- ITSEC Newsletter
- Posts
- Black Hat Europe 2022 - Summary
Dates: 2022-12-05 - 2022-12-08
Location: Excel London / United Kingdom
Exploring a New Class of Kernel Exploit Primitive
"Microsoft Security Response Center receives and examines many interesting bug classes. Often, the exploitability of those bugs is apparent, but this is not always the case. One interesting outlier is an arbitrary kernel pointer read primitive where the attacker cannot retrieve the content of the memory read. Traditionally, these would have an impact of Denial of Service (DoS) or in some cases a second-order Kernel Memory Information Disclosure (where side channels or indirect probing are possible) but could such a limited primitive actually be exploited for code execution / privilege escalation?"
Scammers Who Scam Scammers, Hackers Who Hack Hackers: Exploring a Sub-economy on Cybercrime Forums
"It's no secret that criminal forums and marketplaces are crammed with nefarious activity. But behind all the initial access brokers, stolen data, and malware, there's a hidden, thriving subcategory of crime going unnoticed: threat actors targeting other threat actors. These cannibalistic criminals (we call them 'metaparasites': a parasite whose host is also a parasite) are such a persistent and expensive problem that there are specific forum rooms - containing thousands of posts and going back years - dedicated to blacklisting them, arbitrating scam complaints between users, and reporting imitation 'ripper' sites. In this talk, we present a novel investigation into scammers who scam scammers and hackers who hack hackers, on three of the most well-established and prominent criminal marketplaces..."
Real-World Detection Evasion Techniques in the Cloud
"Recent cloud-focused malware campaigns have shown adversary groups possess an advanced knowledge of cloud technologies and their security mechanisms, with this knowledge being used to their advantage in a range of attacks. These attacks are no longer focused solely on cloud computing environments. Adversaries are now shifting focus to target serverless environments and containers.In this session, Matt will provide an overview of three malware campaigns (CoinStomp, Denonia, Abcbot) where novel TTPs leveraged against cloud technologies were observed..."
The Black Hat Europe NOC Report
"Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network."