It has been my privilege to spend a week at Black Hat USA 2017 and keep you all up to date on the NOC and conference news. With Gigamon and Scrutinizer combined, the NOC team was able to baseline and detect unwanted behaviors. I was also fortunate to analyze flow data with the Palo Alto next-generation firewall that allowed us to identify the applications generating excessive traffic on the network. As I am about to pack my bags and say goodbye to the Entertainment Capital of the World, I would like to take a few minutes to go over the lessons we learned from one of the biggest information security communities.
The Internet of Things (IoT) is placing an unprecedented number of unsecured devices on the internet every day. We all heard about IoT devices used to launch Denial of Service Attacks (DDoS) and toys violating your children’s data privacy. Can an IoT device be exploited to physically attack an unsuspecting user? “Yes, it can,” says security researcher Billy Rios, who shows the Black Hat 2017 attendees how.
Earlier today, the topic of the recent ransomware outbreaks, such as WannaCry and Petya, came up at the Black Hat NOC. Naturally, this sparked quite a few interesting discussions, and I was asked if we could use Scrutinizer to detect SMB traffic. In this blog, I will bring you up to speed on the Eternal Blue exploit that made the ransomware attacks possible. Then we will dive into the Scrutinizer Palo Alto Application reports and see if we can find any SMB traffic on the Black Hat network.
The more attendees who arrive for the Black Hat briefings, the busier the NOC team gets trying to keep the wireless network up and running for classes. Today I had a chance to check out the Gigamon HTTP status codes exports. Some evildoers like to hide malicious activities using by error codes.
Sometimes a slow day is just what the doctor ordered. Today has been rather uneventful so far, which gave the Black Hat NOC team an opportunity to work on the assigned projects and investigate the occasional bursts of multicast traffic. With Scrutinizer appliance running like a clock, I was also able to spend some quality time on playing with Gigamon exports. This time, I was particularly interested in the SSL information we could collect from the darkest network on the planet. Read more