Charles Leaver – Black Hat And Defocn 2017 Our Experiences

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver

 

Here are my experiences from Black Hat 2017. There is a slight addition in approaching this year’s synopsis. It is large in part because of the theme of the opening talk provided by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security solutions.

“Working better together” is seemingly an oxymoron when analyzing the mass competitiveness among hundreds of security companies striving for clients throughout Black Hat. Based off Stamos’s messaging during the opening keynote this year, I felt it essential to add some of my experiences from Defcon too. Defcon has historically been an occasion for learning and includes independent hackers and security specialists. Last week’s Black Hat style concentrated on the social aspect of how companies should get along and truly help others and one another, which has constantly been the overlying message of Defcon.

Individuals checked in from around the globe last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people gain knowledge and learn from others. Moss desires guests to remain ‘excellent’ and ‘practical’ throughout the conference. That is in line with what Alex Stamos from Facebook communicated in his keynote about security companies. Stamos asked that all of us share in the obligation of assisting those that can not assist themselves. He likewise raised another relevant point: Are we doing enough in the security industry to truly help individuals instead of simply doing it to make money? Can we achieve the objective of truly helping individuals? As such is the juxtaposition of the 2 events. The primary differences in between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a business network. We likewise have a pretty sweet sock game!

Many attendees flaunted their Ziften support by decorating previous year Ziften sock styles. Looking excellent, feeling great!

The concept of signing up with forces to combat against the corrupt is something most participants from all over the world embrace, and we are not any different. Here at Ziften, we aim to really help our consumers and the community with our solutions. Why provide or depend on an option which is limited to only what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and supplies modular, individualistic security and operational solutions. The whole Ziften team takes the imagination from Defcon, and we motivate ourselves to try and build new, custom-made features and forensic tools in which conventional security businesses would avoid or just remain taken in by daily tasks.

Delivering all the time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our merged systems and security operations (SysSecOps) platform empowers IT and security operations groups to rapidly repair endpoint problems, decrease overall danger posture, speed risk response, and increase operations efficiency. Ziften’s protected architecture provides constant, streaming endpoint tracking and historic data collection for businesses, governments, and managed security service providers. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the spaces in between siloed systems.

Journalists are not enabled to take photos of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon masses and jerks (Defcon mega-bosses using red shirts) were at a standstill for a strong twenty minutes waiting for preliminary access to the four enormous Track conference rooms on opening day.

The Voting Machine Hacking Village got a great deal of attention at the event. It was interesting but nothing brand-new for veteran guests. I expect it takes something notable to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have actually currently been revealed to the proper authorities before the event. Let us understand if you require assistance locking down any of these (looking at you government folks).

More and more personal data is becoming available to the general public. For example, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and specifically persons of power and rank, like judges and executives. This discussion entitled, Dark Data, demonstrated how a simple yet brilliant de-anonymization algorithm and some data made it possible for these 2 white hats to identify people with severe accuracy and reveal extremely personal info about them. This should make you hesitate about exactly what you have installed on your systems and individuals in your office. Most of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what web browser add-ons are running in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite humorous, it was a tad scary at the speed at which one of the most frequently utilized POS systems can be hacked. This particular POS hardware is most typically used when leaving payment in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by strong firmware, why would a business risk leaving the security of client charge card details exclusively in the hands of the hardware vendor? If you look for additional protection on your POS systems, then look no further than Ziften. We protect the most typically used business operating systems. If you want to do the fun thing and install the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t excellent was how exploitable the MacOS is during the setup process of very common applications. Basically every time you install an application on a Mac, it needs the entry of your intensified advantages. But what if something were to a little change code a few seconds prior to you entering your Administrator qualifications? Well, most of the time, most likely something bad. Concerned about your Mac’s running malware smart adequate to detect and alter code on typical susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can help.

We assist you by not changing all your toolset, although we typically find ourselves doing just that. Our aim is to use the recommendations and present tools that work from various vendors, ensure they are running and set up, ensure the perscribed hardening is undoubtedly undamaged, and guarantee your operations and security groups work more effectively together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world interacting
– Black Hat should maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software suppliers

3) Popular current vulnerabilities Ziften can assist avoid and fix

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS privileges
– Targeted specific attacks