Black Hat USA 2017

 Mandalay Bay | Las Vegas

 Visit Us at Booth #1008


Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

Optiv is proud to participate in six sessions at Black Hat this year. Details below. 

Black Hat Day Zero – Navigating #BHUSA 2017
Speaker: Ping Look
Day Zero offers attendees a comprehensive overview of all the programs, content, and special features available at Black Hat. Before diving into a jam-packed two days of hacks and research, hear from Black Hat Review Board members on a broad range of topics; from the story of Black Hat’s creation, to building a content roadmap, to how to submit the perfect talk, to insider recommendations on this years can’t-miss Briefings and Arsenal tools. Experts will share their views, memories, and intel to prepare you for what’s in store.
July 25, 4:00 p.m. - 4:20 p.m. | Mandalay Bay G

They’re Coming for your Tools: Exploiting Design Flaws for Active Intrusion Prevention
Speaker: John Ventura
Several popular attack tools and techniques remain effective in the real world, even though they are well understood and documented. Consequently, many attackers and other individuals within the professional penetration testing community have not grown beyond their tools, partially because of the effectiveness of several widely available attack scripts. In this talk, we hope to offer a more active approach toward intrusion prevention that enables defenders to use simple network software applications to seek out these attacks.
July 26, 10:30 a.m. - 10:55 a.m. | South Seas CDF

How to Advance Your Career in IT Security
Speaker: Dawn-Marie Hutchinson
The need for information security people and skills has never been greater than it is today – and the demand is growing. How can you leverage this demand to increase your salary, move up the ladder, and/or find a better position? In this panel, top security recruiters and hiring managers will discuss current opportunities in the IT security space, how companies are hiring/paying security pros, and how you can take advantage of the booming market to advance your security career. Attendees will get tips and insight on what training to take, what skills to develop, and where to look for new job opportunities. You’ll also learn what you can do in your current position to make yourself more valuable – and more visible to upper management.
July 26, 4:20 p.m. - 5:10 p.m. | Career Track Theater, Business Hall, Level 2

Building C2 Environments with Warhorse
Presenter: Ralph May
Building full featured command-and-control (C2) environments can be a major undertaking, taking significant time and effort. However, deployment or proper infrastructure is key to avoiding detection and maintaining proper operational security during offensive engagements. In many instances, once a C2 environment is operational, it's utilized for a short period then destroyed. There are many different tools used within these C2 environments, with most tools requiring significant amounts of manual configuration. In recent years, API-based, on-demand cloud infrastructure has reduced the cost of building a C2 environment while also exposing functionality that encourages process automation. Combine these on-demand cloud services with the rapid development of Docker containers, and you have the building blocks to create and deploy C2 environments on the fly. Warhorse has been designed to build these C2 environments with only minimal configuration. Warhorse enables pentesters to focus on tactics instead of managing C2 infrastructure. Warhorse approaches this creation of a C2 environment with a few unique features. First, it uses a module-based approach to everything that it creates. This way, any new tactics or tools can be added as a module to utilize in creating a C2 environment. Second, Warhorse is vendor-agnostic and can be used with any cloud service provider. This allows C2 environments to live in multiple data centers and utilize multiple vendors. Lastly, Warhorse employs a two-zone approach to limit backend C2 exposure. Systems that communicate directly with the target are treated as expendable and can have very short life spans. These features combined not only help with rapid deployment but also allow pentesters to build environments with the latest tactics and techniques that can evolve on the fly and be moved whenever required.
July 26, 4:00 p.m. - 5:20 p.m. | Business Hall, Level 2, Station 4 | Arsenal

A New Take at Payload Generation: Empty-Nest
Presenters: James Cook and Tom Steele
As the evolution of endpoint, egress, and network security controls continues, adversaries and pentesters are finding it increasingly more difficult to execute malicious payloads within properly-hardened enterprise networks. Although tools currently exist to aid in circumventing these controls, the current state fails to properly account for some of newest techniques used by these controls. Enter Empty-Nest, a command-and-control (C2) toolset created with circumvention in mind. Empty-Nest was designed to provide a flexible payload-generation mechanism and pluggable interface to enable adversaries to easily customize payloads for targeted security control bypass. Our presentation shows the Empty-Nest toolset, demonstrating how to leverage the pluggable interface to create keyed payloads capable of bypassing new-age, cloud-based binary analysis, unloading endpoint software DLLs from running processes, customizing C2 transports, and more.
July 26, 11:30 a.m. - 12:50 p.m. | Business Hall, Level 2, Station 6 | Arsenal

Presenter: Pete Arzamendi
SERPICO is a simple and intuitive report generation and collaboration tool; the primary function is to cut down on the amount of time it takes to write a penetration testing report. Serpico was built by penetration testers with a pen-testers methodology in mind. Our goal is to save you time and improve your reporting process. We are excited to be back at Arsenal!! We have a large release of Serpico planned with some exciting features to show off including plug-ins to simplify your life, more reports to choose from, shiny UI improvements, and better scoring. It might make you hate report writing just a little bit less.
July 27, 10:00 a.m. - 11:20 a.m. | Business Hall, Level 2, Station 8 | Arsenal

In addition to several of its experts speaking at Black Hat USA 2017, Optiv is a proud platinum sponsor of the event, and is exhibiting at booth #1008 in the Business Hall and #CZ5 in the Career Zone. The company also will sponsor two events on Wednesday, July 26 at Mandalay Bay:

  • SPARK: A Women in Cyber Mixer at the RM Seafood Lounge from 6:30 – 8:00 p.m. This event will include Dawn-Marie Hutchinson, Optiv executive director, office of the CISO, and MacKenzie Brown, Optiv associate research principal, who will lead a discussion on the need for gender diversity in the information security industry and ways to grow and develop careers in the cyber industry. A donation of $5 will go to Girls Who Code for every person who attends the event. Click here to register.
  • The Optiv After Party at LIGHT Nightclub from 7:30 – 10:30 p.m. To register and pick up wrist bands for the event, visit the Optiv booth on Wednesday, July 26 during Business Hall hours or click here

For more information on this event, please visit the conference website.