SafeBreach Labs to Present at Black Hat USA and DefCon 2023 Conference

Sessions Showcase Cloud-Based Ransomware, EDR Takeover Tools and Hacks for Transportation

BLACK HAT 2023 - SafeBreach, the pioneer in breach and attack simulation (BAS), today announced its extensive participation in the upcoming Black Hat USA 2023 and DefCon 2023 conferences. SafeBreach’s security researchers will release a series of high-profile vulnerabilities, exploits and groundbreaking malware findings, earning the distinction of being the only company to have five sessions selected to be showcased at these events.

The sessions will encompass significant discoveries across the most widely used endpoint detection and response (EDR) security products today that are tasked with protecting F1000 enterprises, including: the first fully undetectable Cloud-Based Ransomware; a surprising zero-day vulnerability that turns Microsoft Windows Defender protection into an adversarial takeover tool with nation-state level capabilities; a new type of vulnerability that causes known endpoint security products to fail; plus a unique demo showing how to hack into popular mobile transportation payment apps to get free rides and expose personal PII data.

• “Defender-Pretender: When Windows Defender Updates Become a Security Risk” by Tomer Bar and Omer Attias, Wednesday, August 9th at 10:20am: This talk will take a deep dive into Windows Defender architecture, the signature database format, and the signature update process, focusing on the security verification logic and how an adversary can use Defender to own any Windows agent and server in the world by exploiting a powerful zero-day vulnerability. The researchers will go further to demonstrate Defender-Pretender, an open-source tool developed and executed as an unprivileged user to achieve multiple attack vectors.

• “EDR = Erase Data Remotely, By Cooking An Unforgettable (Byte) Signature Dish” by Tomer Bar and Shmuel Cohen, Thursday, August 10th at 10:20am: This talk will present a vulnerability in a brand-new category that provides unauthenticated remote deletion of critical files, such as an entire production database, and causes a new level of DoS attack. The vulnerability exists in default settings of three well-known endpoint security products and is fully undetectable.

• “One Drive, Double Agent: Clouded OneDrive Turns Sides” by Or Yair, Thursday, August 10th at 1:30pm: This talk will present DoubleDrive, a fully undetectable cloud-based ransomware, different from all other public ransomware seen so far, that uses Microsoft’s OneDrive cloud storage to bypass endpoint detection tools - including Microsoft’s Controlled Folder Access and OneDrive’s ransomware detection.

• “The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You” by Omer Attias, Sunday, August 13th at 1:00 pm: This talk will examine the security risks associated with transportation applications - including how to get free fares and how to hack the personal PII data of registered users - using Moovit as a case study. Moovit is a widely used transportation app operating in over 3,500 cities across 112 countries and offering access to 192 million Americans. Specific vulnerabilities are discovered and discussed through an investigation of the app’s API, including SSL-encrypted data.

“The aim of our research at SafeBreach is to protect our customers and educate the community,” said Guy Bejerano, CEO at SafeBreach. “We want to ensure we are tracking the latest vulnerabilities while helping our customers understand the gaps and verify that their security vendor remedies are deployed properly—so they are able to fix any problems before an attack takes place,” he continued.

To help customers stay another step ahead of their adversaries, SafeBreach is also introducing Original Attacks, created as a result of the research being presented at Black Hat and DefCon, into its Hacker’s Playbook™. Original Attacks, which are exclusively available from SafeBreach, enable customers to leverage these proprietary research findings and proactively test their security products for vulnerabilities before malicious groups exploit them.

For more information about the sessions and to visit SafeBreach at the event go to booth #1468 at Black Hat USA 2023 on August 9-11 www.safebreach.com.

About Black Hat

Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends. Today Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience.

About SafeBreach

Combining the mindset of a CISO and the toolset of a hacker, SafeBreach is the most widely used continuous security validation platform. SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts. With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230808455609/en/