Black Hat Asia 2014: Clever Network Tricks
The 2014 Black Hat Asia regular registration deadline of March 21 is almost here, so now's the time to confirm your travel plans and lock in the regular rate before prices go up. While you consider your trip to Singapore, we'd like to highlight three more cool Briefings we're excited to be hosting in one more week.
The USB host offers fertile grounds for hunting exploits, but the bummer is that vendors so rarely take your hard-found data seriously. After all, they say any attacker would need physical access to actually plug in a rogue device, right? Not anymore. Thanks to advances in remoting technologies, Andy Davis, who's found more than 100 USB bugs across all operating systems, can now launch his USB missiles over networks. USB Attacks Need Physical Access Right? Not Any More... will show you how these technologies work, ponder the implications, and demonstrate the remote triggering of a USB kernel bug in Windows 2012 server.
The art of surveying the Internet enjoyed a renaissance over the past year or two. Today's surveys are easier than ever to conduct thanks to improved tools and significantly lower resource requirements. This is important, because the large-scale datasets produced by such studies provide hard, real-world evidence of risks and vulnerability exposure. Mark Schloesser, scanner geek extraordinaire, will take you on a tour of this brave new world of scanning in Scan All the Things - Project Sonar, briefing you on the data gathered so far and encouraging you to undertake your own large-scale survey efforts.
Our last clever network trick of the day takes us into the world of domain name servers, those crucial clearinghouses of URL translation. Leonardo Nve, a senior security auditor at Spain's S21sec, knows more than a few ways to alter a target system's DNS server configuration. In OFFENSIVE: Exploiting DNS Servers Changes he'll show you how to turn this trick to your advantage, using a host of low-profile, effective tools that will pique the interest of the phisher, hacker, and LEA crowd.
Looking to register? Better hurry, the clock's tickin'! Please visit Black Hat Asia 2014's registration page to get started.