Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Blackhat 2010 Round Up

IMG_1225.png

Tenable was in attendance for Black Hat 2010 in Las Vegas last week. In addition to having a vendor’s booth, we presented four days of Nessus training, our very own Carole Fennelly organized Hacker Court and we hosted a party at Margaritaville. Below are some pictures and more details on the events:

IMG_1200.png


I taught the course titled "Advanced Vulnerability Scanning Techniques Using Nessus", which was well received by the students. We had a pretty full class for both sessions and the students were exceptional. They worked through all of the exercises and even participated in group discussions that covered vulnerability management, enterprise security monitoring and presenting security metrics to management.

DSC_0119.png

The students (and the instructors) had a great time as the students learned how to use the advanced features of Nessus, such as creating their own audit files, using the Nessus API and configuring web application vulnerability scans.

IMG_1202.png

David Poynter, pictured above enjoying a noodle break, was assisting with the instruction of the course, providing his expertise using Nessus and Tenable's enterprise tools such as SecurityCenter.

IMG_1214.png

Barnaby Jack gave a fantastic presentation and showed several different methods for attacking ATMs. He found an authentication bypass vulnerability that allowed him to upload malware to two different ATM models. The malware could be accessed remotely or allow a user at the terminal to interact with a hidden menu. In both cases he could "make all the money come out" without using a valid ATM card and PIN number.

IMG_1217.png

The picture above shows one of the two ATMs that were attacked by Barnaby during the live demonstration. This model is typically found in a bar, restaurant or convenience store.

IMG_1209.png

Chris Paget gave a fascinating talk on extending the range of RFID. He believes he may have set a world record by reading a non-powered RFID tag at 217 feet. He used two very large antennas (one for sending and one for receiving) in addition to a power amplifier to achieve this distance.

IMG_1220.png

Tenable hosted a well-attended party at Margaritaville. The first 100 people received Tenable/Nessus Hawaiian shirts and a Nessus cigar.

DSC_0132.png

Ron and Cyndi Gula, sporting their Tenable/Nessus Hawaiian shirts, talking with Nmap creator Gordon "Fyodor" Lyons at the Tenable booth.

DSC_0129.png

Hacker Court was in session where a fictional case titled “Subject to Monitoring…” addressed issues of wiretapping, spying on competition, waterboarding employees and privacy. One of the interesting points raised by EFF attorney Kevin Bankston is that wiretap laws have not been updated in 24 years and only apply to audio. What this means is that you can take all the video you want of someone and not be subject to wiretap laws as long as there is no accompanying audio.

Overall, Black Hat was an excellent conference and we are looking forward to returning next year!


Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.