Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Where's Your Host At?

View Recording

Thursday, May 19, 2016
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Where's Your Host At? by NotSoSecure
Leveraging Node Based Cloud Containers to Secure Borderless Networks by iboss Cybersecurity

With the ever growing use of personal devices and the expansion of IOT devices, connectivity to the traditional network has become a bit of a blur. Users are often away from the office and use a multitude of devices to connect back to base from where they operate as if they were sitting at their desks. It's commonplace to hear about attacks on weak server and device configurations, poorly managed systems and weak physical controls - how do you protect a user that is not based on the company premises?!

Networks that were considered to be fairly well secured and have a limited external presence have in recent months become exposed within hours of vulnerability disclosures such as the debacle surrounding Junipers SCREENOS towards the end of 2015 as well as the recently disclosed issues that affected Cisco based IKE VPNs of recent times.

We'll take this opportunity to highlight some common, simple yet effective attacks on infrastructure, remote users and 'undefined' equipment that you may not even give a second thought. We'll provide an introduction into using common techniques on attacking infrastructure, examples of how to utilise built-in tools to aid in attacks as well as give you a glimpse of a pentesters mindset.


Owen ShearingOwen Shearing

Owen Shearing is an avid technology enthusiast who has worked in IT security for the past 5 years and currently holds industry recognised certifications including CREST CCT and OSCP. He is an Associate Director at NotSoSecure (, a specialist IT security company delivering high-end IT security consultancy and training. Prior to this he was a pentester/technical trainer for a leading IT security firm. He runs the blog and has authored tools which can be found at Over the past few years Owen has identified and responsibly disclosed vulnerabilities in various software. He is also a trainer for NotSoSecure's Advanced Infrastructure Hacking (AIH) course at BH USA 2016.

Sumit 'Sid' SiddharthSumit "Sid" Siddharth

Sumit "Sid" Siddharth is the founder of NotSoSecure (, a specialist IT security firm delivering high-end IT security consultancy and Training. He has more than 9 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB etc. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition). Over the years, Sid has identified several critical flaws in leading software and helped fix these bugs. These include products from Microsoft, Oracle, Intel, Wordpress etc. He has trained several security consultants/penetration testers and helped them get better at their job. NotSoSecure will be teaching Advanced and Basic Infrastructure Hacking classes at Black Hat USA 2016. More info on this can be found here:

Sponsor Presenter:

Paul MartiniPaul Martini

Paul Martini pioneered the award-winning iboss Secure Web Gateway (SWG) and has furthered iboss’ position as a leading security innovator with the introduction of iboss Cloud, a platform that delivers iboss Advanced Threat Defense features direct-to-cloud. Mr. Martini holds over 80 patents and patents pending for the security technology he has developed. Prior to founding iboss, Mr. Martini developed proprietary security solutions for clients such as Phogenix, the U.S. Navy and Hewlett Packard. He holds a computer science degree from UCSD.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners