Here Is What We Experienced At Defcon And Black Hat 2017 – Charles Leaver

By | August 9, 2017

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching 2017’s synopsis. It is large in part due to the theme of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is relatively an oxymoron when taking a look at the mass competition amongst numerous security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to add a few of my experiences from Defcon as well. Defcon has actually traditionally been an occasion for learning and consists of independent hackers and security specialists. Last week’s Black Hat theme concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

Individuals visited from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, also wishes that to be the theme: Where you aim to help individuals get knowledge and learn from others. Moss desires attendees to remain ‘great’ and ‘helpful’ during the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the obligation of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to really help people rather than simply doing it to make cash? Can we achieve the goal of actually assisting people? As such is the juxtaposition of the two events. The primary differences between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software applications – offering IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Lots of guests flaunted their Ziften assistance by adorning previous year Ziften sock designs. Looking good, feeling great!

The idea of joining forces to combat against the corrupt is something most guests from around the world accept, and we are no different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why offer or count on a service which is restricted to only exactly what’s inside the box? One that offers a single or handful of specific functions? Our software application is a platform for integration and offers modular, individualistic security and functional solutions. The whole Ziften team takes the creativity from Defcon, and we push ourselves to try and develop new, customized functions and forensic tools where standard security companies would avoid or simply remain consumed by day-to-day tasks.

Providing continuous visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our combined systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint concerns, decrease overall threat posture, speed threat response, and improve operations efficiency. Ziften’s protected architecture provides constant, streaming end point monitoring and historic data collection for enterprises, governments, and managed security service providers. And remaining with this year’s Black Hat style of interacting, Ziften’s partner integrations extend the worth of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take images of the Defcon crowd, however I am not the press and this was prior to going into a badge needed area:P The Defcon hoards and goons (Defcon mega-bosses using red t-shirts) were at a standstill for a solid 20 minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting but nothing brand-new for veteran attendees. I suppose it takes something notable to amass attention around particular vulnerabilities.? All vulnerabilities for the majority of the talks and particularly this town have actually already been revealed to the proper authorities prior to the occasion. Let us understand if you need aid locking down one of these (looking at you federal government folks).

More and more individual data is appearing to the general public. For instance, Google & Twitter APIs are freely and openly readily available to query user data metrics. This data is making it easier for hackers to social engineer focused attacks on individuals and specifically persons of power and rank, like judges and executives. This discussion titled, Dark Data, showed how a simple yet dazzling de-anonymization algorithm and some data made it possible for these 2 white hats to recognize individuals with severe precision and reveal extremely private details about them. This must make you reconsider what you have actually installed on your systems and individuals in your work environment. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what browser add-ons are operating in your environment? If the answer is no, then Ziften can assist.

This presentation was clearly about making use of Point-of-Sale systems. Although quite humorous, it was a little scary at the speed at which one of the most commonly used POS systems can be hacked. This specific POS hardware is most commonly used when paying in a taxi. The base os is Linux and although on an ARM architecture and protected by durable firmware, why would a company risk leaving the security of client charge card information entirely up to the hardware supplier? If you look for extra protection on your POS systems, then don’t look beyond Ziften. We protect the most frequently utilized enterprise operating systems. If you want to do the fun thing and set up the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the setup process of very common applications. Essentially each time you install an application on a Mac, it needs the entry of your escalated benefits. However what if something were to a little modify code a few seconds prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Anxious about your Mac’s running malware wise adequate to discover and change code on typical susceptible applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We assist you by not changing all your toolset, although we often find ourselves doing simply that. Our objective is to utilize the advice and existing tools that work from different vendors, ensure they are running and installed, ensure the perscribed hardening is indeed undamaged, and guarantee your operations and security groups work more efficiently together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world working together
– Black Hat must maintain a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software application vendors

3) Popular present vulnerabilities Ziften can help prevent and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Leave a Reply

Your email address will not be published. Required fields are marked *