Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 2 Sessions

Virtual Black Hat: Rapid7 Experts Share Key Takeaways from Day 2 Sessions

This blog post is part 2 of a two-part blog series recapping Rapid7’s Black Hat debriefs as part of Virtual Vegas. Check out our recap of day one here!

It’s no secret that days (and time in general) are generally meaningless now—except when you get the opportunity to break out of your routine and attend an amazing event like this year’s virtual Black Hat. Our Rapid7 experts attended another day of incredible talks, and have plenty of key takeaways and insights to share with you about their research, vulnerability management, and detection and response sessions. Here’s what they had to say:

Research takeaways from Black Hat 2020 (Day 2)

The accidental theme all three research topics ended up being "how can attackers leverage external influences to get internal goodies?" So, here we go!

EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks

This session, hosted by Ben Seri and Gregory Vishnepolsky, explored how packet-in-packet attacks on the Ethernet protocol have moved beyond a theoretical capability to become both a practical and powerful attack.

Tod Beardsley, Director of Research at Rapid7, said that at the start of the talk, he was pretty much expecting a crafted packet-in-packet attack using some type of tunnelling protocol such as IPv4-over-IPv6. By the middle, he was asking, “Wait, how do you control the random interface failure?” And by the end, he fi ..