Links to reports from other days:

• Black Hat Europe 2016 – Day One
• Black Hat Europe 2016 – Day Two

DAY 2

 

«Backslash Powered Scanning: Hunting Unknow Vulnerability Classes»

 

The conference presented by James Kettle, research director at PortSwigger, aimed to introduce a new approach to vulnerability analysis tools during security audits.

 

The initial observation is that vulnerability scanners are practical for discovering easily detectable flaws, but prove ineffective for more complex scenarios. Furthermore, James compared vulnerability scanning to virus scanning to demonstrate the ineffectiveness of this approach.

 

To address this problem, the author proposed an approach not based on vulnerabilities, but on the heuristic analysis of suspicious behaviors.

 

 

Very quickly, the problem of searching for pattern«The inclusion of data in the responses, coupled with the successive additions of various security systems, skews the results and makes the automated approach very complex. The author then presented a "Burp Extender" plug-in to simplify queries as much as possible and bypass error-prone elements such as those related to timestamps.

 

In conclusion, the new approach makes it possible to identify many behavioral flaws that could potentially indicate the presence of a vulnerability, but manual exploitation is still necessary.

 

 

«Breaking Big Data: Evading Analysis of the Metadata Of Your Life»

 

This conference provided an overview of "Big Data" by highlighting all the information that can be retrieved and explaining how, via metadata, a scenario or habits can be identified.

 

 

This metadata can then be associated with a person, represented by their actions, interests, friends, etc. This approach demonstrates that every activity can be linked to a person through "Big Data".

 

In conclusion, the author explains that the only way to escape this analysis is to assume that all equipment is compromised and to act by changing our lifestyles.

 

«(Pen)Testing Vehicles with CANTools»

 

As the name suggests, this conference dealt with the security of vehicles equipped with CAN buses. The author explains that OBD2 is an external access point, but not discreet if one wishes to install a backdoor, whereas the connection to the CAN bus can be relatively discreet.

 

Furthermore, the author specifies that communicating with a CAN bus is not extremely difficult because only 8 bits of data are used.

 

 

The YACHT (Yet Another Car Hacking Tool), developed by the author, was then presented.

 

 

The interesting feature of this tool is the presence of various ECUs (Electronic Control Units) in modules that allow for testing commands by simulating a connection with a car. This makes it possible to test new tools and identify potential side effects that could prove disastrous if implemented on a vehicle in operation.

A presentation of the various functionalities of the tool reveals UDS (Unified Diagnostic Services) attacks that can be used to intercept packets, manipulate traffic, or analyze the services accessible on the different equipment of the car with a scanner similar to "Nmap".

 

The speaker then presented his approach to detecting "quickly" the frames sent during the various actions performed on the car (for example when opening the doors).

 

«"Locknote"»

 

No keynote This edition of Black Hat Europe featured an interesting discussion between Jeff Moss, founder of Black Hat, and several members of the submission review panel on recent events in cybersecurity. Numerous topics were addressed, including the security of connected devices, industrial systems, and the increasing efforts of governments to control the internet and its use.

 

This introduction was then followed by a question and answer session with the audience to exchange their opinions and ask questions of those concerned.