Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
December 7-10, 2020
Virtual Event
7/12/2019
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA Arsenal Serves Up A Smorgasbord of Cybersecurity Tools

Visit the Arsenal this August to go hands-on with hackable gadgets and catch live demos of open-source security tools from some of the best in the business.

Black Hat USA is happening in Las Vegas this August, and all attendees are invited to check out the Arsenal to network with others in the cybersecurity community and catch live demonstrations of the latest open-source security tools.

To get the most out of the Arsenal check out Black Hat Day Zero, to get the inside scoop on what to see and do for both first time attendees and returning Black Hat veterans. There, you’ll have a chance to hear about how Arsenal tools are selected, how they benefit from attendee feedback, and what you should be spending your time seeing.

This year, at the all-new Arsenal Lab you can enjoy live demos and expert guidance from top hardware hackers while you build, test, and hack all sorts of gadgets and devices, including:

CQForensic: The Efficient Forensic Toolkit shows how to perform detailed computer forensic examinations. The Toolkit guides you through the information-gathering process, providing data for analysis and extracting the evidence!

Ghost in the Browser: Backdooring with Shadow Workers will help you implant a pseudo-backdoor in a browser and ghost through a victim's browser session to sniff, manipulate, and even proxy data silently. See a demo of the various persistence mechanisms this tool provides to keep service workers alive, and check out a compendium tool that provides various mitigation mechanisms against such attacks!

Alexa HackerMode 2.0: Voice Auto Pwn Using Kali Linux and Alexa Skill Combo is an Alexa-driven auto-sploit tool designed for the cloud. Not only will it help with syntax and encodings, but it will go full hacker mode and exploit systems automatically for you. For example, if you say, “Alexa, ask HackerMode to hack IP address 192.168.1.135" the tool will instruct Alexa to begin and manage the process of port scanning, fingerprinting, exploit selection, and smart brute forcing exploits through Metasploit 4 or 5.  Alexa will also entertain you with mood music or various other activities while it roots and dumps users and passwords from your target. If the exploit is taking a while you can check in on the progress by asking "How's the hack going?"

Break out the Box (BOtB): Container Analysis, Exploitation and CICD Tool is the first tool aimed at hackers and developers to automate container exploitation. Not only does BOtB provide the user with a detailed analysis of identified vulnerabilities of the container, BOtB provides an autopwn feature which allows for the user to “automagically” exploit the vulnerabilities identified and break out onto the host.

Social Attacker: Automated Phishing on Social Media Platforms is the first open source, multi-site, automated social media phishing framework. It allows you to automate the phishing of social media users on a mass scale by handling the connecting to and messaging of targets.

For more information about these offerings and many more check out the Black Hat USA Arsenal page, which is regularly updated with new content as we get closer to the event. Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.