Black Hat USA 2022 and DEF CON 30
2022-8-17 21:0:25 Author: securelist.com(查看原文) 阅读量:37 收藏

Events

Events

minute read

A Hacker Homecoming

Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30. The DEF CON theme was a “Hacker Homecoming”, and it really was a fun one. Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town. Many of the talks were great, fresh content.

With the parties and the CTF fun humming along, excellent briefings included Kim Zetter’s insights on “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed”. She is the first journalist to keynote Black Hat, and she intended to speak on the changes that Stuxnet brought, and the stuff that gets ignored until it’s too late. She specifically included discussion of elections infrastructure security, and cybernorm challenges in light of recent activity in Eastern Europe and the Middle East.

Kim listed the major changes that came about following Stuxnet:

  • A reversed trend in trickle down techniques and tools, now from APT to the crimey underground
  • Launched a cyber arms race and militarization of cyberspace
  • Politicization of security research and defense
  • Introduction of serious ICS vulnerabilities impacting critical infrastructure

Zetter highlighted the legitimate election security discussion, and said that it’s important to talk about, in spite of the consistent misappropriation and misinformation coming from high volume conspiracy groups. She spoke about various voting count incidents and the lack of accountability in very specific incidents. Of course, these actual events have been and will be spun up into misinformation content, which is unfortunate, but the legitimate discussion must be held. Interestingly, OAN members were later allegedly kicked out of DEF CON, specifically from the Voting Village.

Zetter noted from a 1997 “CRITICAL FOUNDATIONS PROTECTING AMERICA’S INFRASTRUCTURES” Report of the President’s Commission on Critical Infrastructure Protection, “The capability to do harm—particularly through information networks—is real; it is growing at an alarming rate; and we have little defense against it.” Keep in mind it was authored 25 years ago.

Fast forward to 2022 and Kim makes mention of the technical debt leading to the Colonial Pipeline ransomware fiasco that led to an overwhelming of the east coast fuel supply chain. She discussed how quickly Colonial paid the ransom, their lack of security preparation, and preceding audits of their “atrocious” security practices, “an eight grader could have hacked that system”. Not long after, CISA re-released yet another set of security guidelines for pipeline owner/operators. Unfortunately, Kim didn’t provide any mention of accountability for the decision-makers behind the Colonial fiasco.

Her talk turned to the challenges to “cyber-norms” that the Ukraine-related ITArmy presents and the recent incidents in Iran with 4,000 gas pumps being disabled and a severe equipment malfunction at a steel plant, suggesting these events also will likely leave an impact on the future stability of cyberspace.

Another favorite talk came from an individual still tied up in Taiwan with Visa issues. Orange Tsai enthusiastically gave a remote, well structured, insightful explanation of his research on Microsoft’s Hash Tables and attacking them from IIS with “Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS”. The codebase he addressed is decade+ old, and he danced all over web services and their authentication. Hopefully he will be in-person for future work.

Amongst all the village dazzle, DEF CON included a social engineering village, and talks included policy discussion, panels on getting a start in social engineering, and more. Their live action vishing challenge is a thrill. I am catching up on one of the recommended reading titles from a panel “How to Make People Like You in 90 Seconds or Less”.

It’s great to see people slowly returning to fully masked, in-person venues. See you next year!

  • Reports

    VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.

    Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

    Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428.

    This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.


    文章来源: https://securelist.com/black-hat-usa-2022-and-def-con-30/107184/
    如有侵权请联系:admin#unsafe.sh