Black Hat Europe returns to London next month, bringing with it a smorgasbord of opportunities for infosec experts to hone their skills and master new ones.
Security researchers continue to unearth important vulnerabilities in modern devices and operating systems, and Black Hat Europe’s lineup of Arsenal tools, Briefings, and in-depth Trainings will equip you with the sought-after skills necessary to deal with those threats.
In Coalfire’s Adaptive Penetration Testing Training, you’ll gain practical experience and a solid framework for conducting in-depth security assessments. The bulk of this course is spent in a fully operational lab environment, overcoming real-world obstacles faced in today’s enterprise networks. Trainers cover the tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs refined by penetration testers’ operational experience.
Supercharge your hacking skills with Advanced Infrastructure Hacking – 2019 Edition (2 Day), a fast-paced version of the original four-day class, cut down to two days. To fit the entire training material into two days, some of the exercises have been replaced by demos, and students receive a free month lab access to practice each exercise. Whether you are penetration testing, red teaming or trying to get a better understanding of managing vulnerabilities in your environment, it is critical that you understand these advanced hacking techniques. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern operating systems and networking devices!
Dive deep into the ins and outs of malware traffic in Advanced Malware Traffic Analysis: Adversarial Thinking. This intensive hands-on training will give the experience and knowledge of understanding malware behaviors on the network. You’ll get the experience and methodology to recognize malicious connections, how to distinguish normal from malicious behaviors, how to recognize anomalous patterns, and how to deal with large amounts of traffic.
Black Hat Europe’s many Briefings will equip you with cutting-edge techniques and know-how that can help you perform better. For example, in a Briefing on Eternal War in XNU Kernel Objects Alibaba experts will perform a systematic assessment of recently proposed jailbreak mitigation strategies by Apple that demonstrates how most of these defenses can be bypassed through corrupting unsafe kernel objects.
Under the SEA – A Look at the Syrian Electronic Army’s Mobile Tooling will highlight the most recent expansion of the tools of the Syrian Electronic Army (SEA), which are now known to include an entire mobile surveillanceware family (SilverHawk). This is the first time a family of mobile surveillanceware has been directly attributed to the SEA with high certainty, highlighting a new stage in the group’s technical evolution. To date, SilverHawk has been identified in over 30 trojanized versions of many well-known apps, including Telegram, WhatsApp, Microsoft Word, YouTube, and the Guardian Project’s Chat Secure app.
Of course, mobile applications are critical when it comes to vulnerabilities in a production environment. The Black Hat Europe Arsenal demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing will show how you can automate manual security testing and leverage developers with a tool that helps them identify bugs well in advance. The goal of MAFIA is to perform end-to-end security testing for a given mobile app, and create a self-serve tool for developers and security engineers.
If you’re interested in Android malware, Uitkyk: Identifying Malware via Runtime Memory Analysis purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior, but instead makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications.
Plus, the Arsenal demo of APKiD: “PEiD” for Android Applications will reveal how APKiD can (like PEiD) give information on how an APK was built by fingerprinting compilers, packers, obfuscators, and protectors. The main idea behind the tool is to help provide context on how the APK was potentially built or changed after it was built. This is useful context for attributing authorship and finding patterns!