Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
December 7-10, 2020
Virtual Event
11/27/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

See the Future of Cybersecurity at Black Hat Europe

New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.

Black Hat Europe kicks off in London next week, and it promises to deliver a melting pot of cybersecurity experts from around the world. If you want to get an early look at the tools, techniques, and training regimens that will shape this next generation of cybersecurity, the The Excel in London is the place to be.

Notably, make time to check out the Briefing No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank . Modern smartphones are often gold mines of private information (including banking data, emails, and passwords), and now it’s quite common for owners to plug their smartphones into public charging stations to get a bit of juice on the go. Despite preventive measures implemented by Android's developers to prevent data transfer via USB cable (i.e. “charging only" mode), researchers have been able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone. They will  show you how they do it during this special Black Hat Europe Briefing.

Of course, such tricks aren’t much use against trained professionals, and in a 50-minute Briefing on Evolving Security Experts Among Teenagers you’ll learn about Rezillon’s plan to foster a new generation of cybersecurity experts. Such efforts are critical if we want to avoid a significant labor shortage in the future, and this Briefing will show you how to build a framework of programs and groups, with the support of government, industry, and community for the sole purpose of creating a new generation of experts inventing the next big thing.

Delitor’s OSINT Techniques And Methodology 2-Day Training promises to demonstrate multiple free online resources that break through traditional search roadblocks. Participants will not only learn how to "dig" into the Internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises.

If you favor a more automated approach, consider checking out The Security Automation Lab, where you’ll learn how to automate the discovery and protection of security weaknesses while automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced. Presented by Threat Intelligence, this 2-Day Training will help you create your own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches.

If you’re looking to beef up your mobile arsenal, stop by the Black Hat Europe Arsenal to catch a demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing. Mafia is designed to automate a tricky process by performing end-to-end security testing for a given mobile app, creating a self-serve tool for developers and security engineers. Mobile applications are critical when it comes to vulnerabilities in a production environment, and Mafia is meant to take some of the hassle out of finding and fixing those vulnerabilities.

Uitkyk: Identifying Malware via Runtime Memory Analysis is another Arsenal demo worth taking, as it purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior. Instead, it makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications. Don’t miss it!

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.