brute forcing exploits through Metasploit 4 or 5.  Alexa will also entertain you with mood music or various other activities while it roots and dumps users and passwords from your target. If the exploit is taking a while you can check in on the progress by asking "How's the hack going?"

Break out the Box (BOtB): Container Analysis, Exploitation and CICD Tool is the first tool aimed at hackers and developers to automate container exploitation. Not only does BOtB provide the user with a detailed analysis of identified vulnerabilities of the container, BOtB provides an autopwn feature which allows for the user to “automagically” exploit the vulnerabilities identified and break out onto the host.

Social Attacker: Automated Phishing on Social Media Platforms is the first open source, multi-site, automated social media phishing framework. It allows you to automate the phishing of social media users on a mass scale by handling the connecting to and messaging of targets.

For more information about these offerings and many more check out the Black Hat USA Arsenal page, which is regularly updated with new content as we get closer to the event. Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36394
PUBLISHED: 2021-06-22
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
CVE-2021-32699
PUBLISHED: 2021-06-22
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intende...
CVE-2021-32700
PUBLISHED: 2021-06-22
Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. Th...
CVE-2021-32701
PUBLISHED: 2021-06-22
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid an...
CVE-2021-22382
PUBLISHED: 2021-06-22
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. A...