Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
5/30/2017
12:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2017:
Predominance of Internet of Things

Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Predominance of Internet of Things (IoT) related breaches has heightened concern over the security of network connected devices. Expected rise in IoT breaches and complexities points to a need for advanced knowledge of IoT practicalities and fundamentals. Navigate the dynamic threat landscape with these Black Hat USA offerings and view the Briefings IoT Track to begin customizing your Black Hat USA experience.

Awareness of points of compromise is critical to defensive threat recon and planning. Analyzing an IoT Empire will teach you to test and defend modern IoT systems through a dual “build and penetrate” style training. Adopt an adversarial mindset and exploit contemporary consumer and industrial tools including automotive (IVI and CAN Bus controls), resource management systems (water and energy consumption abatement), health analysis implements (temperature, blood pressure, heart rate) and more. This extensive, exploratory Training delves into embedded controls, teaches less adopted ZeroMQ protocols and provides students with a complimentary Kali toolset for future use.

Compound your IoT threat intelligence with comprehension of exploits of ARM technologies, found in many modern smart electronics. Veteran Black Hat Trainer, Saumil Shah provides a complete foundation in Arm Iot Exploit Laboratory: Intro.  Familiarizing students with the basic ARM architecture and assembly language and advances techniques for debugging, exploiting and writing shellcode. Build upon this skillset or enhance your existing ARM knowledge with Arm Iot Exploit Laboratory: Advanced. The Intro and Advanced courses are taught back to back on differing days, allowing students to take the complete stack for thorough comprehension of ARM exploits and mitigations. Practical lab exercises encompassing hardware and virtual machine targets offers end-end skill development in compact timing.

When IoT Attacks: Understanding The Safety Risks Associated With Connected Devices elaborates existing IoT attack vectors and examine further risks including the potential for repurposing devices for physical attack. We have seen recent DDoS hacks, including the new Leet IoT Botnet, BrickerBot and Mirai IoT variants. Internet connected refrigerators and baby monitors have also been possessed and reprised. Presenters in this Briefing move beyond these existing attacks to answer the budding physical security question and explain the prospect of IoT hacks posing physical threats.

Discovering probable attack modes and vulnerabilities is critical. Honeypots are commonly used to spotlight anomalies and preempt attacks. Iotcandyjar: Towards An Intelligent-interaction Honeypot For Iot Devices presents the opportunity for enhancing honeypots utilizing machine learning technology for IoT device security. Researchers explain how they produced a high-interaction honeypot capable of the full coverage of low-interaction honeypots and dependability and replicability of high-interaction honeypots using machine learning. Through this adaption, detection and device signatures can be seamless and secure.

Security testing and threat identification are uniquely impacted by the IoT infrastructure. PtIoT: An Automated Security Testing Framework For the Internet of Things presents the complexities of identifying attack patterns and a new technology that has shown success testing 360 products as a basis for analyzing other IoT device systems. PtIoT combined with apprehension of breach trajectories can assess external ports, ROMS and more.

Vehicle cyber security testing has also been impacted by the influx of IoT. VT Auto-X Vehicle Automated Security Testing Tool dawns the Arsenal Theatre to discuss complications of automotive security testing and preeminent tools plus show new vulnerability detection tool Auto-X. With Auto-X provides stability and operates under heavy-traffic testing scenarios found to be missing from other tools by Auto-X designers. Universal Radio Hacker: Investigate Wireless Protocols Like a Boss also displays at Arsenal, supporting navigation of complex Software Defined Radios (SDR) protocol logic. Employ Universal Radio Hacker (URH) for more seamless demodulation, reverse engineering and fuzzing with cross platform integration in a self-contained and expandable application.

Navigate the IoT threat surface and more at Black Hat USA 2017. Briefings, Trainings and Arsenal tools provide extensive opportunities for skill development and threat awareness. Register today to join leading InfoSec Professionals and Researchers at Mandalay Bay in Las Vegas, July 22-27, 2017.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.