SensePost, the ethical hacking team within Orange Cyberdefense, has been attending Black Hat for almost two decades now. As one of the world’s leading information security events, Black Hat is an important platform for us to share our latest research and insights with the wider security community, in a bid to present a more equipped, informed and united front against the cybercriminal underground. It’s a chance for us to network with peers, partners and suppliers, and tackle the major challenges that today’s cyber defenders are facing in an increasingly digital world.

But 2020 kicked off in very unpredictable fashion; the global health pandemic the world continues to fight on a daily basis dashed any hopes for hosting events in a physical format for the unforeseeable future. So, we were unsure as to whether the 23^rd installment of Black Hat would actually take place this year. Thankfully, the event’s going entirely virtual. And SensePost will be virtually there in force.

At last year’s Black Hat USA conference, which attracted 20,000 delegates, we presented research on mobile hacking, wi-fi networks and password theft. At this year’s ‘Summer Camp’ for security industry professionals, we’ll have a number of new presentations, delivered by our expert analysts and researchers, covering a range of topics.

Two SensePost analysts – Szymon Ziolkowski and Tyron Kemp – are first up representing Orange Cyberdefense on the Black Hat USA virtual stage. On Thursday 6^th August, our analysts will give a 40-minute briefing on an often-overlooked area of network security – routing and redundancy protocols used between routing endpoints. Entitled ‘Routopsy: Modern Routing Protocol Vulnerability Analysis and Exploitation’, the presentation will dive into Dynamic Routing Protocols and First Hop Redundancy Protocols, which are poorly understood by infosec attackers and defenders alike. The research will highlight several common misconfigurations of these protocols on networks, and how these can be used for Person-in-the-Middle attacks and network discovery.

New and exclusive research will also be released during the talk, looking at how these protocols and their weaknesses can be exploited, including insight into how defenders can test their networks for such vulnerabilities.

Charl van der Walt, Global Head of Security Research at Orange Cyberdefense and Wicus Ross, Senior Security Researcher at Orange Cyberdefense also take to the virtual stage on Thursday 6^th August, to discuss something that many IT departments globally might have been debating as workforces have become remote over the past four months – VPNs. Entitled ‘Virtually Private Networks’. (Virtually good enough), the presentation will explore the history of commercial virtual private networks (VPNs), and how enterprise VPN solutions today have now become complicated and nuanced. Charl and Wicus will present research into the efficacy of modern commercial and open source VPN solutions in the face of modern mobile worker use cases, typical endpoint technologies, and contemporary threat models. How vulnerable are users when connecting to VPNs via complimentary Internet hotspots? What are the ‘loopholes’ in the technology that hackers can take advantage of? Are VPNs enough?

Our research teams have been on the frontlines of cybersecurity for over 20 years. Their insight and knowledge, fueled by an obsession with security, is unparalleled in the industry. The ability to present our deep thinking, technical research and bright ideas is what gives the team purpose – arming today’s and tomorrow’s cyber-defenders with the confidence, tools and tactics to protect their organisations, employees and data. We’re excited to be participating in yet another Black Hat event, and we can’t wait to hear your thoughts on the research we present.

You can find out more about the presentations we’re offering at the Black Hat USA website. Join our sessions if you can (all times in Pacific Time).

And if those two briefings weren’t enough, our SensePost team will also be delivering a number of technical training sessions throughout the virtual conference that you won’t want to miss:

• Unplugged: Modern Wi-Fi Hacking. Learning modern wi-fi hacking can be a pain. But it doesn’t need to be, with our highly practical training session on how to understand and compromise wi-fi networks. We’ll teach you concepts taught through theory, delivered while your hands are on the keyboard.

• Extended Introduction to Hacking – Beginner Level. A four-day course combining our hands-on hacking fundamentals and enterprise infrastructure hacking course into one extended course, intended to take you from a beginner to intermediate penetration tester. We’ll cover everything from understanding the hacking mindset, through to hacking infrastructure over the internet, hacking web applications, and so much more.

• Hands-on Hacking Fundamentals – Beginner Level. Another hands-on course for anyone wanting to start their hacking or penetration testing career. This session is designed for defenders, developers or administrators looking to better understand how attacks and attackers work, in order to better defend their own systems. No hacking experience is required. Just bring your enthusiasm!

• Enterprise Infrastructure Hacking – Journeyman Level. As a follow on from our Hands-On Hacking Fundamentals course, this course is all about compromising companies through their infrastructure. It will take you on a journey from learning about an organisation, right through to stealthy exploitation of their critical infrastructure. Aimed at beginner penetration testers or those wanting to understand how to go about compromising their organisation to better defend it.

Our courses are the result of our 20 years of experience training at Black Hat and are aimed at advancing your ability through unparalleled practical, theoretical and case study-driven learning. Sign up now while there are still slots available!

We’re excited to be participating in yet another Black Hat event, and we can’t wait to hear your thoughts on the research we’re presenting and training we’re providing. Looking forward to meeting you all (virtually) there!