For most of us, technology has become an integral part of our daily lives and promises to become even more prevalent in the near future due to the emerging technological revolution called the Internet of Things (IoT). The number of connected objects now exceeds the world’s human population, and is expected to grow exponentially over the next three to five years.
The early stage of IoT has already started making our lives easier and far more comfortable, giving us the ability to remotely monitor our homes and businesses, turn on the lights and heat before we return home from a long day, and even help us find a place to eat in an unfamiliar city. In fact, so many of our daily activities are becoming automated through the use of IoT technologies, we will soon wonder how we could have functioned without them – similar to looking back now on the pre-smart phone era! Read More »
Tags: Black Hat, connected car, DefCon, hacking, internet of things, IoE, IoT
Just back from presenting lab-based training session Detecting & Mitigating Attacks Using Your Network Infrastructure with Joe Karpenko at Blackhat USA 2012. Great to see a Defense track of Briefings which included Intrusion Detection Along The Kill Chain: Why Your Detection System Sucks And What To Do About It and more of an emphasis on protecting or remediating network infrastructures in topics like Targeted Intrusion Remediation: Lessons From The Front Lines. I attended several of these briefings and was impressed with the breadth of information provided for network operators. The Defense briefings align well with the network security best practices advocated by Cisco and presented in our training. These best practices include: Read More »
Tags: Black Hat, Black Hat 2012, network defense, security
In many exploit scenarios, an attacker finds a target and, if possible, establishes remote control over the system through known or unknown exploits. Whether the attacker uses a buffer overflow, insecure configuration, phishing for credentials, or cookie-stealing, the goal is clear: get a remote shell and gain complete control. Then what?
It is this post-exploitation environment that has interested me at this year’s Black Hat 2011. Several talks and trainings discuss post-exploitation techniques, and I’d like to share them in the interest of research – and defense.
Read More »
Tags: Black Hat, Exploit, security, security research, vulnerability