Black Hat.zip
420.8 MB
Все доступные на данный момент презентации с Black Hat USA 2018
https://github.com/aeroflotsrc/webapp Халатность авиакомпании "Аэрофлот" в защите данных.
ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack https://www.businesscomputingworld.co.uk/news-post/eset-researchers-discover-lojax-the-first-ever-uefi-rootkit-detected-in-a-cyberattack/
- Running a port scan caused the weapons system to fail
- One admin password for a system was guessed in nine seconds
- "Nearly all major acquisition programs that were operationally tested between 2012 and 2017 had mission-critical cyber vulnerabilities that adversaries could compromise."
- Taking over systems was pretty much playing on easy mode: "In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing."
- One admin password for a system was guessed in nine seconds
- "Nearly all major acquisition programs that were operationally tested between 2012 and 2017 had mission-critical cyber vulnerabilities that adversaries could compromise."
- Taking over systems was pretty much playing on easy mode: "In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing."
https://isc.sans.edu/diary/24186 - в патче есть уязвимость, успешно эксплуатриемая рядом APT
SANS Internet Storm Center
InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-10-10
Internet Storm Center Diary 2018-10-10, Author: Johannes Ullrich