·
Security
·
Hacking
·
Java
·
Cisco
·
Google
When Black Hat convenes
next week in Las Vegas, it will be a rich environment for gathering tools that
can be used to tighten security but also -- in the wrong hands -- to carry out
exploits.
Researchers presenting
generally point out the value these releases hold for researchers like
themselves who operate in experimental environments as well as for enterprise
security pros who want to build better defenses against such attack tools.
Office 2016,
OneDrive, and Office 365 together offer powerful document collaboration
capabilities
[ An
InfoWorld exclusive: Go inside a
security operations center. | Discover how to secure your systems
with InfoWorld's Security
newsletter. ]
Presenters will detail a
broad range of exploits they've carried out against devices, protocols and
technologies from HTTP to internet of things gear to the techniques penetration
testers use to test the networks of their clients.
Here is a sampling of some
of the scheduled educational briefings coming up next week along with a
description of the free tools that will accompany them.
HTTP/2 & QUIC --
Teaching Good Protocols To Do Bad Things
Presenters: Carl Vincent,
Sr. Security Consultant, Cisco, and Catherine (Kate) Pearce, Sr. Security
Consultant, Cisco
These two researchers took
a look at HTTP/2 and QUIC, two Web protocols used to multiplex connections. The
researchers say they are experiencing déjà vu because they have found security
weaknesses in these protocols that are reminiscent of weaknesses they found two
years ago in multipath TCP (MPTCP). Back then they discovered that because
MPTCP changed paths and endpoints during sessions, it was difficult to secure
the traffic and possible to compromise it. "This talk briefly introduces
QUIC and HTTP/2, covers multiplexing attacks beyond MPTCP, discusses how you
can use these techniques over QUIC and within HTTP/2, and discusses how to make
sense of and defend against H2/QUIC traffic on your network,"
according to the description of their talk. They say they will release tools
with these techniques incorporated.
Applied Machine Learning
for Data Exfil and Other Fun Topics
Brian Wallace, Senior
Security Researcher, Cylance, Matt Wolff, Chief Data Scientist, Cylance, and
Xuan Zhao, Data Scientist, Cylance
This team applied machine
learning to security data to help analysts make decisions about whether their
networks are facing actual incidents. They say lacking an understanding of
machine learning can leave you at a disadvantage when analyzing problems.
"We will walk the entire pipeline from idea to functioning tool on several
diverse security-related problems, including offensive and defensive use cases
for machine learning," they write in describing their briefing. They plan
to release all the tools, source code and data sets they used in their
research. They'll also include an obfuscation tool for data exfiltration, a
network mapper and a command and control panel identification module.
GATTacking Bluetooth Smart
Devices - Introducing a New BLE Proxy Tool
Slawomir Jasek, IT
Security Consultant, SecuRing
The internet of things is
rife with devices that make use of Bluetooth Low Energy, but they don't always
take advantage of all the security features of the technology."A
Comments
Post a Comment