Chuck Leaver – Defcon And Black Hat 2017 Experiences

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver


These are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s synopsis. It is really in part due to the theme of the opening talk offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the value of re-focusing the security neighborhood’s efforts in working much better together and diversifying security services.

“Working much better together” is seemingly an oxymoron when examining the mass competitiveness amongst hundreds of security businesses striving for customers during Black Hat. Based off Stamos’s messaging throughout the opening keynote this year, I felt it important to add a few of my experiences from Defcon as well. Defcon has traditionally been an occasion for discovery and consists of independent hackers and security professionals. Last week’s Black Hat style concentrated on the social aspect of how businesses ought to get along and really help others and each other, which has actually always been the overlying message of Defcon.

People visited from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wants that to be the style: Where you want to help individuals acquire knowledge and learn from others. Moss desires guests to stay ‘good’ and ‘handy’ during the conference. That is in line with exactly what Alex Stamos from Facebook communicated in his keynote about security companies. Stamos asked that we all share in the obligation of assisting those that can not assist themselves. He also raised another relevant point: Are we doing enough in the security industry to truly assist individuals rather than simply doing it to make money? Can we accomplish the goal of truly helping individuals? As such is the juxtaposition of the 2 occasions. The main differences in between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the imaginative side of exactly what is possible.

The company I work for, Ziften, provides Systems and Security Operations software applications – offering IT and security groups visibility and control across all end points, on or off a corporate network. We likewise have a quite sweet sock video game!

Lots of guests flaunted their Ziften assistance by embellishing prior year Ziften sock styles. Looking great, feeling great!

The idea of joining forces to fight versus the corrupt is something most participants from all over the world accept, and we are not any different. Here at Ziften, we strive to really help our clients and the neighborhood with our solutions. Why offer or depend on an option which is restricted to only exactly what’s inside package? One that offers a single or handful of specific functions? Our software is a platform for combination and provides modular, individualistic security and functional services. The whole Ziften team takes the imagination from Defcon, and we motivate ourselves to try and develop new, custom-made features and forensic tools where conventional security businesses would avoid or merely stay consumed by everyday tasks.

Providing all the time visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our combined systems and security operations (SysSecOps) platform empowers IT and security operations groups to quickly fix endpoint concerns, lower total danger posture, speed risk response, and enhance operations efficiency. Ziften’s secure architecture provides constant, streaming endpoint tracking and historical data collection for businesses, governments, and managed security companies. And remaining with this year’s Black Hat style of working together, Ziften’s partner integrations extend the worth of incumbent tools and fill the gaps in between siloed systems.

Journalists are not allowed to take images of the Defcon crowd, however I am not a journalist and this was prior to entering a badge needed location:P The Defcon hoards and thugs (Defcon mega-bosses using red t-shirts) were at a dead stop for a strong 20 minutes awaiting preliminary access to the 4 huge Track conference rooms on opening day.

The Voting Machine Hacking Village gained a lot of attention at the event. It was intriguing but absolutely nothing brand-new for veteran attendees. I suppose it takes something notable to amass attention around certain vulnerabilities.? All vulnerabilities for the majority of the talks and specifically this town have actually already been revealed to the correct authorities prior to the event. Let us know if you require help locking down one of these (taking a look at you government folks).

Increasingly more individual data is appearing to the general public. For instance, Google & Twitter APIs are freely and publicly readily available to query user data metrics. This data is making it easier for hackers to social engineer focused attacks on individuals and specifically individuals of power and rank, like judges and executives. This presentation titled, Dark Data, demonstrated how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to identify individuals with severe precision and uncover very private information about them. This should make you think twice about exactly what you have actually set up on your systems and people in your work environment. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you understand what browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This presentation was clearly about making use of Point-of-Sale systems. Although quite amusing, it was a little scary at the speed at which one of the most commonly utilized POS systems could be hacked. This particular POS hardware is most frequently used when paying in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by durable firmware, why would a business risk leaving the security of customer charge card info entirely in the hands of the hardware vendor? If you seek extra protection on your POS systems, then look no further than Ziften. We protect the most typically used business operating systems. If you wish to do the fun thing and install the computer game Doom on one, I can send you the slide deck.

This man’s slides were off the charts exceptional. What wasn’t outstanding was how exploitable the MacOS is during the setup procedure of typical applications. Generally each time you install an application on a Mac, it needs the entry of your intensified advantages. But what if something were to somewhat modify code a moment prior to you entering your Administrator qualifications? Well, most of the time, probably something not good. Anxious about your Mac’s running malware smart adequate to identify and change code on common vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not changing all of your toolset, although we frequently discover ourselves doing just that. Our aim is to utilize the suggestions and present tools that work from various suppliers, ensure they are running and installed, guarantee the perscribed hardening is indeed undamaged, and ensure your operations and security groups work more efficiently together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe working together
– Black Hat need to keep a friendly community spirit

2) Stronger together with Ziften

– Ziften plays great with other software suppliers

3) Popular existing vulnerabilities Ziften can assist prevent and fix

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted private attacks