Black Hat USA 2023 - Summary

Red team is best team

Author

Henrik Falk
March 25, 2024

Dates: 2023-08-05 - 2023-08-10

Location: Mandalay Bay, Las Vegas, USA

Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation

"Endpoint security controls are the most essential tool for protecting computer systems from various malware threats. Most of them usually include several layers of detection modules. Among them is the byte signature detection logic, which is usually treated as the most reliable layer with the lowest false positive rate. What would you say if adversaries can remotely delete critical data from your fully patched servers, over the internet? Moreover, what if this can be done because of your security control byte signature detection logic? In this talk, we will present a vulnerability (CVE-2023-24860) in a brand-new category that provides unauthenticated remote deletion of critical files such as the entire production database and causes a new level of DOS."

EDR = Erase Data Remotely, By Cooking An Unforgettable (Byte) Signature Dish

"Endpoint security controls are the most essential tool for protecting computer systems from various malware threats. Most of them usually include several layers of detection modules. Among them is the byte signature detection logic, which is usually treated as the most reliable layer with the lowest false positive rate. What would you say if adversaries can remotely delete critical data from your fully patched servers, over the internet? Moreover, what if this can be done because of your security control byte signature detection logic? In this talk, we will present a vulnerability (CVE-2023-24860) in a brand-new category that provides unauthenticated remote deletion of critical files such as the entire production database and causes a new level of DOS."

The 9th Annual Black Hat USA Network Operations Center (NOC) Report

"Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network."