Four Cool Tools Expected Out of Black Hat

Security professionals, penetration testers and malware investigators are preparing to get energized. In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year's show should be no different. The buzz is already growing for a number of previously unseen tools that will help security pros solve tough problems and break things in whole new ways. Here are a few highlights.

ChipWhisperer-Lint

Hardware vulnerabilities and exploits are expected to be the number one theme coming out of Black Hat this year, unsurprisingly following up on the fireworks caused by a constant-procession of discoveries building off of the Spectre and Meltdown flaws disclosed earlier in 2018.

Hardware hacker Colin O'Flynn plans to release a new open-source tool he calls Chip-Whisperer-Lint, which when paired with the open-source ChipWhisperer hardware can completely automate discovery of side-channel power analysis attacks on embedded devices. It should be a powerful tool for device makers and security pros auditing the vulnerability of their systems.

NLP Social Engineering Analysis Tool

Social engineering is always on the spear tip of any effective attack campaign. A pair of researchers wants to help security pros get better at detecting it across not just email, but also phone, in person and other messaging formats. In order to do that they believe security tools need to take a content-based approach that can analyze the meaning meaning of the message in a more automated fashion.

In order to do that, they believe Natural Language Processing (NLP) is a must. Ian Harris, a professor at UC Irvine and an NLP and security specialist, along with independent researcher Marcel Carlsson plan on releasing new NLP-based tools that they say can help the security community start to make progress on detecting malicious interactions.

Deserialization Toolkit

Last year insecure deserialization cracked the OWASP Top 10 as one of most troublesome types of bugs that developers and security pros should seek to eradicate from their code.

Deserialization flaws stem from the process of serialization, where programs turn certain objects into plaintext data that will be restored at a later point. Deserialization takes that data and rebuilds it into that object. While most developers today realize they can't trust user input, they tend to trust data bound for deserialization—which gives attackers the perfect 'in' for subverting the process and carrying out a range of attacks.

In the past, the exploitation of deserialization flaws have mostly been manual, but a senior security engineer with Netflix, Ian Haken, will be releasing a new tool and method that automates the discoveries of deserialization 'gadget chains' that make a flaw exploitable. He hopes the tool will give defensive teams an easier way to prioritize deserialization bugs based on exploitability.

Kernel Exploit Framework

Much in the same vein, the process of discovering kernel vulnerabilities has been automated to great effect but exploitation up until now has still needed a lot of manual work due to the complexity and scale of kernels. But a trio of researchers is about to change that equation with a new exploitation framework that they told Dark Reading will "help security pros craft 'powerful working exploits against arbitrary kernel vulnerabilities in a semi-automated fashion.'"

Jimmy Su, head of security research for JD.com, and academic researchers Wei Wu and Xinyu Xing of Penn State University plan to release the framework at the show and will disclose a number of exploits found by it that work on kernel flaws that hadn't been confirmed as exploitable in the past.

Meet Bitdefender at Black Hat USA, Aug 8-9, Mandalay Bay, Las Vegas, Booth #1320

Bitdefender experts will provide hands-on demonstration on how security professionals can use the GravityZone suite to easily investigate and effectively respond to advanced attacks threatening their organizations.

See our integrated full-stack solution in action, featuring layered next-gen endpoint protection, easy-to-use EDR, hypervisor introspection, and other technologies to protect physical, virtual and cloud machines and network storage systems. 

Join us for security power sessions, talk with our security researchers about the latest threats and learn how we fight global cyber crime!