Securing Black Hat From Black Hat


My good buddy Aamir Lakhani arrived days before everybody else for the Blackhat conference to help setup the network for attendees. He was interviewed by and spoke about his experience standing up and securing a network for security professionals as well as potential hackers. The original post can be found HERE.

‘Dr. Chaos’ shares the inside scoop on the challenges and rewards of protecting one of the ‘most hostile networks on the planet.’

BLACK HAT USA — Las Vegas — Securing Black Hat from Black Hat sounds like a great tagline, but it’s something volunteers at the Black Hat Network Operations Center (NOC) took very seriously last week when we were tasked to help secure one of the most hostile networks on the planet.    Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Hackers Remotely Kill a Jeep on the Highway— Uconnect Vulnerability


The good people at Wired released a eye opening video about how hackers have figured out how to abuse a vulnerability in many modern automobiles that lets them take complete control remotely (kill the gas, turn on the radio, shut off the breaks, etc.). I posted about this concept last year HERE however back then, the hackers had to access the car. This time they are abusing a vulnerability in the UConnect system meaning they don’t need any device plugged in or physical modification to make this work.

They will be talking about this next month at the Blackhat Defcon events so for those that are going, make sure to check it out. Below is the post and video. The original wired post can be found HERE. I’m not buying a new car after watching this. I’m thinking maybe getting a classic instead …. with no wireless technology. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Zero Days Documentary – Security Leaks For Sale Video

VPRO International created a interesting documentary on Zero Day exploits. There is a lot of Blackhat / Defcon footage for those waiting for this years conference T minus two weeks from now. The video can be found below. It is work the watch. Enjoy Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

CBSNews DARPA: Nobodys safe on the Internet 60 Mins Video


CBSNews has a segment of 60s minutes covering how DARPA “the creator of the Internet” is fighting cyber crime (found HERE). They claim Dan Kaufman aka Darpa Dan and his team have built a application that can monitor the military’s network for compromised hosts. They continue to claim “any device that is breached will show up as red dots so you know EXACTLY whats going on”. Uhhhhh sure … is this malware / breach detection mixed with behavior analytics or is it just smoke and mirrors to look impressive on TV?

Next they say they can shut down or quarantine an infected system. Ok well at least that sounds reasonable since technology like NAC is around so just add a desktop management application and that is accomplished. I guess it sounds reasonable when DARPA Dan’s team gets a half of billion dollars a year to develop technology according to this report. With that budget, they better be able to accomplish something.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Best Cyber Security Talks of 2014


My buddy Aamir Lakhani from put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Russia offers over $100,000 to de-anonymize Tor


Patrick Howell O’Neill from the posted about how Russia is offering a reward for de-anonymizing Tor. The original post can be found HERE.

Here are the highlights: Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

PART 2 “The Attack” – THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target


Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (11 votes cast)

THE SOCIAL MEDIA DECEPTION PROJECT : How We Created Emily Williams To Compromise Our Target

Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing


Emily Williams and Robin Sage

Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using Emily Williams. Continue reading

VN:F [1.9.22_1171]
Rating: 4.9/5 (14 votes cast)