Ukraine's cyber chief comes to Black Hat in surprise visit

2022-08-13 10:00

Online attacks against Ukraine were a common tactic in the leadup to Russia's invasion of the country in late February he said.

James Kettle, director of research at PortSwigger, demonstrated a new method of HTTP request smuggling at Black Hat that allowed him to compromise Apache servers, break into Akamai and Amazon, and compromise multiple web VPNs. The trick lies in browser-powered desync attacks, which get around limitations of traditional methods that only allow them to work on websites that use a front-end/back-end architecture.

IBM's X-Force security team announced a new tool at Black Hat that those using GitHub Enterprise, GitLab Enterprise and Bitbucket Server should look into: A source code management attack simulation tool.

IBM's new source code management attack toolkit can do most of that too, Hawkins wrote, but with the added benefit of not being an actual attacker.

AI-driven security software was in the air at Black Hat this year, as both CrowdStrike and Concentric launched their own "Industry first" security tools that automate away security tasks, the companies claim.

Crowdstrike's new AI tool is designed to detect indicators of attack, which look at behavioral indicators to detect a forthcoming or active attack.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/13/in_brief_security_black_hat/

#blackhat #ukraine