Threat Stack Quick Guide to Black Hat USA 2018

Booth #2316 | August 8 – 9 | Las Vegas, NV

Are you attending Black Hat this August? Threat Stack is, and we’d love to see you there!

With so many fascinating events going, we thought it would be helpful to create a Quick Guide to help you get the most out of your visit to Black Hat USA 2018.

If you can’t meet us there (we’ll miss you!), you can keep up with the latest happenings inside and beyond the exhibition floor through our blog and social media (follow @threatstack on Twitter).

Drop by Threat Stack’s Booth (#2316)

Be sure to swing by Booth #2316 to learn how you can Secure the Strange Things Happening in Your Cloud (you might even be able to snag an awesome T-shirt) and see two attack simulations that walk through both external and insider threats targeting your cloud. These might just might make you more scared than Barb.

So rather than let your total obliviousness blow your mind, benchmark your organization’s security maturity with our Cloud SecOps Maturity Assessment. When you do the assessment, you’ll automatically have a chance to win a Nintendo Switch!

Hang Out With Us!

After you visit Booth #2316 to find out more about Threat Stack and what makes us unique, come hang out with us! We’re co-hosting the best party at Black Hat along with Zerofox on August 8 at the Skyfall Lounge on top of the Delano hotel. RSVP now and you’ll be entered to win a Raspberry Pi loaded with over 200 classic video games!

Threat Stack Session Recommendations

Of course there’s a huge amount to see and do at Black Hat USA 2018, with hundreds of breakout sessions, trainings, boot camps, and workshops, and the other week we published a comprehensive overview of activities you can choose from (see the Early Guide to Black Hat 2018). Today we want to take you off the beaten path a little bit to draw your attention to a few of the more interesting sessions that we’re particularly excited about:

MQTT-PWN: Your IoT Swiss-Army Knife

ARSENAL | MQTT-PWN: Your IoT Swiss-Army Knife – Aug 8, 10:00 A.M.

MQTT (Message Queuing Telemetry Transport) is already used by millions of IoT devices around the world, so why wouldn’t you want to learn more about it and its capabilities? This machine-to-machine connectivity protocol combines enumeration, supportive functions, and exploitation modules while packing it all within a command-line-interface with an easy-to-use and extensible shell-like environment. During the session there will be a live demo of multiple scenarios of attack using this all-in-one tool. You don’t want to miss it!

BLEMystique: Affordable Custom BLE Target

ARSENAL | BLEMystique: Affordable Custom BLE Target – Aug 9, 2:30 P.M.

Come learn more about this awesome and affordable ESP32-based, custom BLE target that can be configured to act like other BLE devices like a smartwatch, smartband, or heart rate monitor. BLEMystique allows pentesters to play around with the BLE side of different smart devices with one single chip. Sounds cool right? We certainly can’t wait to learn more.

CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)

ARSENAL | CyBot: Open-Source Threat Intelligence Chat Bot – Aug 8, 11:30 A.M.

Chatbots are like a useful friend, but it seems as though organizations are wanting more and more to design their own chatbots and keep them internal. CyBot is working to counter this trend by creating a repeatable process using a completely free open source framework to open up the world of threat intelligence chatbots to everyone everywhere.

Deep Exploit

ARSENAL | Deep Exploit – Aug 9, 1:00 P.M.

Automation is the way to go these days, and DeepExploit, a fully automated penetration tool that’s linked with Metasploit, does just that. The cool thing about this tool is that it involves self-learning, which means that it doesn’t need a human to prepare any learning data. That sounds awesome — yet kinda creepy — but also very tech-forward, and we are excited to learn more about it.

Other Can’t-Miss Happenings at Black Hat

In addition to informative keynote and breakout sessions, there are a ton of hands-on opportunities scattered throughout the week. You can see the full agenda here. Some of the ones we are looking forward to include:

Applied Self-Driving Car Security

SOUTH SEAS ABE | Applied Self Driving Car Security – Aug 9, 12:10 P.M.

Who isn’t curious about the future of the self-driving car? But it’s important to think about the security risks and vulnerabilities as well as the freedom and advancements it brings. Researchers Charlie Miller and Chris Valasek will discuss how self-driving cars work, how they might be attacked, and ultimately, how they can be properly and tightly secured.

Creating Digital Resilience in the Midst of Chaos

SOUTH PACIFIC IJ, NORTH HALL | Creating Digital Resilience in the Midst of Chaos – Aug 8, 10:00 A.M.

Now that we have fully transformed into a digital society (apart from those living “off the grid”), it’s important to talk about things like personal data breaches, crypto mining attacks, and ransomware attacks. How can we bounce back from these types of events, and more importantly, how can they be prevented? Nobody likes dealing with these events, so let’s try to stop them.

Don’t @ Me: Hunting Twitter Bots at Scale

JASMINE BALLROOM | Don’t @ Me: Hunting Twitter Bost at Scale – Aug 8, 2:40 P.M.

Twitter has become one of the world’s largest outlets for news and current events (Kinda weird right? But we get it.) and with that comes a lot of spam, malware, and bots. These things are especially harmful when your organization spans the state, country, or even the globe. This talk will explore the economy surrounding Twitter bots and demonstrate a three-step methodology to track them down. What do ya say — you in?

Final Words . . .

Well, we do hope to see you in Las Vegas so we can make some new friends and connections, but we understand that not everyone can make the journey. That’s why you should also connect with us on social media (follow @threatstack on Twitter), and check our blog for day-of happenings as well as post-party highlights.