The popular Black Hat USA 2019 conference was held from August 3 – August 8 at Las Vegas. The conference included technical training sessions conducted by international industry and subject matter experts to provide hands-on offensive and defensive skill-building opportunities. It also included briefings from security experts who shared their latest findings, open-source tools, zero-day exploits, and more.
Tech giants including Apple, IBM, Microsoft made some interesting announcements such as Apple and Microsoft expanding their bug-bounty programs, with IBM launching a new ‘warshipping’ hack, and much more.
Black Hat USA 2019 also launched many interesting open-source tools and products like Scapy, a Python-based Interactive packet manipulation Program, CyBot, an open-Source threat intelligence chatbot, any many other products.
Apple, IBM, and Microsoft announcements at Black Hat USA 2019
Apple expands its bug bounty program; announces new iOS ‘security research device program’
Ivan Krstić, Apple’s head of security engineering, announced that Apple is expanding its bug bounty program by making it available for all security researchers in general. Previously, the bug bounty program was open only for those on the company’s invite-only list and the reward prize was $200,000. Following this announcement, a reward up to $1 million will be awarded to those who find vulnerabilities in Apple’s iPhones and Macs.
Krstić also said that next year, Apple will be providing special iPhones to security researchers to help them find security flaws in iOS.
To know more about this news in detail, head over to our complete coverage.
IBM’s X-Force Red team announces new ‘warshipping’ hack to infiltrate corporate networks
IBM’s offensive security team, X-Force Red announced a new attack technique nicknamed “warshipping”. According to Forbes, “When you cruise a neighborhood scouting for Wi-Fi networks, warshipping allows a hacker to remotely infiltrate corporate networks by simply hiding inside a package a remote-controlled scanning device designed to penetrate the wireless network–of a company or the CEO’s home–and report back to the sender.”
Charles Henderson, head of IBM X-Force Red said, “Think of the volume of boxes moving through a corporate mailroom daily. Or consider the packages dropped off on the porch of a CEO’s home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected.”
To demonstrate this approach, the X-Force team built a low-power gizmo consisting of a $100 single-board computer with built-in 3G and Wi-Fi connectivity and GPS. It’s smaller than the palm of your hand, and can be hidden in a package sent out for delivery to a target’s business or home.
To know more about this announcement, head over to Forbes.
Microsoft adds $300,000 to its Azure bounty program
For anyone who can successfully hack Microsoft’s public-cloud infrastructure service, the company has increased the bug bounty reward by adding $300,000.
Kymberlee Price, a Microsoft security manager, said, “To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst to emulate criminal hackers.”
Further to avoid causing any disruptions to its corporate customers, Microsoft has also set up a dedicated customer-safe cloud environment, Azure Security Lab, which is a set of dedicated cloud hosts— similar to a sandbox environment and totally isolated from Azure customers—for security researchers to test attacks against Microsoft’s cloud infrastructure.
To know more about this announcement in detail, head over to Microsoft’s official post.
Some open-source tools and products launched at Black Hat USA 2019
Scapy: Python-Based Interactive Packet Manipulation Program + Library
Scapy is a powerful Python-based interactive packet manipulation program and library.
Scapy can be used to forge or decode packets of a wide number of protocols and send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more.
Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, …), etc.
CyBot: Open-Source Threat Intelligence Chat Bot
The goal to create Cybot was “to create a repeatable process using a completely free open source framework, an inexpensive Raspberry Pi (or even virtual machine), and host a community-driven plugin framework to open up the world of threat intel chatbots to everyone from the average home user to the largest security operations center”, the speaker Tony Lee, highlights.
Cybot first debuted at Black Hat Arsenal Vegas 2017 and was also taken to Black Hat Europe and Asia to gather more great feedback and ideas from an enthusiastic international crowd. The feedback helped researchers to enhance and provide a platform upgrade to Cybot.
Now, you can build your own Cybot within an hour with anywhere from $0-$35 in expenses.
Azucar: Multi-Threaded Plugin-Based Tool to Help Assess the Security of Azure Cloud Environment Subscription
Azucar is a multi-threaded plugin-based tool to help assess the security of Azure Cloud environment subscription. By leveraging the Azure API, Azucar automatically gathers a variety of configuration data and analyses all data relating to a particular subscription in order to determine security risks.
EXPLIoT: IoT Security Testing and Exploitation Framework
EXPLIoT, developed in Python 3, is a framework for security testing and exploiting IoT products and IoT infrastructure. It includes a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones.
It can be used as a standalone tool for IoT security testing and more interestingly, it provides building blocks for writing new plugins/exploits and other IoT security assessment test cases with ease. EXPLIoT supports most IoT communication protocols, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.
PyRDP: Python 3 Remote Desktop Protocol Man-in-the-Middle (MITM) and Library
PyRDP is an RDP man-in-the-middle tool that has applications in pentesting and malware research. In pentesting, PyRDP has a number of features that allow attackers to compromise RDP sessions when combined with TCP man-in-the-middle solutions. On the malware research side, PyRDP can be used as part of a fully interactive honeypot. It can be placed in front of a Windows RDP server to intercept malicious sessions. It has the ability to replace the credentials provided in the connection sequence with working credentials to accelerate compromise and malicious behavior collection.
MoP: Master of Puppets – Open Source Super Scalable Advanced Malware Tracking Framework for Reverse Engineers
MoP (“Master of Puppets”) is an open-source framework for reverse engineers who want to create and operate trackers for new malware found for research. MoP ships with a variety of workstation simulation capabilities, such as fake filesystem manager and fake process manager, multi-worker orchestration, TOR integration and more, all aiming to deceive adversaries into interacting with a simulated environment and possibly drop new unique samples.
“Since everything is done in pure python, no virtual machines or Docker containers are needed and no actual malicious code is executed, all of which enables us to scale up in a click of a button, connecting to potentially thousands of different malicious servers at once from a single instance running on a single laptop.”
Commando VM 2.0: Security Distribution for Penetration Testers and Red Teamers
Commando VM is an open-source Windows-based security distribution designed for Penetration Testers and Red Teamers. It is an add-on from FireEye’s very successful Reverse Engineering distribution: FLARE VM. Similar to Kali Linux, Commando VM is designed with an arsenal of open-source offensive tools that will help operators achieve assessment objectives.
Built on Windows, Commando VM comes with all the native support for accessing Active Directory environments. Commando VM also includes:
- Web application assessment tools
- Scripting languages (such as Python and Go)
- Information Gathering tools (such as Nmap, WireShark, and PowerView)
- Exploitation Tools (such as PowerSploit, GhostPack and Mimikatz)
- Persistence tools, Lateral Movement tools, Evasion tools, Post-Exploitation tools (such as FireEye’s SessionGopher),
- Remote Access tools, Command-Line tools, and all the might of FLARE VM’s reversing tools.
Commando VM 1.0 debuted at Black Hat Asia in Singapore this year and less than two weeks after release its “GitHub repository had over 2000 followers and over 400 forks”.
BLACKPHENIX: Malware Analysis + Automation Framework
BLACKPHENIX framework performs an Intelligent automation and analysis by combining all the known malware analysis approaches, automating the time-consuming stages and counter-attacking malware behavioral patterns. The objective of this framework is to generate precise IOCs by revealing the real malware purpose and exposing its hidden data and related functionalities that are used to exfiltrate or compromise user information.
This framework focuses on consolidating, correlating, and cross-referencing the data collected between analysis stages by the execution of Python scripts and helper modules, providing full synchronization between the debugger, disassembler, and supporting components.
AutoMacTC: Finding Worms in Apple Orchards – Using AutoMacTC for macOS Incident Response
AutoMacTC is an open-source Python framework that can be quickly deployed to gather forensic data on macOS devices, from the artifacts that matter most to you and your investigation.
The speakers Kshitij Kumar and Jai Musunuri say, “Performing forensic imaging and deep-dive analysis can be incredibly time-consuming and induce data fatigue in analysts, who may only need a select number of artifacts to identify leads and start finding answers. The resources-to-payoff ratio is impractical.” AutoMacTC captures sufficient data into a singular location, equipping responders with all of the above.
To know about other open-source products in detail, head over to the Arsenal section. Black Hat USA 2019 also hosted a number of training sessions for cybersecurity developers, pentesters, and other security enthusiasts.
To know more about the entire conference in detail, head over to Black Hat USA 2019 official website.