15 Hot Tools To Come Out of Black Hat and Def Con

Security summer camp is upon us as the cybersecurity industry convenes on Las Vegas this week for Black Hat and Def Con. In addition to presenting a ton of important research on new vulnerabilities and exploit methods, many security researchers will be sharing with attendees a smorgasbord of new and updated open source tools. Between speaker tracks at both shows, Black Hat Arsenal, and DEF CON Demo Days, presenters will unveil and demo dozens of freebies designed to help their colleagues with a range of offensive and defensive security activities.

From fuzzers to reverse engineering tools, threat detection to system mapping tools, and many specialties in between, here are some of the highlights.

PeriScope and PeriFuzz: Fuzzing

A probing and fuzzing framewok for the hardware-OS boundary, PeriScope is meant to help security professionals do fine-grained analysis of device-driver interactions. Meantime, PeriFuzz models attacker capabilities on peripheral devices to help developers find and fix vulnerabilities like memory corruption bugs and double-fetch bugs. In presenting this set of tools, security researcher Dokyung Song from UC Irvine will present a number of zero-day vulnerabilities found in WiFi drivers on two popular chipsets that were found through PeriFuzz.

DevOps Unbound Podcast

Presented At: Black Hat Briefings

PhyWhisperer: Fault Injection

PhyWhisperer is an open-source tool for performing advance triggering on USB packets in order to generate fault injection attacks. Researcher Colin O’Flynn will introduce this as part of a talk describing how he figured out to steal Bitcoins from a protected wallet using electromagnetic fault injection.

Presented At: Black Hat Briefings

Chip.Fail: IoT Fault Injection

In the same vein as O’Flynn’s work, researchers Thomas Roth and Josh Datko of Keylabs will demonstrate how they can use fault injection attacks to break some of the most popular IoT processors using less than $100 of equipment—thus opening up a big attack vector for security-sensitive prodects like bitcoin wallets, smart cars, and authentication tokens. As part of the presentation, they’ll release software and hardware tools to replicate their attacks.

Presented At: Black Hat Briefings

HTTP Desync Attacks

Black Hat attendees will see how James Kettle of PortSwigger Web Security figured out how to create desync attacks against HTTP requests that makes it possible for remote, unauthenticated attackers to break through request isolation and target big pieces of web infrastructure systems. As part of the talk he[ll introduce open source tooling to go along with the methodology, which will aid red and blue teams to carry out and thwart these kinds of attacks.

Presented At: Black Hat Briefings

PicoDMS: DMA attack platform

Researchers Joel Sandin and Ben Blaxill will present on the power of Direct Memory Attacks to recover full-disk encryption keys and other security information from memory, to bypass authentication, and to modify process memory to facilitate backdoor access. As a part of the presentation they’ll showcase PicoDMA, a stamp-sized DMA attack platform built on a PicoEVB FPGA board smaller than a laptop network card that costs just over $200. They’ll demo the project and release the software for others to build out their own devices.

Presented At: Black Hat Briefings

Monster-in-the-Middle: HTTPS interception detection tool

As part of an overview of various forms of HTTPS interception, a pair of researchers from Cloudflare—Luke Valenta and Gabriele Fisher—will demo an open source HTTPS detection tool developed by their team and lessons learned from its use.

Presented At: Black Hat Briefings

RedHunt OS: Adversary emulation and threat hunting

A tool meant to help purple team exercises, RedHunt OS has got a little bit for both attackers and defenders. For the blue side of the house it emulates adversaries and provides advanced logging and monitoring for threat hunting activities. For red teamers, it provides a way for them to understand the footprints they leave behind during their exercises, offering them clues on how to be more stealthy.

Presented At: Black Hat Arsenal

Trash Taxi: Admin access clean up

Acknowledging the hair-raising challenge that it is to root out the presence of unrestricted admin access from IT systems without breaking software dependencies and other interactions, Trash Taxi was deigned to give security pros better visibility into how this access is being used in order to terminate unnecessary access and clean up hosts.

Presented At: Black Hat Arsenal

PivotSuite: Network pivoting toolkit

A portable, platform-independent network pivoting toolkit, PivotSuite is a relatively new open source tool that will be demoed both at Black Hat and DEF CON. It’s creator, Manish Gupta, will show how it can be used by pen testers as a server or as a client to more easily move laterally across the network through the footholds they gain on endpoints and other network exposures.

Presented At: Black Hat Arsenal and DEF CON Demo Days

Kube-Hunter: Penetration testing platform for Kubernetes

In development for about a year now, Kube-Hunter is an open source platform designed to help security teams hunt down misconfigured and vulnerable Kubernetes clusters. It offers a range of passive and active hunting features so that security pros can finally get a handle on quickly mushrooming container environments.

Presented At: Black Hat Arsenal

PhanTAP: Network security analysis

Penetration testing professionals will likely want to get their hands on PhanTap, an invisible network tap that can be installed inline between a network device and corporate network. It’s a silent tool that doesn’t affect traffic, even on networks with network access control (NAC), sending information through a tunnel linked to a remote server.

Presented At: DEF CON Demo Days

EAPHammer: Wireless security assessment

Now in its third consecutive year being presented at security summer camp, EAPHammer keeps upping the ante with new features. The tool does targeted evil twin attacks against WPA2 enterprise networks, giving security teams a ready-made way to do thorough wireless assessments. It’s creator, Gabriel Ryan of SpecterOps, will present it again this year at DEF CON with a number of new functions, including new attacks against Opportunistic Wireless Encryption (OWE).

Presented At: DEF CON Demo Days

Cotopaxi: IoT protocols security testing toolkit

A new toolkit for testing internet of things (IoT) devices using a range of IoT, industrial IoT, and machine to machine protocols, Cotopaxi offers up security professionals a way to look out for security vulnerabilities and misconfigurations in their fast-evolving portfolio of IoT assets. It’s been out for a couple of months now, but its author Jakub Botwicz will present a new release that adds additional features and supported protocols.

Presented At: DEF CON Demo Days

Barq: AWS post-exploitation framework

Designed to help security pros to test their cloud architecture’s mettle, barq runs attacks against running AWS infrastructure. Penetration testers can attack EC2 instanes without needing SSH keypairs. The tool also gives users the ability to perform enumeration and extraction of stored secrets and parameters in AWS.

Presented At: Black Hat Arsenal

Let’s Map Your Network (LMNY): Network diagramming tool

You can’t protect what you don’t know, which is why network mapping and architecture diagramming is so important. Trouble is that it is often a manual, error-prone task build out an accurate picture of all the systems connected to the network. LMNY aims to make it easy to visualize a network in graphical form with zero manual errors.

Presented At: Black Hat Arsenal and DEF CON Demo Days


*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Razvan Muresan. Read the original post at:

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)