Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
November 9-12, 2020
London UK
11/27/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

See the Future of Cybersecurity at Black Hat Europe

New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.

Black Hat Europe kicks off in London next week, and it promises to deliver a melting pot of cybersecurity experts from around the world. If you want to get an early look at the tools, techniques, and training regimens that will shape this next generation of cybersecurity, the The Excel in London is the place to be.

Notably, make time to check out the Briefing No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank . Modern smartphones are often gold mines of private information (including banking data, emails, and passwords), and now it’s quite common for owners to plug their smartphones into public charging stations to get a bit of juice on the go. Despite preventive measures implemented by Android's developers to prevent data transfer via USB cable (i.e. “charging only" mode), researchers have been able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone. They will  show you how they do it during this special Black Hat Europe Briefing.

Of course, such tricks aren’t much use against trained professionals, and in a 50-minute Briefing on Evolving Security Experts Among Teenagers you’ll learn about Rezillon’s plan to foster a new generation of cybersecurity experts. Such efforts are critical if we want to avoid a significant labor shortage in the future, and this Briefing will show you how to build a framework of programs and groups, with the support of government, industry, and community for the sole purpose of creating a new generation of experts inventing the next big thing.

Delitor’s OSINT Techniques And Methodology 2-Day Training promises to demonstrate multiple free online resources that break through traditional search roadblocks. Participants will not only learn how to "dig" into the Internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises.

If you favor a more automated approach, consider checking out The Security Automation Lab, where you’ll learn how to automate the discovery and protection of security weaknesses while automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced. Presented by Threat Intelligence, this 2-Day Training will help you create your own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches.

If you’re looking to beef up your mobile arsenal, stop by the Black Hat Europe Arsenal to catch a demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing. Mafia is designed to automate a tricky process by performing end-to-end security testing for a given mobile app, creating a self-serve tool for developers and security engineers. Mobile applications are critical when it comes to vulnerabilities in a production environment, and Mafia is meant to take some of the hassle out of finding and fixing those vulnerabilities.

Uitkyk: Identifying Malware via Runtime Memory Analysis is another Arsenal demo worth taking, as it purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior. Instead, it makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications. Don’t miss it!

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11458
PUBLISHED: 2020-04-02
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from databas...
CVE-2020-8015
PUBLISHED: 2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVE-2020-1927
PUBLISHED: 2020-04-02
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...