IOActive Experts to Disclose Original Research, Delivering Five Distinctive Sessions at Black Hat USA 2012

Share Article

Global Security Researchers to Present Latest Offensive and Defensive Strategies in Information Security

“Our team is constantly striving to go beyond the status quo and develop strategies that will improve the overall security posture of enterprises and governments alike, said IOActive Chief Executive Officer, Jennifer Steffens."

IOActive, a leading provider of global application security, compliance, and smart grid security services, today announced that six of its top security researchers have been selected to present at the annual Black Hat conference in Las Vegas from July 25-26. This announcement follows IOActive’s longstanding history of presenting groundbreaking research at Black Hat; with topics such as RFID security, critical flaws in DNS, Smart Meter worms and Jackpotting ATMs.

Every year Black Hat brings together the best minds in security to define tomorrow's information security landscape. The conference serves the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment. The year IOActive’s team will travel to Las Vegas from five countries to share their insights on offensive as well as defensive security strategies and unveil the latest tools from the IOActive Labs team.

“We’ve been involved with Black Hat for over a decade and it’s wonderful to see the conference remain true to its roots while embracing a maturity that focuses beyond simply identifying security challenges," said IOActive Chief Executive Officer, Jennifer Steffens. “Our team is constantly striving to go beyond status quo and develop strategies that will improve the overall security posture of enterprises and governments alike. I’m thrilled that so many members of the team will have a chance to share their insights with this year’s attendees.”

Here is an overview of this year’s presentations:

  •     Ian Amit, IOActive Director of Services, “Sexy Defense: Maximizing the Home-field Advantage” on July 25th at 10:15am

After the penetration testers (or worse: the red team) leave, there’s a pile of vulnerabilities, exposures, threats, risks, and wounded egos in their wake. This presentation will focus on what should be done methodically, defensively, and decisively to implement a more robust security posture for the next time the other team pays a visit.

  •     Éireann Leverett, IOActive Security Researcher, “The Last Gasp of Industrial Air-Gap” on July 25th at 2:15pm

Industrial Systems are widely believed to be air-gapped. At previous Black Hat conferences, presenters have demonstrated individual utility control systems connected directly to the Internet; this is not an isolated incident of failure, but a disturbing trend. Leverett’s presentation will focus on the thousands of exposed systems around the world and examine the staggering amount of standard vulnerabilities to which they are exposed.

  •     Ruben Santamarta, IOActive Security Researcher, “Here Be Backdoors: A Journey into the Secrets of Industrial Firmware” on July 25th at 5:00pm

The ICS security (or lack thereof) has been hogging headlines recently. The underlying issue is that, in a post-Stuxnet era, the industrial control systems are no longer a safe place, but a potential and very valuable target. Santamarta’s presentation focuses on the analysis of firmware through reverse engineering to discover scenarios such as backdoors, confidential documentation or software, and other vulnerabilities. Discussion will be based on actual cases, unveiling curious “features” found in industrial devices, and disclosing previously-unknown details of an interesting case: a backdoor discovered in a family of smart meters.

  •     Cesar Cerrudo, IOActive CTO, “Easy Local Windows Kernel Exploitation” on July 26th at 5:00pm

For some common local kernel vulnerabilities, there’s no general, multi-version and reliable way to exploit them. Interesting techniques have been published, but they’re not simple nor work consistently across different Windows version. This presentation will demonstrate easy, reliable cross-platform techniques for exploiting some common local Windows kernel vulnerabilities that even allow for exploitation of vulnerabilities considered difficult or impossible in the past.

  •     James Lester and Joseph Tartaro, IOActive Security Consultants, “Burp Extensibility Suite” on July 25th at 3:30pm

Black Hat Arsenal is a community gathering place where shareware/freeware developers and independent researchers will present cutting-edge demos, tools and findings in real-time, on stage.

Whether it’s Class B Subnets, a custom web application utilizing tokenization, or the integration of third-party detection/exploitation software, there comes a time when your go-to testing application is insufficient. With Burp Suite Extensibility, you can push these requirements to the next level by building functionality, maintaining efficiency and value, and increasing detection/exploitation of the specified target. Several extensions along with a common extensibility framework will be on display to demonstrate their ability, adaptation, and ease of use. Along with this demonstration, these extensions will be released to the public during the week of Black Hat to encourage further development and extensibility participation.

For more information about Black Hat Security Briefings, visit

About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid security, software assurance, penetration testing, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Chris Tilton
Email >
Follow us on
Visit website