Hi [[ session.user.profile.firstName ]]

BrightTALK at Black Hat 2017

  • Date
  • Rating
  • Views
  • An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
    An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Will Schroeder, Security Research / SpecterOps and Andy Robbins, Adversary Resilience Lead / SpecterOps Recorded: Aug 15 2017 61 mins
    Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise.

    While DACL misconfigurations can provide numerous paths that facilitate elevation of domain rights, they also present a unique chance to covertly deploy Active Directory persistence. It's often difficult to determine whether a specific AD DACL misconfiguration was set intentionally or implemented by accident. This makes Active Directory DACL backdoors an excellent persistence opportunity: minimal forensic footprint, and maximum plausible deniability.

    This talk will cover Active Directory DACLs in depth, our "misconfiguration taxonomy," and enumeration/analysis with BloodHound's newly released feature set. We will cover the abuse of AD DACL misconfigurations for the purpose of domain rights elevation, including common misconfigurations encountered in the wild. We will then cover methods to design AD DACL backdoors, including ways to evade current detections, and will conclude with defensive mitigation/detection techniques for everything described.
  • It’s Time To Take Charge Of Our Digital Future
    It’s Time To Take Charge Of Our Digital Future Ariel Robinson, ITSPmagazine | Jay Beale, Inguardians | Jessy Irwin, Jessysaurusrex | Mzbat Recorded: Jul 26 2017 55 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Disruptors and visionaries across the globe are pushing the boundaries of science and technology, economics and industry, healthcare, policy, communications, and governance. From these advances emerge new career paths, educational disciplines, and opportunities for creation and discovery.

    But things don't always work the way we expect them to, and the consequences of disruption are impossible to predict. What is sacrificed for the sake of efficiency or convenience? Who gets to make that call? Whose fault is it when pre-teens get radicalized online, or health records get misused for unauthorized research? And whose job is it to prevent that from happening? Is prevention even possible?

    Individuals, enterprises, and society writ large have the right and responsibility to proactively shape and secure the future, but our ability to do so is at risk. As technology continues to proliferate without being well understood, people who fall victim to its failure or misuse feel more and more disempowered to prevent future damage. This is The Tech Effect: the complacency driven by the complexity of the technology ecosystem, and a rejection of responsibility for individual and collective safety, security, and ethics.

    It’s time to take charge of our digital future.

    Join us for this lively conversation.

    Moderator:
    - Ariel Robinson, Editor & Host, The Tech Effect, ITSPmagazine

    Panelists:
    - Jay Beale, CTO & COO, InGuardians
    - Jessy Irwin, Security Empress at Jessysaurusrex
    - Mzbat
  • Power To The People - Knowledge Is Power
    Power To The People - Knowledge Is Power Debra Farber, ITSPmagazine | Chris Roberts, Acalvio | Dr. Christopher Pierson, Viewpost | Arun Vishwanath, SUNY Buffalo Recorded: Jul 26 2017 50 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    As a society, we continue to focus on the capabilities that new technological products and services bring to bear, leaving the security - or rather, the safety - conversation for a later date and time… if at all.

    Why is this? Perhaps it’s because we don’t care. Or, perhaps it’s because we don’t understand how things work. Or, maybe it’s because we don’t know all the technical mumbo jumbo. Or, it could just be that we expect “someone else” to take care of it for us. For example, every car has a seat belt, right? We don’t have to ask for the car dealer to add seat belts for us and there really aren’t different types of seat belts available in the commercial car arena. Cars just come with seat belts - period. We expect them to be there - even if some people choose to not wear them.

    Regardless of the reason(s) behind the lack of conversation surrounding cybersecurity, we should all be able to agree on one simple fact: we use these new gadgets and services completely unfettered - with little to no regard to the risks we face for our privacy and even our safety.

    Attend this session to gain the initial knowledge necessary by:
    - Learning to ask is this thing secure?
    - Understanding how or why it is or isn’t safe to use.
    - Identifying your role in your own cyber safety and that of those around you.

    It’s time to open our eyes and become aware of our surroundings. Join us to become aware.

    Moderator:
    - Debra Farber, Host of The Privacy Pact, ITSPmagazine

    Panelists:
    - Chris Roberts, Chief Security Architect, Acalvio Technologies
    - Dr. Christopher Pierson, CSO and General Counsel, Viewpost
    - Arun Vishwanath, Associate Professor at SUNY Buffalo & Black Hat Presenter
  • Hacking Diversity in Cybersecurity
    Hacking Diversity in Cybersecurity Joyce Brocaglia (Alta Associates, EWF) | Jason Painter (Queercon) | Angela Messer (Booz Allen Hamilton) | Suzanne Hall (PwC) Recorded: Jul 26 2017 53 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Cybersecurity investment has gone through the roof in recent years. Yet, there is a global shortage of qualified professionals to fill a growing number of open cybersecurity roles. According to a recent study by Frost & Sullivan, the global cybersecurity workforce will be short by around 1.8 million people by 2022.

    How do organizations cope with the growing demand for security professionals, especially in an age of ever-expanding attack surface and more frequent and sophisticated cyber attacks?

    Watch this live video panel of experts as they discuss the current trends shaping the cybersecurity industry, the need for diversity and inclusion, and strategies enterprises can employ to stay ahead of the game.

    Moderator:
    - Joyce Brocaglia, Founder/CEO of Alta Associates & Founder of the Executive Women's Forum

    Panelists:
    - Angela Messer, Senior Partner, Cyber Business and Talent Lead, Booz Allen Hamilton
    - Jason Painter, Co-Founder & President of Queercon, the largest social network of LGBT hackers in the world
    - Suzanne Hall, Managing Director, Advisory Services, PwC
  • The Side Effects of the Internet of Things
    The Side Effects of the Internet of Things Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsys Recorded: Jul 25 2017 43 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.

    How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.

    Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.

    This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?

    PANELISTS
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Gary Hayslip, Vice President & CISO, Webroot
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    MODERATOR
    - Chenxi Wang, Host of The New Factor on ITSPmagazine
  • Your Small Business Will Be Hacked - Because It Is Easy
    Your Small Business Will Be Hacked - Because It Is Easy Sean Martin, ITSPmagazine | Rusty Sailors, LP3 | Russell Mosley, Dynaxys | Tom Caldwell, Webroot Recorded: Jul 25 2017 56 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -

    Small and medium businesses face countless threats, most of which have a human at their origin. These criminals, driven by financial gain, are essentially business owners – not unlike yourself – who are looking to spend as little money and as few resources as necessary to generate as much revenue as possible. Therefore, most cybercriminals target businesses that have a false sense of security.

    Why would a cybercriminal spend a fortune going after a Fortune 1,000 when they can spend a few bucks to crack a small business? Exactly!

    During this live webinar, we’ll explore the types of threats that small and medium businesses face and the business risk associated with these threats. It’s easier to get hacked than you think and it’s only a matter of time before it happens. Will your business be prepared? Are you doing everything you can to protect yourself beforehand?

    Knowing that perfection is not possible, our panel of experts will look at 4 key steps that small and medium businesses should take to reach a reasonable level of cybersecurity:

    - How to conduct an analysis to determine risk and the need to focus on cybersecurity within your business
    - How to assess the cost of a breach, a loss of information and the impact that a cybersecurity event can have on your customers and partners
    - How to create a plan to protect your systems, information, revenue and customers’ data
    - Best practices for guiding your implementation, from segmentation to employee access control policies to information protection controls

    Join us for an extremely informative session geared towards small and medium business owners and their IT staff.

    Moderator:
    Sean Martin, CISSP, Editor-in-Chief, ITSPmagazine

    Panelists:
    Rusty Sailors, President / CTO at LP3 and Chairman, Protecting Tomorrow
    Russell Mosley, Director, Infrastructure & Security, Dynaxys
    Tom Caldwell, Senior Director of Engineering at Webroot
  • AI, Machine Learning and the Future of Cybersecurity
    AI, Machine Learning and the Future of Cybersecurity Demetrios "Laz" Lazarikos (Blue Lava) | Sven Krasser (CrowdStrike) | Alex Pinto (Niddel) | Jisheng Wang (Aruba) Recorded: Jul 25 2017 55 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    As cyber threats are evolving at a rapid pace, and firewalls and antiviruses are considered antiquated solutions, companies are constantly looking for the most advanced ways to protect their critical data.

    Artificial intelligence and machine learning are now an integral part of cybersecurity. With cyber attacks becoming more serious, and in some cases endangering human lives, artificial intelligence could be the key to security.

    View this panel of top security experts as they discuss the role of AI and machine learning in cyber attacks, cyber protection and what the future of security looks like.
    - The impact of AI/ML on security
    - Trends in cyber attacks
    - How to best protect against them and secure our critical assets

    Moderator:
    - Demetrios "Laz" Lazarikos, Three Time CISO, Founder of Blue Lava

    Panelists:
    - Sven Krasser, Chief Scientist, CrowdStrike
    - Alex Pinto, Co-Founder & Chief Data Scientist, Niddel
    - Jisheng Wang, ‎Senior Director of Data Science, CTO Office - Aruba, a Hewlett Packard Enterprise company
  • Black Hat USA 2017: Women Wanted
    Black Hat USA 2017: Women Wanted Daniel Cuthbert, COO of SensePost and Jessica Gulick from Women's Society of Cyberjutsu Recorded: Jun 1 2017 35 mins
    Join Daniel Cuthbert, COO of SensePost and Jessica Gulick from Women's Society of Cyberjutsu for an informative discussion on what you need to know about attending Black Hat USA 2017 conference this July in Las Vegas. We will share tips and lessons learned from selecting and attending the training courses and conference. The WSC is offering a special discount (save $200) on registration by using code WSCBH17.

Embed in website or blog