Chuck Leaver – Our Experiences From Black Hat And Defcon 2017

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver

 

Here are my experiences from Black Hat 2017. There is a small addition in approaching this year’s synopsis. It is really in part because of the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the significance of re focusing the security community’s efforts in working much better together and diversifying security services.

“Working much better together” is relatively an oxymoron when taking a look at the mass competitiveness amongst hundreds of security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to include some of my experiences from Defcon as well. Defcon has traditionally been an occasion for learning and includes independent hackers and security professionals. Last week’s Black Hat style concentrated on the social aspect of how companies need to get along and truly help others and each other, which has actually constantly been the overlying message of Defcon.

Individuals checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to assist people get understanding and gain from others. Moss wants guests to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the duty of helping those that can not assist themselves. He likewise raised another valid point: Are we doing enough in the security market to truly help individuals as opposed to simply doing it to make money? Can we attain the goal of actually helping people? As such is the juxtaposition of the two occasions. The main distinctions in between Black Hat and Defcon is the more corporate consistency of Black Hat (from supplier hall to the talks) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, provides Systems and Security Operations software – giving IT and security teams visibility and control across all end points, on or off a business network. We also have a pretty sweet sock game!

Numerous attendees displayed their Ziften support by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of joining forces to fight versus the corrupt is something most participants from all over the world welcome, and we are no different. Here at Ziften, we make every effort to really help our clients and the neighborhood with our options. Why provide or count on a service which is limited to only what’s inside package? One that provides a single or handful of specific functions? Our software application is a platform for combination and offers modular, individualistic security and operational solutions. The whole Ziften group takes the imagination from Defcon, and we motivate ourselves to attempt and develop new, customized features and forensic tools in which conventional security companies would shy away from or merely stay consumed by daily tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint concerns, reduce overall risk posture, speed hazard response, and enhance operations efficiency. Ziften’s safe and secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, federal governments, and managed security providers. And remaining with 2017’s Black Hat theme of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not allowed to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon hoards and hooligans (Defcon mega-bosses using red shirts) were at a standstill for a solid twenty minutes awaiting preliminary access to the 4 massive Track conference rooms on opening day.

The Voting Machine Hacking Village gained a lot of attention at the event. It was intriguing however absolutely nothing brand-new for veteran guests. I expect it takes something noteworthy to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and especially this village have currently been divulged to the appropriate authorities before the event. Let us know if you need aid locking down any of these (looking at you federal government folks).

Increasingly more individual data is becoming available to the general public. For example, Google & Twitter APIs are freely and publicly readily available to query user data metrics. This data is making it easier for hackers to social engineer concentrated attacks on individuals and particularly individuals of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize individuals with extreme accuracy and reveal extremely personal info about them. This need to make you hesitate about what you have set up on your systems and individuals in your office. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what web browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite amusing, it was a little bit frightening at the quickness at which one of the most commonly used POS systems could be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client charge card information entirely in the hands of the hardware supplier? If you look for additional security on your POS systems, then don’t look beyond Ziften. We secure the most frequently utilized enterprise operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide pack.

This man’s slides were off the charts excellent. Exactly what wasn’t outstanding was how exploitable the MacOS is throughout the installation process of very common applications. Generally each time you set up an application on a Mac, it requires the entry of your intensified opportunities. However what if something were to slightly change code a moment prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Concerned about your Mac’s running malware wise adequate to identify and alter code on common vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not changing all of your toolset, although we often discover ourselves doing just that. Our objective is to utilize the guidance and present tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly undamaged, and guarantee your operations and security teams work more effectively together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the world interacting
– Black Hat should preserve a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays nice with other software application suppliers

3) Popular current vulnerabilities Ziften can help avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted individual attacks

~leaverchuck1


No Responses Yet to “Chuck Leaver – Our Experiences From Black Hat And Defcon 2017”

Leave a Reply