1/15/2024 0 Comments Defcon conference 2022![]() The codebase he addressed is decade+ old, and he danced all over web services and their authentication. Orange Tsai enthusiastically gave a remote, well structured, insightful explanation of his research on Microsoft’s Hash Tables and attacking them from IIS with “Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS”. Her talk turned to the challenges to “cyber-norms” that the Ukraine-related ITArmy presents and the recent incidents in Iran with 4,000 gas pumps being disabled and a severe equipment malfunction at a steel plant, suggesting these events also will likely leave an impact on the future stability of cyberspace.Īnother favorite talk came from an individual still tied up in Taiwan with Visa issues. Unfortunately, Kim didn’t provide any mention of accountability for the decision-makers behind the Colonial fiasco. Not long after, CISA re-released yet another set of security guidelines for pipeline owner/operators. She discussed how quickly Colonial paid the ransom, their lack of security preparation, and preceding audits of their “atrocious” security practices, “an eight grader could have hacked that system”. Zetter noted from a 1997 “ CRITICAL FOUNDATIONS PROTECTING AMERICA’S INFRASTRUCTURES” Report of the President’s Commission on Critical Infrastructure Protection, “The capability to do harm-particularly through information networks-is real it is growing at an alarming rate and we have little defense against it.” Keep in mind it was authored 25 years ago.įast forward to 2022 and Kim makes mention of the technical debt leading to the Colonial Pipeline ransomware fiasco that led to an overwhelming of the east coast fuel supply chain. Interestingly, OAN members were later allegedly kicked out of DEF CON, specifically from the Voting Village. ![]() Of course, these actual events have been and will be spun up into misinformation content, which is unfortunate, but the legitimate discussion must be held. She spoke about various voting count incidents and the lack of accountability in very specific incidents. Zetter highlighted the legitimate election security discussion, and said that it’s important to talk about, in spite of the consistent misappropriation and misinformation coming from high volume conspiracy groups. Introduction of serious ICS vulnerabilities impacting critical infrastructure.Politicization of security research and defense.Launched a cyber arms race and militarization of cyberspace.A reversed trend in trickle down techniques and tools, now from APT to the crimey underground.Kim listed the major changes that came about following Stuxnet: She specifically included discussion of elections infrastructure security, and cybernorm challenges in light of recent activity in Eastern Europe and the Middle East. She is the first journalist to keynote Black Hat, and she intended to speak on the changes that Stuxnet brought, and the stuff that gets ignored until it’s too late. With the parties and the CTF fun humming along, excellent briefings included Kim Zetter’s insights on “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed”. Many of the talks were great, fresh content. ![]() Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town. The DEF CON theme was a “Hacker Homecoming”, and it really was a fun one. Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |