Top 5 Things to See and Do During Black Hat 2017

/in  / by 

Guardicore - Top 5 Things to See and Do During Black Hat 2017

From the horrors of ransomware, panic over election hacking, stolen emails to very interesting things like WannaCry andPetya/NotPetya/Nyetya/Goldeneye, it’s been a red-letter year in the world of cybersecurity.

At Black Hat 2016 we introduced the Infection Monkey, free, open source pen test tool to educate the world on lateral movement.  Lateral movement is how hackers move within a modern data center.  This movement is very different than the traditional spaces cybersecurity solutions play.  Lateral movement is how hackers spreading out within a data center/cloud infrastructure – server to server – to gain computing resources, control and ability to exploit.  The Infection Monkey became an immediate hit and named by Dark Reading as one of  the “8 Bad Ass Tools Coming Out Of Black Hat”..” It continues to be very successful and is used by and updated by researchers all over the world.

Looking forward to this year’s show – here’s the Dave Klein Top 5 things to see and do at Black Hat 2017:

1. Escalating Insider Threats Using VMWare’s API,

Scheduled for Thursday, July 27th at 9:00 am in South Seas ABE.
Our own Ofri Ziv, VP Research for GuardiCore Labs, will review the attack method and real-world instances of how bad actors can remotely bypass VMware’s two-step authentication using an easy-to-use API to create compromised credentials, enabling unauthorized access to sensitive data. Illustrating more than the flaw itself, the session will illuminate the importance of defining and enforcing privilege mechanisms in the datacenter in virtualized environment, and will also showcase a tool that allows you to test which users are capable of taking over guest machines. When I speak with my customers on their choices for cloud infrastructure, not only do I hear a good healthy diversity in their answers but I also rarely find them choosing a single vendor. However, when the topic switches to virtualization platforms (while there is a whole universe of virtualization and orchestration platforms out there) I more often than not hear VMware’s name ring out. They still hold the lion’s share of the market. That’s why Ofri’s findings are so critical to my customers and probably for you too.

2. Fighting the Previous War: (AKA: Attacking and Defending in the Era of the Cloud)

Scheduled for July 26th at 4:00 PM in Lagoon ABCGHI.
A topic near and dear to my heart.  The big awakening for me was a few years ago when I realized that it didn’t matter if I was talking about one of my large enterprise or government agency customers, a global carrier-grade corporation or a small credit union in Peoria, IL, they all had similar trends in their infrastructure.  No matter how big or small, how simple or complex their environments were – they all were at least 90% virtualized in their computing power in the data center.  They all had at least two SaaS applications and almost every single one of them had at least one cloud provider.  With this shifting topology, and the rise of micro-services to further change things – we all must look at how we fight this cyberwar and change accordingly.

3. The Industrial Revolution of Lateral Movement

Scheduled for July 27th at 9:00 AM in Lagoon DEFJKL.
Virtualization, migration to cloud and protecting against modern attacks all require a deep understanding of lateral movement.  The modern datacenter (premises and cloud) and the application workflows within has become the most important attack vector.  As I mentioned above at Blackhat 2016 to help people understand and generate lateral movement to see where they were vulnerable we introduced our open source tool Infection Monkey.  This year it is Microsoft’s turn to discuss and demonstrate their own GoFetch tool.

4. The Active Directory Botnet

Scheduled for Wednesday, July 26th at 1:30 PM in Mandalay Bay.
In covering IR incidents and protecting customers from nation state players over the years – nothing is worse than a good Active Directory compromise.  Yes – it’s not something new – but it is utterly devastating.  Nothing is worse than letting the monsters loose throughout your network carrying your keys to the kingdom.  The amount of resources it takes – money, time and people – exponentially increases when they own your Active Directory infrastructure.  Something like this renders traditional layer 4 Security Groups and other micro-segmentation techniques obsolete.  Besides keeping that “great keychain with all of your important keys safe”, one must be application-oriented.  You must get to layer 7 process-level visibility in order to protect your environments today or pay a most dear price.

5. Rounding out my top 5, here a couple of activities outside of the sessions you won’t want to miss:

  • Meet the GuardiCore team!  Come talk to us.
    • We protect your data center on premises and in the cloud natively.
    • We liberate and future proof our customers by being able to work across all of your on premises and cloud based architectures you currently have or are planning to go to.  We aren’t pigeon holed into a single architecture and neither should you.
      We provide a deeper comprehension by eliminating the visibility gaps you currently have.
    • We accelerate your ability to identify and remediate threats with our multi-method detection and response solution.  Furthermore, we accelerate your ability to migrate to the cloud and implement micro-segmentation.
    • Connect with our experts to learn more about protecting your critical data and workloads from advanced attacks –  wherever those assets may reside.
    • Click here to schedule a meeting with me in the GuardiCore VIP Suite to learn why companies like Santander are using GuardiCore to provide security at scale and avoid today’s advanced threats.
  • Can’t miss a good party, and the Optiv Black Hat After Party never disappoints!   As one of the sponsors this year, we are looking forward to joining Optiv and the other sponsors at LIGHT Nightclub in the Mandalay Bay Resort & Casino on July 26th from 7:30 p.m. – 10:30 p.m.  Register here if you’d also like to join the fun.

I look forward to seeing you all there!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA ImageChange Image