Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
December 7-10, 2020
Virtual Event
11/27/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

See the Future of Cybersecurity at Black Hat Europe

New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.

Black Hat Europe kicks off in London next week, and it promises to deliver a melting pot of cybersecurity experts from around the world. If you want to get an early look at the tools, techniques, and training regimens that will shape this next generation of cybersecurity, the The Excel in London is the place to be.

Notably, make time to check out the Briefing No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank . Modern smartphones are often gold mines of private information (including banking data, emails, and passwords), and now it’s quite common for owners to plug their smartphones into public charging stations to get a bit of juice on the go. Despite preventive measures implemented by Android's developers to prevent data transfer via USB cable (i.e. “charging only" mode), researchers have been able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone. They will  show you how they do it during this special Black Hat Europe Briefing.

Of course, such tricks aren’t much use against trained professionals, and in a 50-minute Briefing on Evolving Security Experts Among Teenagers you’ll learn about Rezillon’s plan to foster a new generation of cybersecurity experts. Such efforts are critical if we want to avoid a significant labor shortage in the future, and this Briefing will show you how to build a framework of programs and groups, with the support of government, industry, and community for the sole purpose of creating a new generation of experts inventing the next big thing.

Delitor’s OSINT Techniques And Methodology 2-Day Training promises to demonstrate multiple free online resources that break through traditional search roadblocks. Participants will not only learn how to "dig" into the Internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises.

If you favor a more automated approach, consider checking out The Security Automation Lab, where you’ll learn how to automate the discovery and protection of security weaknesses while automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced. Presented by Threat Intelligence, this 2-Day Training will help you create your own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches.

If you’re looking to beef up your mobile arsenal, stop by the Black Hat Europe Arsenal to catch a demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing. Mafia is designed to automate a tricky process by performing end-to-end security testing for a given mobile app, creating a self-serve tool for developers and security engineers. Mobile applications are critical when it comes to vulnerabilities in a production environment, and Mafia is meant to take some of the hassle out of finding and fixing those vulnerabilities.

Uitkyk: Identifying Malware via Runtime Memory Analysis is another Arsenal demo worth taking, as it purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior. Instead, it makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications. Don’t miss it!

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5605
PUBLISHED: 2020-09-18
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2020-5606
PUBLISHED: 2020-09-18
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5628
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-5629
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-25756
PUBLISHED: 2020-09-18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."