Black Hat Europe kicks off in London next week, and it promises to deliver a melting pot of cybersecurity experts from around the world. If you want to get an early look at the tools, techniques, and training regimens that will shape this next generation of cybersecurity, the The Excel in London is the place to be.
Notably, make time to check out the Briefing No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank . Modern smartphones are often gold mines of private information (including banking data, emails, and passwords), and now it’s quite common for owners to plug their smartphones into public charging stations to get a bit of juice on the go. Despite preventive measures implemented by Android's developers to prevent data transfer via USB cable (i.e. “charging only" mode), researchers have been able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone. They will show you how they do it during this special Black Hat Europe Briefing.
Of course, such tricks aren’t much use against trained professionals, and in a 50-minute Briefing on Evolving Security Experts Among Teenagers you’ll learn about Rezillon’s plan to foster a new generation of cybersecurity experts. Such efforts are critical if we want to avoid a significant labor shortage in the future, and this Briefing will show you how to build a framework of programs and groups, with the support of government, industry, and community for the sole purpose of creating a new generation of experts inventing the next big thing.
Delitor’s OSINT Techniques And Methodology 2-Day Training promises to demonstrate multiple free online resources that break through traditional search roadblocks. Participants will not only learn how to "dig" into the Internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises.
If you favor a more automated approach, consider checking out The Security Automation Lab, where you’ll learn how to automate the discovery and protection of security weaknesses while automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced. Presented by Threat Intelligence, this 2-Day Training will help you create your own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches.
If you’re looking to beef up your mobile arsenal, stop by the Black Hat Europe Arsenal to catch a demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing. Mafia is designed to automate a tricky process by performing end-to-end security testing for a given mobile app, creating a self-serve tool for developers and security engineers. Mobile applications are critical when it comes to vulnerabilities in a production environment, and Mafia is meant to take some of the hassle out of finding and fixing those vulnerabilities.
Uitkyk: Identifying Malware via Runtime Memory Analysis is another Arsenal demo worth taking, as it purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior. Instead, it makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications. Don’t miss it!
Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.