10 Free Security Tools at Black Hat Asia 2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
April 22, 2021
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltfb86813457ff67cf/64f0d2c1fd64ab76d4f279f6/BlackHatAsiaSlideshow.jpg?width=700&auto=webp&quality=80&disable=upscale)
As in previous years, next month's Black Hat Asia 2021 virtual event will feature a full lineup of free security tools -- some new and some updated versions of existing tools.
Many of these tools are based on open source technologies, include those for conducting penetration tests and vulnerability assessments, data forensics and incident response, malware and network defense, application security, reverse engineering, and Web application security.
Some tools are designed for the security research community. Others are meant to help enterprise security teams address common challenges, such as those related to swift threat detection and mitigation, phishing attacks, and fileless malware.
Black Hat Asia 2021 will be held from Tuesday, May 4, through Friday, May 7. Security researchers and members of the open source community will showcase their offerings via a series of virtual events on Thursday and Friday of that week. Security practitioners, researchers, and testers will have an opportunity to learn more about the tools and how they work during these interactive sessions.
The following is a representative sample of 10 of the 30 tools that researchers will introduce and demonstrate at the event.
User mistakes, like opening malicious attachments or clicking on embedded links in emails, continue to be one of the most common ways organizations are breached. SniperPhish is a toolkit designed to help organizations assess employee awareness of targeted phishing scams. It allows security testers to simulate email spear-phishing campaigns and to host realistic-looking phishing websites. The toolkit, developed in PHP, allows security teams to centrally track their email campaigns and any data that recipients of spear-phishing emails might get tricked into sharing with the simulated phishing websites. Security admins can consolidate data from the email campaigns and phishing websites and view the info through a central dashboard.
Project Enigma is targeted at helping digital forensics and incident response (DFIR) investigators swiftly identify indicators of compromise (IOC) when responding to a cybersecurity incident. The tool combines a security event log analyzer, a portable executable (PE) malware static analyzer, an IOC detector and a hardware Bash Bunny for extracting data for triage purposes, from a compromised system. According to its creators, the integrated tool aims to provide automation where possible in the incident response and forensics process so as to minimize manual labor and associated errors.
Enterprise organizations often have an array of tools for spotting attacks directed at their networks from external sources, but few deploy tools to detect attacks originating from inside their own networks from infected systems. The creators of Slips call it the first free intrusion prevention tool that uses machine-learning techniques to spot a wide range of attacks on and from a protected network or systems within it. Slips is a system with multiple modules, including one for downloading or managing data from external threat intelligence feeds, a so-called long-term short memory neural network for spotting malicious behavior, a port scanning detector, and a module for identifying the location from which an attack might have originated.
Attackers often use process injection (PI) techniques in Windows to bypass security products and achieve a high-level of stealth on a compromised network. It's one of many so-called living-off-the land techniques that adversaries have begun using for things like privilege escalation and defense evasion. FalconEye is a tool that its creators say can help security administrators spot PI in running processes in real time. It uses several different detection techniques, including system call interception, floating code detection, and library baselining to spot malicious PI behavior -- even when it looks very similar to benign behavior -- without generating false positives.
The shift to remote and hybrid work environments that began in early 2020 with the COVID-19 outbreak has left many organizations struggling to defend their networks against threats from insecure devices used by remote workers. Gargamel seeks to make life a little easier for security administrators by giving them a way to gather forensic evidence from remote Windows and Linux systems. Administrators can use the Windows-based tool to download event logs from a remote Windows or Linux machine. It also allows them to grab memory dumps, specified files, registry information, firewall state, active network connections, running processes, and other content from remote Windows and Linux machines.
Infrastructure-as-code technologies from Docker, Kubernetes, AWS CloudFormation, and others have made it possible for organizations to design and manage their hardware and software infrastructure using configuration files. The technology has eliminated the need for system admins to manually configure IT infrastructure for different apps. KICS is an open source tool for performing static code analysis of infrastructure-as-code. Admins can use it to look for configuration errors, compliance issues, and vulnerabilities in infrastructure-as-code from the major vendors using a set of over 1,000 rules presently -- with more to come.
Threat modeling is an application security technique designed to help organizations identify potential threats to enterprise data and assets even before code is written. In other words, mitigations occur during the software development phase. Threagile is an open source tool that allows agile software development teams to perform threat modeling directly from within the integrated development environment (IDE). Threagile uses a set of some 40 built-in risk rules and information about an organization's trust boundaries to identify threats to data assets, technical assets, and communication links that an application might impact. The identified risks, their ratings, and potential mitigation steps are presented in graphical format or as Excel and PDF reports.
Numerous technologies, such as those used for face recognition, fraud detection, virtual assistants, and spam detection, use deep-learning approaches to acquire a level of autonomous intelligence. The growing use of deep learning has resulted in threat actors developing attacks that seek to subtly poison the training data a deep-learning system might use so it misclassifies items and performs in a manner different from what was originally intended. Adversarial Threat Detector (ATD) is a vulnerability scanner for detecting vulnerabilities in the so-called classifiers that deep-learning systems use to categorize data into different classes, such as a transaction being labeled as fraudulent, nonfraudulent, or suspicious. If ATD detects a vulnerability in a classifier, it generates a countermeasure report, fixes the flaw, and rescans the classifier to ensure the vulnerability has been addressed.
Penetration testing remains one of the most reliable ways to identity exploitable weaknesses in software code, applications, and systems. Adding to the plethora of toolsets in the market for conducting such assessments is the CQ Penetration Testing Toolkit, which will be demoed at the Black Hat Asia 2021 virtual event. The toolkit, according to its developers, allows security teams to not just conduct complex penetration tests, but also shows different ways in how to use them and the situations in which they apply. Security testers can use it to learn how to gather intel about a network and systems on it, the common ways attackers might bypass anti-malware and intrusion detection systems, and how they conduct credential harvesting, move laterally, and carry out other malicious activities.
OWFuzz is a Wi-Fi protocol fuzzing tool that, according to its creator, addresses some of the reliability issues and limitations of other fuzzing tools that use USB dongles to test the security of Wi-Fi protocols. The OWFuzz tool is based on the Linux mac80211-compatible OpenWiFi protocol stack and can interface with the application layer like a common USB Wi-Fi dongle. The tool, to be introduced at Black Hat Asia 2021, is apparently the first to use the OpenWiFi platform to implement a Wi-Fi protocol fuzzing test framework that supports monitoring and injection of Wi-Fi frames and interactive testing of Wi-Fi protocols
OWFuzz is a Wi-Fi protocol fuzzing tool that, according to its creator, addresses some of the reliability issues and limitations of other fuzzing tools that use USB dongles to test the security of Wi-Fi protocols. The OWFuzz tool is based on the Linux mac80211-compatible OpenWiFi protocol stack and can interface with the application layer like a common USB Wi-Fi dongle. The tool, to be introduced at Black Hat Asia 2021, is apparently the first to use the OpenWiFi platform to implement a Wi-Fi protocol fuzzing test framework that supports monitoring and injection of Wi-Fi frames and interactive testing of Wi-Fi protocols
As in previous years, next month's Black Hat Asia 2021 virtual event will feature a full lineup of free security tools -- some new and some updated versions of existing tools.
Many of these tools are based on open source technologies, include those for conducting penetration tests and vulnerability assessments, data forensics and incident response, malware and network defense, application security, reverse engineering, and Web application security.
Some tools are designed for the security research community. Others are meant to help enterprise security teams address common challenges, such as those related to swift threat detection and mitigation, phishing attacks, and fileless malware.
Black Hat Asia 2021 will be held from Tuesday, May 4, through Friday, May 7. Security researchers and members of the open source community will showcase their offerings via a series of virtual events on Thursday and Friday of that week. Security practitioners, researchers, and testers will have an opportunity to learn more about the tools and how they work during these interactive sessions.
The following is a representative sample of 10 of the 30 tools that researchers will introduce and demonstrate at the event.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024