Black Hat USA 2021 was pretty sparsely attended but to be honest we enjoyed the show! Having finally gotten home it took me a week or so to decompress from all the travel and the meetings but I have some thoughts that I think I should share regarding the event.
As Matthew Album and I traversed the show floor, we constantly heard the pandemic from users about how they had been driven to digitally transform much faster than they had ever thought possible. This was necessary but it really meant that most of the business suddenly became a digital enterprise, which also meant increased security threats, all coming from new avenues of exploitation.
But what we did not hear was how those organizations were addressing the fundamental issue of most of those threats, misconfigurations. .
One large enterprise CISO we chatted with noted that “We were forced to change and we did the best we could to keep the business alive during that massive change, but we know things were missed. It would be impossible not to have had something slip by. I worry most about where we have some looming configuration issues. That’s what a hacker will use to attack us.”. Speaking about the reality of the growing threat space he added, “We need to realize that if we don’t address the basics, and do so very well, we won’t have addressed the major problem. That’s what has been eating everyone’s lunch lately. We can’t just watch more webinars about hacker tactics, we need to actually be hands-on keyboard combatting the low hanging fruit issues that a configuration problem presents.”
Lateral movement is the key issue
We also had the chance to sit in on some sessions, one of which delved into the security of digital infrastructures: Breaking-the-isolation-cross-account-aws-vulnerabilities presented by Shir Tamari and Ami Luttwak was a stellar session.
These researchers asked the question, “What is the one thing you have to have to continue to own a system after an exploit?” And while their focus was mainly on the AWS cloud the same approaches apply to any digital infrastructure. These researchers showed that it was very simplistics to move and maneuver through systems across infrastructure and continually establish beach heads for prolonged access. While this sounds like a “duh” moment you should also remember that they were working with not much more than some access tokens and login credentials. All that they needed was that simple foothold and then they simply exploited the over sharing and excessive access that a configuration offered in a digital network. Game over, repeatedly.
I found this to be exceptional as this is the main problem we work to combat here at Gytpol with our solutions that eliminate misconfigurations and bolster AD issues. What we noted from this session was that this shouldn’t even be an issue for those customers that we have, but if one system is affected all are. The configuration issues and hacks that were so easily leveraged by these researchers opened an entire company’s network up to a major compromise but in all honesty this would have been stopped at the first instance if Gytpol were installed.
Many of the benefits that our system offers would have easily and readily addressed the configuration issues that the majority of the hackers at Blackhat were working to leverage. For instance recent misconfiguration attack vectors which we already detected by GYTPOL before they became publicized include:
• Supply Chain attacks including SolarWinds and Keysea
• Petit Potam (NTLM)
• Print Nightmare
• Microsoft Exchange
Configuration and the power that a well built and safely set up system offers are necessary for any organization to digitally transform and we heard that very statement from a variety of those folks we met that attended the event. We got a lot out of attending the event and we saw a variety of interesting approaches to many different cyber specific problems, but to be frank we addressed most of them with our approach and we do so because we think like a hacker and we address the fundamental configuration issues that organizations face. Will there always be threats, especially after such an amazing digital transformation, yes. But the more we saw the more we were convinced that Gytpol has the means to fix many of the problems we saw and heard about at the event.
Did you attend Black Hat USA this year? Let us know which sessions you thought were most interesting!
