The 21st International Conference of Black Hat USA 2018, has just concluded. It took place from August 4, 2018 – August 9, 2018 in Las Vegas, Nevada. It is one of the most anticipated conferences of the year for security practitioners, executives, business developers and anyone who is a cybersecurity fanatic and wants to expand their horizon into the world of security.
Black Hat USA 2018 opened with four days of technical training followed by the two-day main conference featuring Briefings, Arsenal, Business Hall, and more.
The conference covered exclusive training modules that provided a hands-on offensive and defensive skill set building opportunity for security professionals. The Briefings covered the nitty-gritties of all the latest trends in information security. The Business Hall included a network of more than 17,000 InfoSec professionals who evaluated a range of security products offered by Black Hat sponsors.
Best cybersecurity Trainings in the conference:
For more than 20 years, Black Hat has been providing its attendees with trainings that stand the test of time and prove to be an asset in penetration testing. The training modules designed exclusively for Black Hat attendees are taken by industry and subject matter experts from all over the world with the goal of shaping the information security landscape.
Here’s a look at a few from this year’s conference.
#1 Applied Hardware attacks: Embedded and IOT systems
- Introduced students to the common interfaces on embedded MIPS and ARM systems
- Taught them how to exploit physical access to grant themselves software privilege.
- Focussed on UART, JTAG, and SPI interfaces.
- Students were given a brief architectural overview.
- 70% hands-on labs- identifying, observing, interacting, and eventually exploiting each interface.
- Basic analysis and manipulation of firmware images were also covered.
This two-day course was geared toward pen testers, red teamers, exploit developers, and product developers who wished to learn how to take advantage of physical access to systems to assist and enable other attacks. This course also aimed to show security researchers and enthusiasts- who are unwilling to ‘just trust the hardware’- to gain deeper insight into how hardware works and can be undermined.
#2 Information Operations: Influence, exploit, and counter
This fast-moving class included hands-on exercises to apply and reinforce the skills learned during the course of the training. It also included a best IO campaign contest which was conducted live during the class. Trainers David Raymond and Gregory Conti covered information operations theory and practice in depth.
Some of the main topics covered were IO Strategies and Tactics, Countering Information Operations and Operations Security and Counter Intelligence. Users learned about Online Personas and explored the use of bots and AI to scale attacks and defenses. Other topics included understanding performance and assessment metrics, how to respond to an IO incident, exploring the concepts of Deception and counter-deception, and Cyber-enabled IO.
#3 Practical Vulnerability discovery with fuzzing:
Abdul Aziz Hariri and Brian Gorenc trained students on techniques to quickly identify common patterns in specifications that produce vulnerable conditions in the network. The course covered the following-
- Learning the process to build a successful fuzzer, and highlight public fuzzing frameworks that produce quality results.
- “Real world” case studies that demonstrated the fundamentals being introduced.
- Leverage existing fuzzing frameworks, develop their own test harnesses, integrate publicly available data generation engines and automate the analysis of crashing test cases.
This class was aimed at individuals wanting to learn the fundamentals of the fuzzing process, develop advanced fuzzing frameworks, and/or improve their bug finding capabilities.
#4 Active Directory Attacks for Red and Blue teams:
Nikhil Mittal’s main aim to conduct the training was to change how you test an Active Directory Environment. To secure Active Directory, it is important to understand different techniques and attacks used by adversaries against it. The AD environments lack the ability to tackle latest threats.
Hence, this training was aimed towards attacking modern AD Environment using built-in tools like PowerShell and other trusted OS resources. The training was based on real-world penetration tests and Red Team engagements for highly secured environments. Some of the techniques used in the course were-
- Extensive AD Enumeration
- Active Directory trust mapping and abuse.
- Privilege Escalation (User Hunting, Delegation issues and more)
- Kerberos Attacks and Defense (Golden, Silver ticket, Kerberoast and more)
- Abusing cross-forest trust (Lateral movement across forest, PrivEsc and more)
- Attacking Azure integration and components
- Abusing SQL Server trust in AD (Command Execution, trust abuse, lateral movement)
- Credentials Replay Attacks (Over-PTH, Token Replay etc.)
- Persistence (WMI, GPO, ACLs and more)
- Defenses (JEA, PAW, LAPS, Deception, App Whitelisting, Advanced Threat Analytics etc.)
- Bypassing defenses
Attendees also acquired a free one month access to an Active Directory environment. This comprised of multiple domains and forests, during and after the training.
#5 Hands-on Power Analysis and Glitching with ChipWhisperer
This course was suited for anyone dealing with embedded systems who needed to understand the threats that can be used to break even a “perfectly secure” system. Side-Channel Power Analysis can be used to read out an AES-128 key in less than 60 seconds from a standard implementation on a small microcontroller.
Colin O’Flynn helped the students understand whether their systems were vulnerable to such an attack or not. The course was loaded with hands-on examples to teach them about attacks and theories. The course included a ChipWhisperer-Lite, that students could walk away with the hardware provided during the lab sessions.
During the two-day course, topics covered included :
- Theory behind side-channel power analysis,
- Measuring power in existing systems,
- Setting up the ChipWhisperer hardware & software,
- Several demonstrated attacks,
- Understanding and demonstration glitch attacks, and
- Analyzing your own hardware
#6 Threat Hunting with attacker TTPs
A proper Threat Hunting program focused on maximizing the effectiveness of scarce network defense resources to protect against a potentially limitless threat was the main aim of this class.
Threat Hunting takes a different perspective on performing network defense, relying on skilled operators to investigate and find the presence of malicious activity.
This training used standard network defense and incident response (which target flagging known malware). It focussed on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). Trainers Jared Atkinson, Robby Winchester and Roberto Rodriquez taught students on how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity.
In addition, they used free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. They used these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors.
The class was intended for defenders wanting to learn how to effectively hunt threats in enterprise networks.
#7 Hands-on Hardware Hacking Training:
- Product teardown
- Component identification
- Circuit board reverse engineering
- Soldering and desoldering
- Signal monitoring and analysis, and
- memory extraction, using a variety of tools including a logic analyzer, multimeter, and device programmer.
It concluded with a final challenge where users identify, reverse engineer, and defeat the security mechanism of a custom embedded system.
Users interested in hardware hacking, including security researchers, digital forensic investigators, design engineers, and executive management benefitted from this class.
And that’s not all! Some other trainings include– Software defined radio, a guide to threat hunting utilizing the elk stack and machine learning, AWS and Azure exploitation: making the cloud rain shells and much more.
This is just a brief overview of the BlackHat USA 2018 conference, where we have handpicked a select few trainings. You can see the full schedule along with the list of selected research papers at the BlackHat Website.
And if you missed out this one, fret not. There is another conference happening soon from 3rd December to 6th December 2018. Check out the official website for details.