What We Took From Black Hat And Defcon This Year – Charles Leaver

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s synopsis. It is large in part due to the style of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is seemingly an oxymoron when taking a look at the mass competitiveness amongst hundreds of security companies striving for customers throughout Black Hat. Based off Stamos’s messaging throughout the opening keynote this year, I felt it essential to add a few of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and consists of independent hackers and security specialists. Last week’s Black Hat style concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

People checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people acquire understanding and gain from others. Moss desires guests to remain ‘good’ and ‘useful’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his presentation about security companies. Stamos asked that we all share in the responsibility of helping those that can not help themselves. He also raised another relevant point: Are we doing enough in the security industry to truly assist individuals rather than just doing it to make cash? Can we accomplish the goal of actually assisting individuals? As such is the juxtaposition of the two occasions. The main distinctions between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of exactly what is possible.

The company I work for, Ziften, provides Systems and Security Operations software applications – providing IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Numerous participants flaunted their Ziften assistance by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of signing up with forces to fight versus the corrupt is something most attendees from around the world accept, and we are not any different. Here at Ziften, we aim to really assist our consumers and the neighborhood with our services. Why offer or count on a service which is limited to just exactly what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and provides modular, individualistic security and functional solutions. The whole Ziften team takes the imagination from Defcon, and we push ourselves to try and develop new, customized features and forensic tools where traditional security businesses would shy away from or merely stay consumed by daily jobs.

Providing all-the-time visibility and control for any asset, anywhere is one of Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations groups to quickly fix end point issues, decrease general risk posture, speed hazard response, and enhance operations performance. Ziften’s safe and secure architecture delivers continuous, streaming endpoint tracking and historic data collection for enterprises, federal governments, and managed security companies. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge needed location:P The Defcon hoards and jerks (Defcon mega-bosses using red t-shirts) were at a dead stop for a solid twenty minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was fascinating however absolutely nothing new for veteran guests. I suppose it takes something notable to garner attention around particular vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have currently been disclosed to the appropriate authorities prior to the event. Let us understand if you require aid locking down one of these (taking a look at you federal government folks).

A growing number of individual data is appearing to the general public. For example, Google & Twitter APIs are easily and openly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and particularly persons of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize people with severe accuracy and reveal really personal info about them. This should make you think twice about what you have actually set up on your systems and individuals in your work environment. Most of the above raw metadata was collected through a popular browser add-on. The fine tuning occurred with the algothrim and public APIs. Do you understand what internet browser add-ons are running in your environment? If the response is no, then Ziften can assist.

This presentation was plainly about making use of Point-of-Sale systems. Although quite funny, it was a tad frightening at the quickness at which one of the most commonly utilized POS systems can be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client credit card details entirely up to the hardware vendor? If you seek extra defense on your POS systems, then look no further than Ziften. We secure the most typically used enterprise operating systems. If you wish to do the enjoyable thing and set up the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the installation procedure of typical applications. Generally every time you install an application on a Mac, it requires the entry of your intensified opportunities. But what if something were to slightly modify code a moment before you entering your Administrator qualifications? Well, most of the time, most likely something not good. Anxious about your Mac’s running malware wise enough to detect and modify code on common susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can assist.

We help you by not replacing all your toolset, although we often discover ourselves doing just that. Our goal is to utilize the recommendations and current tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly intact, and ensure your operations and security teams work more effectively together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe collaborating
– Black Hat need to preserve a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software vendors

3) Popular current vulnerabilities Ziften can help prevent and resolve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted specific attacks

Leave a Reply

Your email address will not be published. Required fields are marked *