Charles Leaver – What Happened At Black Hat And Defcon 2017

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver

 

Here are my experiences from Black Hat 2017. There is a slight addition in approaching this year’s summary. It is really in part because of the theme of the opening presentation given by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the value of re-focusing the security neighborhood’s efforts in working much better together and diversifying security solutions.

“Working better together” is relatively an oxymoron when analyzing the mass competitiveness amongst numerous security businesses fighting for customers throughout Black Hat. Based off Stamos’s messaging throughout the opening presentation this year, I felt it important to add a few of my experiences from Defcon too. Defcon has traditionally been an event for finding out and includes independent hackers and security specialists. Last week’s Black Hat theme concentrated on the social element of how companies ought to get along and genuinely assist others and one another, which has actually always been the overlying message of Defcon.

Individuals arrived from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you seek to assist individuals get knowledge and learn from others. Moss wants guests to remain ‘great’ and ‘helpful’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his keynote about security companies. Stamos asked that all of us share in the duty of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to really assist individuals instead of simply doing it to make a profit? Can we accomplish the goal of truly helping people? As such is the juxtaposition of the 2 occasions. The main differences in between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The company I work for, Ziften, supplies Systems and Security Operations software – giving IT and security groups visibility and control across all endpoints, on or off a corporate network. We likewise have a pretty sweet sock video game!

Lots of attendees showed off their Ziften assistance by adorning previous year Ziften sock styles. Looking great, feeling excellent!

The concept of joining forces to fight against the corrupt is something most attendees from around the world welcome, and we are not any different. Here at Ziften, we aim to really assist our consumers and the community with our solutions. Why offer or count on a solution which is limited to just exactly what’s inside package? One that offers a single or handful of particular functions? Our software application is a platform for integration and supplies modular, individualistic security and functional options. The entire Ziften group takes the imagination from Defcon, and we motivate ourselves to try and build new, custom features and forensic tools where traditional security businesses would shy away from or simply stay consumed by day-to-day jobs.

Delivering all the time visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint problems, minimize total danger posture, speed hazard response, and increase operations productivity. Ziften’s protected architecture delivers continuous, streaming endpoint tracking and historic data collection for enterprises, federal governments, and managed security companies. And sticking with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the worth of incumbent tools and fill the spaces in between siloed systems.

The press is not allowed to take images of the Defcon crowd, but I am not the press and this was prior to going into a badge required area:P The Defcon masses and hooligans (Defcon mega-bosses wearing red shirts) were at a dead stop for a strong twenty minutes awaiting initial access to the four huge Track meeting rooms on opening day.

The Voting Machine Hacking Village got a great deal of attention at the event. It was intriguing but nothing brand-new for veteran participants. I suppose it takes something noteworthy to amass attention around specific vulnerabilities.? All vulnerabilities for most of the talks and specifically this town have already been divulged to the correct authorities prior to the occasion. Let us know if you require help locking down any of these (looking at you government folks).

More and more personal data is appearing to the public. For example, Google & Twitter APIs are easily and openly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on individuals and particularly persons of power and rank, like judges and executives. This discussion titled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data made it possible for these 2 white hats to identify people with extreme precision and discover extremely personal details about them. This must make you think twice about what you have actually set up on your systems and individuals in your work environment. The majority of the above raw metadata was collected through a popular browser add-on. The fine tuning occurred with the algothrim and public APIs. Do you know what internet browser add-ons are running in your environment? If the response is no, then Ziften can assist.

This discussion was clearly about exploiting Point-of-Sale systems. Although rather humorous, it was a little frightening at the speed at which one of the most commonly used POS systems can be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base operating system is Linux and although on an ARM architecture and protected by tough firmware, why would a business risk leaving the security of client charge card details solely in the hands of the hardware vendor? If you look for additional defense on your POS systems, then don’t look beyond Ziften. We secure the most frequently used enterprise operating systems. If you want to do the fun thing and set up the computer game Doom on one, I can send you the slide deck.

This man’s slides were off the charts exceptional. What wasn’t excellent was how exploitable the MacOS is during the installation process of typical applications. Generally each time you set up an application on a Mac, it needs the entry of your escalated privileges. But what if something were to somewhat modify code a moment prior to you entering your Administrator credentials? Well, most of the time, most likely something bad. Worried about your Mac’s running malware clever enough to detect and alter code on typical susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can help.

We help you by not replacing all of your toolset, although we typically discover ourselves doing simply that. Our objective is to use the guidance and existing tools that work from numerous suppliers, guarantee they are running and installed, ensure the perscribed hardening is undoubtedly undamaged, and ensure your operations and security teams work more efficiently together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world interacting
– Black Hat ought to keep a friendly community spirit

2) Stronger together with Ziften

– Ziften plays great with other software application vendors

3) Popular current vulnerabilities Ziften can assist prevent and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS privileges
– Targeted private attacks

Leave a Reply

Your email address will not be published. Required fields are marked *