Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

The Black Hat 2018 Hacker Survey Report and Recap by Thycotic

Written by Joseph Carson

September 18th, 2018

Another Black Hat conference has come and gone and more than 17,000 international security professionals converged on Las Vegas, USA to learn, share, educate and disclose security research on the latest cyber threats, attacks, vulnerabilities and techniques used to bypass the security employed by most governments and organizations globally.

Black Hat Conference 2018

Black Hat USA 2018 Conference in Las Vegas

Of course, Thycotic’s team was there, and as we always do we conducted our Hacker Survey for our annual Black Hat Hacker Report. As in previous years we interviewed 250+ Black Hat attendees—and their feedback was jaw dropping. Download the free report to see results for yourself, and to get our key takeaways from the event.

Responsible Disclosure was one of the main themes this year

One of the main themes at Black Hat was ‘responsible disclosure”, presented by Parisa Tabriz, Google’s Director of Engineering and “Security Princess”. Her keynote focused on the steps we must take to improve cyber security in complex landscapes.  We must embrace the internet and its cyber challenges in order to succeed, and bring together security professionals and leaders who will work together to make technology safe for all citizens.

Parisa Tabriz Black Hat 2018

Parisa Tabriz explains Responsible Disclosure

Here are several sessions I attended that were excellent and very valuable:

Detecting Credential Compromise in AWS – This was a briefing delivered by William Bengtson, Senior Security Engineer at Netflix.  It covered the risks of credential compromise in the cloud and highlighted the implications for companies who use cloud services or infrastructure.  Lack of securing and protecting credentials can be costly and lead to malware stealing resources or being used for destructive activities.  I was interested to learn how William combined privileged access with previously used IP addresses to aid in the detection of compromised credentials.

Detecting Credential Compromise in AWS

William Bengtson talking Credential Compromise

From Workstation to Domain Admin: Why Secure Administrations isn’t Secure and How to Fix it – This was an excellent briefing from Sean Metcalf founder, CTO and consultant at Trimarc.  In the past the task of protecting privileged accounts was almost solely the responsibility of the humans who used them to keep critical systems running.  The need to securely administer environments has become one of the most vital undertakings for every company, and for many the failure to do so has been the root cause of some of the biggest breaches in the past few years.

Sean explained why we should not rely only on MFA (Multi-Factor Authentication) as the primary security control protecting Admin accounts, and the importance of implementing a privileged access management solution that can be properly configured, hardened and secured—even more so than other servers—as these hold the keys to the kingdom.

Hecovered his AD Defensive Pillars:

  • Administrative Credential Isolation and Protection
  • Hardening Administrative Methods
  • Reducing and Limiting Service Account Rights
  • Effective Monitoring

So I became a Domain Controller – Another awesome session, this time from Benjamin Delpy, also known as ‘gentilkiwi’ and the author of Mimikatz, a widely used Windows Security Audit tool.  Gentilkiwi was joined by Vincent Le Toux Head of CERT team for the ENGIE Group in France.  During this session, which was 50 mins long, gentilkiwi walked the audience through the process of gaining access to a workstation and elevating to a Domain Controller using the DCSync feature within Mimizkatz.  Knowing the steps taken, it is vitally important to ensure your environment is not exposed to such risks.

Benjamin Delpy at Black Hat 2018

Benjamin Delpy, also known as ‘gentilkiwi’.

A valuable lesson I have learned from attending the Black Hat Conference over the years is that I must never turn up to Black Hat without a plan—review the sessions and speakers before you arrive and choose judiciously.  Black Hat is so big that even an experienced and seasoned cyber security professional can find it overwhelming.  This was the 21st year of Black Hat so it was bigger than ever before, and with cyber-attacks at the top of everyone’s list of concerns—governments and organizations included—all eyes were focused on which cyber security solutions would be trending this year.

Which brings me to DEF CON. Attending DEF CON is also a must if you want to learn more about what is really happening in the field of cyber security.

Of course, DEF CON brought its usual variety of fun, and the topic highlighted at DEF CON was how easy it was to hack into election voting machines.

My favorite session at DEF CON covered the current cyber threat landscape and the increasing risk of cyber weapons, and was presented by David E. Sanger.

Thycotic's Joseph Carson and David E. Sanger

Joseph Carson | Chief Security Scientist & David E. Sanger | Chief Washington correspondent for The New York Times.

By the way, I definitely recommend reading David E. Sanger’s recent book “The Perfect Weapon”.


What makes IAM, PIM, PAM and the other acronyms so confusing?

Get the answers—and check out our interactive ACRONYM DICTIONARY


Like this post?

Get our top blog posts delivered to your inbox once a month.