8 Security Tools to be Unveiled at Black Hat USA
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
July 28, 2021
seksanpk via Adobe Stock
Black Hat USA is almost upon us, and whether attendees make it in person or virtually, the show promises to offer something for everyone in the security world. Not only will the briefings drop a lot of knowledge and plenty of new vulnerabilities, but the Arsenal line-up is studded with the equivalent of security party favors for everyone to bring back to work. Namely, a stable of new tools that penetration testers, defenders, and security researchers can leverage to improve the way they work. Here are some of the highlights.
Developed by the red team at Standard Industries, Scrapesy is a new tool used to help security teams identify credential leaks and account compromises across their systems. The tool gathers, ingests, and parses credential dumps from numerous sources, including the public Internet and Dark Web. That provides a validation check for security teams who can use the tool to check up against lists of domains and email addresses they're responsible for keeping safe.
Red teamers and penetration testers who can get relatively close physical proximity to a compromised host can use Blue Pigeon as a way to facilitate communication with a command and control (C2) server. This tool uses Bluetooth File Sharing as a communication protocol, offering a quiet alternative for data exfiltration when traditional channels are either not available or are too traceable for the action a pen tester wants to take.
A penetration test designed to work in sensitive operational technology (OT) networks, Mushikago employs the same kind of AI used by video games for non-player character (NPC) action to automate the kind of potential post-exploit attacks an adversary would use within a given environment. The tool visualizes and reports the results based on the MITRE ATT&CK framework.
Modern applications today are increasingly modular affairs, made up of a mix-and-matched variety components and code pieces from a range of different sources. PackageDNA is meant to help developers and security teams sift through repositories of external code repurposed within an application portfolio so they can look for vulnerabilities or manipulations within the software supply chain. It analyzes code packages for flaws, suspicious files, spoofing, and more.
Active Directory is increasingly becoming one of the main battlefields for enterprise cybersecurity, as attackers use it to escalate privileges, move laterally across many different systems, and establish persistence across an organization. PurpleSharp, an adversary simulation tool for Windows environments, got a new boost in its second version with the addition of simulation playbooks against Active Directory infrastructure. This new functionality will be highlighted at the show.
Some of the worst data exposures in the last few years have come by way of credentials and secrets that are stored insecurely in cloud-based development environments. Git Wild Hunt is an evolving tool designed for penetration testers and security pros to scour their Github repositories for dozens of credentials that could put their infrastructure at risk. This includes over thirty flavors of different authentication tokens, API keys, and stored secrets.
While most of the tools at Black Hat Arsenal tend to focus on novel new penetration testing, reversing, or incident response tools, there are usually a few gems for more general risk management activities. This year is no different, and Exhibit A in that claim is SimpleRisk. It's a free open-source alternative to expensive governance, risk, and compliance (GRC) platforms. SimpleRisk gives security and risk pros the ability to manage control frameworks, policies, and exceptions, facilitate audits, and perform risk prioritization and mitigation activities, as well as delivering dynamic reporting.
Cloud Sniper analyzes and correlates cloud artifacts to help security operations teams get clearer visibility into their cloud security posture. Designed to facilitate incident response across cloud infrastructure, the platform not only correlates indicators of compromise but also executes automatic actions to remediate incidents. Currently only available for AWS, the plan is to extend it to other platforms as well.
Cloud Sniper analyzes and correlates cloud artifacts to help security operations teams get clearer visibility into their cloud security posture. Designed to facilitate incident response across cloud infrastructure, the platform not only correlates indicators of compromise but also executes automatic actions to remediate incidents. Currently only available for AWS, the plan is to extend it to other platforms as well.
Black Hat USA is almost upon us, and whether attendees make it in person or virtually, the show promises to offer something for everyone in the security world. Not only will the briefings drop a lot of knowledge and plenty of new vulnerabilities, but the Arsenal line-up is studded with the equivalent of security party favors for everyone to bring back to work. Namely, a stable of new tools that penetration testers, defenders, and security researchers can leverage to improve the way they work. Here are some of the highlights.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024