Black Hat USA is happening in Las Vegas this August, and all attendees are invited to check out the Arsenal to network with others in the cybersecurity community and catch live demonstrations of the latest open-source security tools.
To get the most out of the Arsenal check out Black Hat Day Zero, to get the inside scoop on what to see and do for both first time attendees and returning Black Hat veterans. There, you’ll have a chance to hear about how Arsenal tools are selected, how they benefit from attendee feedback, and what you should be spending your time seeing.
This year, at the all-new Arsenal Lab you can enjoy live demos and expert guidance from top hardware hackers while you build, test, and hack all sorts of gadgets and devices, including:
CQForensic: The Efficient Forensic Toolkit shows how to perform detailed computer forensic examinations. The Toolkit guides you through the information-gathering process, providing data for analysis and extracting the evidence!
Ghost in the Browser: Backdooring with Shadow Workers will help you implant a pseudo-backdoor in a browser and ghost through a victim's browser session to sniff, manipulate, and even proxy data silently. See a demo of the various persistence mechanisms this tool provides to keep service workers alive, and check out a compendium tool that provides various mitigation mechanisms against such attacks!
Alexa HackerMode 2.0: Voice Auto Pwn Using Kali Linux and Alexa Skill Combo is an Alexa-driven auto-sploit tool designed for the cloud. Not only will it help with syntax and encodings, but it will go full hacker mode and exploit systems automatically for you. For example, if you say, “Alexa, ask HackerMode to hack IP address 192.168.1.135" the tool will instruct Alexa to begin and manage the process of port scanning, fingerprinting, exploit selection, and smart brute forcing exploits through Metasploit 4 or 5. Alexa will also entertain you with mood music or various other activities while it roots and dumps users and passwords from your target. If the exploit is taking a while you can check in on the progress by asking "How's the hack going?"
Break out the Box (BOtB): Container Analysis, Exploitation and CICD Tool is the first tool aimed at hackers and developers to automate container exploitation. Not only does BOtB provide the user with a detailed analysis of identified vulnerabilities of the container, BOtB provides an autopwn feature which allows for the user to “automagically” exploit the vulnerabilities identified and break out onto the host.
Social Attacker: Automated Phishing on Social Media Platforms is the first open source, multi-site, automated social media phishing framework. It allows you to automate the phishing of social media users on a mass scale by handling the connecting to and messaging of targets.
For more information about these offerings and many more check out the Black Hat USA Arsenal page, which is regularly updated with new content as we get closer to the event. Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, check out the Black Hat website.