home.social

#blackhateurope — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #blackhateurope, aggregated by home.social.

  1. New Episode 🥳
    BlackHat Europe 2025: New President Suzy Pallett on Community, Collaboration, and What Comes Next
    I had the chance to speak with Suzy Pallett as she wrapped up her first #BlackHatEurope as the brand's new President. The event saw attendance grow more than 25 percent over last year.
    Her perspective on #cybersecurity stands out. She called it "collaboration unlike any other industry I've ever been close to." In a world where knowledge is usually guarded, here it gets shared freely. Because the threats affect everyone, and defending together just makes sense.
    The keynotes this year pushed some uncomfortable questions. Is ransomware actually stoppable? Are our compliance checklists creating vulnerabilities instead of preventing them? These are the conversations that matter—not just what tool to buy, but how we think about the problems in the first place.
    And when I asked about her priorities for the year ahead, she kept coming back to the same word: community. Listening. Building a platform that belongs to the people who use it.
    Events like this remind us why this industry, for all its stress and complexity, still feels different.
    The cat-and-mouse game continues, but at least we're running together.
    Links in the comments.
    #BlackHatEurope #Cybersecurity #BlackHat2025 #ITSPmagazine #InfoSec #CyberCommunity #ThreatIntelligence #SuzyPallett #SecurityEvents #OnLocation #infosecurity
    Sean Martin, CISSP Studio C60 / ITSPmagazine
    Episode Links:
    Podcast: itspmagazine.simplecast.com/ep
    YouTube: youtu.be/nTZSaurWv_M
    On Location Coverage: itspmagazine.com/technology-an
    Article: itspmagazine.com/cybersecurity

  2. New Episode 🥳
    BlackHat Europe 2025: New President Suzy Pallett on Community, Collaboration, and What Comes Next
    I had the chance to speak with Suzy Pallett as she wrapped up her first #BlackHatEurope as the brand's new President. The event saw attendance grow more than 25 percent over last year.
    Her perspective on #cybersecurity stands out. She called it "collaboration unlike any other industry I've ever been close to." In a world where knowledge is usually guarded, here it gets shared freely. Because the threats affect everyone, and defending together just makes sense.
    The keynotes this year pushed some uncomfortable questions. Is ransomware actually stoppable? Are our compliance checklists creating vulnerabilities instead of preventing them? These are the conversations that matter—not just what tool to buy, but how we think about the problems in the first place.
    And when I asked about her priorities for the year ahead, she kept coming back to the same word: community. Listening. Building a platform that belongs to the people who use it.
    Events like this remind us why this industry, for all its stress and complexity, still feels different.
    The cat-and-mouse game continues, but at least we're running together.
    Links in the comments.
    #BlackHatEurope #Cybersecurity #BlackHat2025 #ITSPmagazine #InfoSec #CyberCommunity #ThreatIntelligence #SuzyPallett #SecurityEvents #OnLocation #infosecurity
    Sean Martin, CISSP Studio C60 / ITSPmagazine
    Episode Links:
    Podcast: itspmagazine.simplecast.com/ep
    YouTube: youtu.be/nTZSaurWv_M
    On Location Coverage: itspmagazine.com/technology-an
    Article: itspmagazine.com/cybersecurity

  3. New Episode 🥳
    BlackHat Europe 2025: New President Suzy Pallett on Community, Collaboration, and What Comes Next
    I had the chance to speak with Suzy Pallett as she wrapped up her first #BlackHatEurope as the brand's new President. The event saw attendance grow more than 25 percent over last year.
    Her perspective on #cybersecurity stands out. She called it "collaboration unlike any other industry I've ever been close to." In a world where knowledge is usually guarded, here it gets shared freely. Because the threats affect everyone, and defending together just makes sense.
    The keynotes this year pushed some uncomfortable questions. Is ransomware actually stoppable? Are our compliance checklists creating vulnerabilities instead of preventing them? These are the conversations that matter—not just what tool to buy, but how we think about the problems in the first place.
    And when I asked about her priorities for the year ahead, she kept coming back to the same word: community. Listening. Building a platform that belongs to the people who use it.
    Events like this remind us why this industry, for all its stress and complexity, still feels different.
    The cat-and-mouse game continues, but at least we're running together.
    Links in the comments.
    #BlackHatEurope #Cybersecurity #BlackHat2025 #ITSPmagazine #InfoSec #CyberCommunity #ThreatIntelligence #SuzyPallett #SecurityEvents #OnLocation #infosecurity
    Sean Martin, CISSP Studio C60 / ITSPmagazine
    Episode Links:
    Podcast: itspmagazine.simplecast.com/ep
    YouTube: youtu.be/nTZSaurWv_M
    On Location Coverage: itspmagazine.com/technology-an
    Article: itspmagazine.com/cybersecurity

  4. New Episode 🥳
    BlackHat Europe 2025: New President Suzy Pallett on Community, Collaboration, and What Comes Next
    I had the chance to speak with Suzy Pallett as she wrapped up her first #BlackHatEurope as the brand's new President. The event saw attendance grow more than 25 percent over last year.
    Her perspective on #cybersecurity stands out. She called it "collaboration unlike any other industry I've ever been close to." In a world where knowledge is usually guarded, here it gets shared freely. Because the threats affect everyone, and defending together just makes sense.
    The keynotes this year pushed some uncomfortable questions. Is ransomware actually stoppable? Are our compliance checklists creating vulnerabilities instead of preventing them? These are the conversations that matter—not just what tool to buy, but how we think about the problems in the first place.
    And when I asked about her priorities for the year ahead, she kept coming back to the same word: community. Listening. Building a platform that belongs to the people who use it.
    Events like this remind us why this industry, for all its stress and complexity, still feels different.
    The cat-and-mouse game continues, but at least we're running together.
    Links in the comments.
    #BlackHatEurope #Cybersecurity #BlackHat2025 #ITSPmagazine #InfoSec #CyberCommunity #ThreatIntelligence #SuzyPallett #SecurityEvents #OnLocation #infosecurity
    Sean Martin, CISSP Studio C60 / ITSPmagazine
    Episode Links:
    Podcast: itspmagazine.simplecast.com/ep
    YouTube: youtu.be/nTZSaurWv_M
    On Location Coverage: itspmagazine.com/technology-an
    Article: itspmagazine.com/cybersecurity

  5. New Episode 🥳
    BlackHat Europe 2025: New President Suzy Pallett on Community, Collaboration, and What Comes Next
    I had the chance to speak with Suzy Pallett as she wrapped up her first #BlackHatEurope as the brand's new President. The event saw attendance grow more than 25 percent over last year.
    Her perspective on #cybersecurity stands out. She called it "collaboration unlike any other industry I've ever been close to." In a world where knowledge is usually guarded, here it gets shared freely. Because the threats affect everyone, and defending together just makes sense.
    The keynotes this year pushed some uncomfortable questions. Is ransomware actually stoppable? Are our compliance checklists creating vulnerabilities instead of preventing them? These are the conversations that matter—not just what tool to buy, but how we think about the problems in the first place.
    And when I asked about her priorities for the year ahead, she kept coming back to the same word: community. Listening. Building a platform that belongs to the people who use it.
    Events like this remind us why this industry, for all its stress and complexity, still feels different.
    The cat-and-mouse game continues, but at least we're running together.
    Links in the comments.
    #BlackHatEurope #Cybersecurity #BlackHat2025 #ITSPmagazine #InfoSec #CyberCommunity #ThreatIntelligence #SuzyPallett #SecurityEvents #OnLocation #infosecurity
    Sean Martin, CISSP Studio C60 / ITSPmagazine
    Episode Links:
    Podcast: itspmagazine.simplecast.com/ep
    YouTube: youtu.be/nTZSaurWv_M
    On Location Coverage: itspmagazine.com/technology-an
    Article: itspmagazine.com/cybersecurity

  6. Anyone at #BlackHatEurope today, if you are tired of all of the AI nonsense and want to talk about #CHERIoT, we are in the business hall in the corner next to Theatre A. Come and say hello!

  7. Anyone at #BlackHatEurope today, if you are tired of all of the AI nonsense and want to talk about #CHERIoT, we are in the business hall in the corner next to Theatre A. Come and say hello!

  8. Anyone at #BlackHatEurope today, if you are tired of all of the AI nonsense and want to talk about #CHERIoT, we are in the business hall in the corner next to Theatre A. Come and say hello!

  9. Anyone at #BlackHatEurope today, if you are tired of all of the AI nonsense and want to talk about #CHERIoT, we are in the business hall in the corner next to Theatre A. Come and say hello!

  10. Anyone at #BlackHatEurope today, if you are tired of all of the AI nonsense and want to talk about #CHERIoT, we are in the business hall in the corner next to Theatre A. Come and say hello!

  11. 🛡️ Heading to Black Hat Europe 2025 in London!
    We’ll be showcasing how RELIANOID boosts resilience and Zero Trust with high-performance ADCs and intelligent proxy tech.
    See you at the ExCeL!


    relianoid.com/about-us/events/

  12. Next week I'll be the emcee for the AI Security Summit at Black Hat Europe. I'll also be delivering the final keynote of the event. My topic is Highly Vulnerable, but Feeling Great. What will be "great" is seeing everyone soon! #BlackHatEurope #AI #Security

    blackhat.com/eu-25/ai-summit.h

  13. Next week I'll be the emcee for the AI Security Summit at Black Hat Europe. I'll also be delivering the final keynote of the event. My topic is Highly Vulnerable, but Feeling Great. What will be "great" is seeing everyone soon! #BlackHatEurope #AI #Security

    blackhat.com/eu-25/ai-summit.h

  14. Next week I'll be the emcee for the AI Security Summit at Black Hat Europe. I'll also be delivering the final keynote of the event. My topic is Highly Vulnerable, but Feeling Great. What will be "great" is seeing everyone soon! #BlackHatEurope #AI #Security

    blackhat.com/eu-25/ai-summit.h

  15. Next week I'll be the emcee for the AI Security Summit at Black Hat Europe. I'll also be delivering the final keynote of the event. My topic is Highly Vulnerable, but Feeling Great. What will be "great" is seeing everyone soon! #BlackHatEurope #AI #Security

    blackhat.com/eu-25/ai-summit.h

  16. Next week I'll be the emcee for the AI Security Summit at Black Hat Europe. I'll also be delivering the final keynote of the event. My topic is Highly Vulnerable, but Feeling Great. What will be "great" is seeing everyone soon! #BlackHatEurope #AI #Security

    blackhat.com/eu-25/ai-summit.h

  17. 🎙️ New Nexus Podcast: Claroty #Team82 researchers Noam Moshe and Tomer Goldschmidt, fresh off a presentation at #BlackHatEurope on the subject, provide their perspective on the security vulnerabilities plaguing #IoT clouds and why attackers and defenders should be locking down device authentication and other avenues exposing clouds to attack. 🎧 Listen to the full episode: nexusconnect.io/podcasts/nexus

  18. Snapshots from #BlackHatEurope!
    Spent the week giving our 2-day training to a largely diverse class, strolling around London, celebrating a birthday (thanks to @OSINTgeek who is the best work buddy you can have), and attending the conference!
    You can say it was a real FULL week.

  19. Snapshots from #BlackHatEurope!
    Spent the week giving our 2-day training to a largely diverse class, strolling around London, celebrating a birthday (thanks to @OSINTgeek who is the best work buddy you can have), and attending the conference!
    You can say it was a real FULL week.

  20. Snapshots from #BlackHatEurope!
    Spent the week giving our 2-day training to a largely diverse class, strolling around London, celebrating a birthday (thanks to @OSINTgeek who is the best work buddy you can have), and attending the conference!
    You can say it was a real FULL week.

  21. Snapshots from #BlackHatEurope!
    Spent the week giving our 2-day training to a largely diverse class, strolling around London, celebrating a birthday (thanks to @OSINTgeek who is the best work buddy you can have), and attending the conference!
    You can say it was a real FULL week.

  22. Snapshots from #BlackHatEurope!
    Spent the week giving our 2-day training to a largely diverse class, strolling around London, celebrating a birthday (thanks to @OSINTgeek who is the best work buddy you can have), and attending the conference!
    You can say it was a real FULL week.

  23. 🔬 New from #Team82: Read more about the research accompanying their #BlackHatEurope presentation on the insecure #IoT ☁️ cloud. Ten vulnerabilities were uncovered in Ruijie Networks devices—many of them related to poor device authentication. All 10 have been fixed by the vendor. claroty.com/team82/research/th

  24. Looking forward to seeing everyone at #BlackHatEurope tomorrow in London!

  25. Looking forward to seeing everyone at #BlackHatEurope tomorrow in London!

  26. Looking forward to seeing everyone at #BlackHatEurope tomorrow in London!

  27. Looking forward to seeing everyone at #BlackHatEurope tomorrow in London!

  28. Looking forward to seeing everyone at #BlackHatEurope tomorrow in London!

  29. 🔒 RELIANOID at Black Hat Europe 2024

    We’re heading to London Dec 9–12 for cutting-edge cybersecurity insights, hands-on training, and networking.

    Join us at the Business Hall or Arsenal to explore the future of InfoSec. Let’s connect!

    relianoid.com/about-us/events/

  30. Thank you once again to BlackHat for choosing Palo Alto Networks to provide network security, as well as a growing security automation and orchestration capability, for the operations centres of the conferences this year in Singapore, Las Vegas and London ♥

    We've just finished the Europe conference in London, and it was awesome to see everyone again, build an entire security-focused network in just over a day, have a small diversion to the cloud, and follow up with a smooth operation for the week. It was also great to see familiar faces, make new friends, and collaborate with other vendors.

    Thank you Jessica Stafford, Neil R. Wyler, Bart Stump, Steve Fink, ᴘᴏᴘᴇ and Mike Spicer for all your leadership and guidance through the event.

    High fives to Jessica Bair Oppenheimer, Jonathan Smith, Dustin Lee and Dave Glover for all the cross-vendor collaboration with your teams. And thanks to Nathan Lilke for all your patience, and well done for surviving a mad week of logistics!

    And of course, thanks so much to the amazing folks representing Palo Alto Networks in London, great job team! Ayman Mahmoud, Stamatis Lykourinos, Matthew McKnight, Ciarán McHale, Drew Masters and Alex Hinchliffe

    #blackhateurope #blackhat #opsforlife #ItsAlwaysDNS

  31. Thank you once again to BlackHat for choosing Palo Alto Networks to provide network security, as well as a growing security automation and orchestration capability, for the operations centres of the conferences this year in Singapore, Las Vegas and London ♥

    We've just finished the Europe conference in London, and it was awesome to see everyone again, build an entire security-focused network in just over a day, have a small diversion to the cloud, and follow up with a smooth operation for the week. It was also great to see familiar faces, make new friends, and collaborate with other vendors.

    Thank you Jessica Stafford, Neil R. Wyler, Bart Stump, Steve Fink, ᴘᴏᴘᴇ and Mike Spicer for all your leadership and guidance through the event.

    High fives to Jessica Bair Oppenheimer, Jonathan Smith, Dustin Lee and Dave Glover for all the cross-vendor collaboration with your teams. And thanks to Nathan Lilke for all your patience, and well done for surviving a mad week of logistics!

    And of course, thanks so much to the amazing folks representing Palo Alto Networks in London, great job team! Ayman Mahmoud, Stamatis Lykourinos, Matthew McKnight, Ciarán McHale, Drew Masters and Alex Hinchliffe

    #blackhateurope #blackhat #opsforlife #ItsAlwaysDNS

  32. Thank you once again to BlackHat for choosing Palo Alto Networks to provide network security, as well as a growing security automation and orchestration capability, for the operations centres of the conferences this year in Singapore, Las Vegas and London ♥

    We've just finished the Europe conference in London, and it was awesome to see everyone again, build an entire security-focused network in just over a day, have a small diversion to the cloud, and follow up with a smooth operation for the week. It was also great to see familiar faces, make new friends, and collaborate with other vendors.

    Thank you Jessica Stafford, Neil R. Wyler, Bart Stump, Steve Fink, ᴘᴏᴘᴇ and Mike Spicer for all your leadership and guidance through the event.

    High fives to Jessica Bair Oppenheimer, Jonathan Smith, Dustin Lee and Dave Glover for all the cross-vendor collaboration with your teams. And thanks to Nathan Lilke for all your patience, and well done for surviving a mad week of logistics!

    And of course, thanks so much to the amazing folks representing Palo Alto Networks in London, great job team! Ayman Mahmoud, Stamatis Lykourinos, Matthew McKnight, Ciarán McHale, Drew Masters and Alex Hinchliffe

    #blackhateurope #blackhat #opsforlife #ItsAlwaysDNS

  33. Thank you once again to BlackHat for choosing Palo Alto Networks to provide network security, as well as a growing security automation and orchestration capability, for the operations centres of the conferences this year in Singapore, Las Vegas and London ♥

    We've just finished the Europe conference in London, and it was awesome to see everyone again, build an entire security-focused network in just over a day, have a small diversion to the cloud, and follow up with a smooth operation for the week. It was also great to see familiar faces, make new friends, and collaborate with other vendors.

    Thank you Jessica Stafford, Neil R. Wyler, Bart Stump, Steve Fink, ᴘᴏᴘᴇ and Mike Spicer for all your leadership and guidance through the event.

    High fives to Jessica Bair Oppenheimer, Jonathan Smith, Dustin Lee and Dave Glover for all the cross-vendor collaboration with your teams. And thanks to Nathan Lilke for all your patience, and well done for surviving a mad week of logistics!

    And of course, thanks so much to the amazing folks representing Palo Alto Networks in London, great job team! Ayman Mahmoud, Stamatis Lykourinos, Matthew McKnight, Ciarán McHale, Drew Masters and Alex Hinchliffe

    #blackhateurope #blackhat #opsforlife #ItsAlwaysDNS

  34. These were my favorite talks at Blackhat Europe and their associated tools and articles.

    Daniel Thatcher's talk 'New Techniques for Split-Second DNS Rebinding':
    In this talk Daniel spoke about how he was able to use DNS-rebinding to exploit headless browsers into disclosing internal info/ec2 metadata.
    - Bog post: intruder.io/research/we-hacked
    - Blog post: intruder.io/research/split-sec

    Brett Hawkins's talk 'Hiding in the Clouds:
    Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules': This was a great talk about taking advantage of Azure DevOps Services including reconnaissance, initial access, and persistence.
    - Associated whitepaper: ibm.com/downloads/cas/5JKAPVYD
    - Github page: github.com/xforcered/ADOKit

    Alon Leviev's talk 'The Pool Party You Will Never Forget:
    New Process Injection Techniques Using Windows Thread Pools': In this talk Alon introduces a process injection technique using Windows Thread Pools that he claims is not currently detected by any modern EDRs. Really impressive talk and I'm excited to give the technique a try.
    - Blog post: safebreach.com/blog/process-in
    - github.com/SafeBreach-Labs/Poo

    Edward P.'s talk 'Breaching the Perimeter via Cloud Synchronized Browser Settings':
    This talk has some really great techniques and ideas to take advantage of Browser's that let you sync via the cloud. It's one of those talks that you watch and ask yourself why didn't you think of that. I've definitely been in situations where I have valid creds and no way in where this would have been useful.
    - github.com/jankhjankh/Syncy

    Ori David's talk 'Off The Record - Weaponizing DHCP DNS Dynamic Updates':
    This was the MVP talk of the conference for me and I think his findings are going to be a big deal. Ori details how an unauthenticated user can overwrite any DNS record in a domain where Microsoft DHCP servers are being used.
    - Blog post: akamai.com/blog/security-resea
    - GitHub page: github.com/akamai/Invoke-DHCPC

    #BlackHatEurope #blackhat #hacking #pentesting #redteam

  35. These were my favorite talks at Blackhat Europe and their associated tools and articles.

    Daniel Thatcher's talk 'New Techniques for Split-Second DNS Rebinding':
    In this talk Daniel spoke about how he was able to use DNS-rebinding to exploit headless browsers into disclosing internal info/ec2 metadata.
    - Bog post: intruder.io/research/we-hacked
    - Blog post: intruder.io/research/split-sec

    Brett Hawkins's talk 'Hiding in the Clouds:
    Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules': This was a great talk about taking advantage of Azure DevOps Services including reconnaissance, initial access, and persistence.
    - Associated whitepaper: ibm.com/downloads/cas/5JKAPVYD
    - Github page: github.com/xforcered/ADOKit

    Alon Leviev's talk 'The Pool Party You Will Never Forget:
    New Process Injection Techniques Using Windows Thread Pools': In this talk Alon introduces a process injection technique using Windows Thread Pools that he claims is not currently detected by any modern EDRs. Really impressive talk and I'm excited to give the technique a try.
    - Blog post: safebreach.com/blog/process-in
    - github.com/SafeBreach-Labs/Poo

    Edward P.'s talk 'Breaching the Perimeter via Cloud Synchronized Browser Settings':
    This talk has some really great techniques and ideas to take advantage of Browser's that let you sync via the cloud. It's one of those talks that you watch and ask yourself why didn't you think of that. I've definitely been in situations where I have valid creds and no way in where this would have been useful.
    - github.com/jankhjankh/Syncy

    Ori David's talk 'Off The Record - Weaponizing DHCP DNS Dynamic Updates':
    This was the MVP talk of the conference for me and I think his findings are going to be a big deal. Ori details how an unauthenticated user can overwrite any DNS record in a domain where Microsoft DHCP servers are being used.
    - Blog post: akamai.com/blog/security-resea
    - GitHub page: github.com/akamai/Invoke-DHCPC

    #BlackHatEurope #blackhat #hacking #pentesting #redteam

  36. These were my favorite talks at Blackhat Europe and their associated tools and articles.

    Daniel Thatcher's talk 'New Techniques for Split-Second DNS Rebinding':
    In this talk Daniel spoke about how he was able to use DNS-rebinding to exploit headless browsers into disclosing internal info/ec2 metadata.
    - Bog post: intruder.io/research/we-hacked
    - Blog post: intruder.io/research/split-sec

    Brett Hawkins's talk 'Hiding in the Clouds:
    Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules': This was a great talk about taking advantage of Azure DevOps Services including reconnaissance, initial access, and persistence.
    - Associated whitepaper: ibm.com/downloads/cas/5JKAPVYD
    - Github page: github.com/xforcered/ADOKit

    Alon Leviev's talk 'The Pool Party You Will Never Forget:
    New Process Injection Techniques Using Windows Thread Pools': In this talk Alon introduces a process injection technique using Windows Thread Pools that he claims is not currently detected by any modern EDRs. Really impressive talk and I'm excited to give the technique a try.
    - Blog post: safebreach.com/blog/process-in
    - github.com/SafeBreach-Labs/Poo

    Edward P.'s talk 'Breaching the Perimeter via Cloud Synchronized Browser Settings':
    This talk has some really great techniques and ideas to take advantage of Browser's that let you sync via the cloud. It's one of those talks that you watch and ask yourself why didn't you think of that. I've definitely been in situations where I have valid creds and no way in where this would have been useful.
    - github.com/jankhjankh/Syncy

    Ori David's talk 'Off The Record - Weaponizing DHCP DNS Dynamic Updates':
    This was the MVP talk of the conference for me and I think his findings are going to be a big deal. Ori details how an unauthenticated user can overwrite any DNS record in a domain where Microsoft DHCP servers are being used.
    - Blog post: akamai.com/blog/security-resea
    - GitHub page: github.com/akamai/Invoke-DHCPC

    #BlackHatEurope #blackhat #hacking #pentesting #redteam

  37. These were my favorite talks at Blackhat Europe and their associated tools and articles.

    Daniel Thatcher's talk 'New Techniques for Split-Second DNS Rebinding':
    In this talk Daniel spoke about how he was able to use DNS-rebinding to exploit headless browsers into disclosing internal info/ec2 metadata.
    - Bog post: intruder.io/research/we-hacked
    - Blog post: intruder.io/research/split-sec

    Brett Hawkins's talk 'Hiding in the Clouds:
    Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules': This was a great talk about taking advantage of Azure DevOps Services including reconnaissance, initial access, and persistence.
    - Associated whitepaper: ibm.com/downloads/cas/5JKAPVYD
    - Github page: github.com/xforcered/ADOKit

    Alon Leviev's talk 'The Pool Party You Will Never Forget:
    New Process Injection Techniques Using Windows Thread Pools': In this talk Alon introduces a process injection technique using Windows Thread Pools that he claims is not currently detected by any modern EDRs. Really impressive talk and I'm excited to give the technique a try.
    - Blog post: safebreach.com/blog/process-in
    - github.com/SafeBreach-Labs/Poo

    Edward P.'s talk 'Breaching the Perimeter via Cloud Synchronized Browser Settings':
    This talk has some really great techniques and ideas to take advantage of Browser's that let you sync via the cloud. It's one of those talks that you watch and ask yourself why didn't you think of that. I've definitely been in situations where I have valid creds and no way in where this would have been useful.
    - github.com/jankhjankh/Syncy

    Ori David's talk 'Off The Record - Weaponizing DHCP DNS Dynamic Updates':
    This was the MVP talk of the conference for me and I think his findings are going to be a big deal. Ori details how an unauthenticated user can overwrite any DNS record in a domain where Microsoft DHCP servers are being used.
    - Blog post: akamai.com/blog/security-resea
    - GitHub page: github.com/akamai/Invoke-DHCPC

    #BlackHatEurope #blackhat #hacking #pentesting #redteam

  38. These were my favorite talks at Blackhat Europe and their associated tools and articles.

    Daniel Thatcher's talk 'New Techniques for Split-Second DNS Rebinding':
    In this talk Daniel spoke about how he was able to use DNS-rebinding to exploit headless browsers into disclosing internal info/ec2 metadata.
    - Bog post: intruder.io/research/we-hacked
    - Blog post: intruder.io/research/split-sec

    Brett Hawkins's talk 'Hiding in the Clouds:
    Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules': This was a great talk about taking advantage of Azure DevOps Services including reconnaissance, initial access, and persistence.
    - Associated whitepaper: ibm.com/downloads/cas/5JKAPVYD
    - Github page: github.com/xforcered/ADOKit

    Alon Leviev's talk 'The Pool Party You Will Never Forget:
    New Process Injection Techniques Using Windows Thread Pools': In this talk Alon introduces a process injection technique using Windows Thread Pools that he claims is not currently detected by any modern EDRs. Really impressive talk and I'm excited to give the technique a try.
    - Blog post: safebreach.com/blog/process-in
    - github.com/SafeBreach-Labs/Poo

    Edward P.'s talk 'Breaching the Perimeter via Cloud Synchronized Browser Settings':
    This talk has some really great techniques and ideas to take advantage of Browser's that let you sync via the cloud. It's one of those talks that you watch and ask yourself why didn't you think of that. I've definitely been in situations where I have valid creds and no way in where this would have been useful.
    - github.com/jankhjankh/Syncy

    Ori David's talk 'Off The Record - Weaponizing DHCP DNS Dynamic Updates':
    This was the MVP talk of the conference for me and I think his findings are going to be a big deal. Ori details how an unauthenticated user can overwrite any DNS record in a domain where Microsoft DHCP servers are being used.
    - Blog post: akamai.com/blog/security-resea
    - GitHub page: github.com/akamai/Invoke-DHCPC

    #BlackHatEurope #blackhat #hacking #pentesting #redteam

  39. This Blackhat hacker conference has everything: cyber wizards in hoodies, binary-coded dance-offs, encrypted swag bags, and a secret handshake that's just a series of complex keyboard shortcuts. Need a break? Head to the WiFi lounge, where the passwords are whispered by a robotic parrot. And don't miss the keynote speaker – it's a holographic representation of the ghost of Alan Turing giving cybersecurity tips from beyond the binary! It's the hottest event for hackers, crackers, and even a few cybernetic ferrets. At least that's what my friend Stefon said.

    #BlackHatEurope #blackhat

  40. This Blackhat hacker conference has everything: cyber wizards in hoodies, binary-coded dance-offs, encrypted swag bags, and a secret handshake that's just a series of complex keyboard shortcuts. Need a break? Head to the WiFi lounge, where the passwords are whispered by a robotic parrot. And don't miss the keynote speaker – it's a holographic representation of the ghost of Alan Turing giving cybersecurity tips from beyond the binary! It's the hottest event for hackers, crackers, and even a few cybernetic ferrets. At least that's what my friend Stefon said.

    #BlackHatEurope #blackhat

  41. This Blackhat hacker conference has everything: cyber wizards in hoodies, binary-coded dance-offs, encrypted swag bags, and a secret handshake that's just a series of complex keyboard shortcuts. Need a break? Head to the WiFi lounge, where the passwords are whispered by a robotic parrot. And don't miss the keynote speaker – it's a holographic representation of the ghost of Alan Turing giving cybersecurity tips from beyond the binary! It's the hottest event for hackers, crackers, and even a few cybernetic ferrets. At least that's what my friend Stefon said.

    #BlackHatEurope #blackhat