Logo Threat Intelligence

Our history with Black Hat

Threat Intelligence • Jul 19, 2021

The Threat Intelligence team has been heavily involved with Black Hat globally since our first presentation in around 2008, which was followed by the launch of our first training course in 2011.
We are now proud to say that we run the longest running training course at Black Hat USA, being the now famous “The Shellcode Lab” training, and we are the only company in Australia who have been invited to run training at Black Hat for the past 11 consecutive years (as of 2021).
Since our entry into the Black Hat world, we have run countless Black Hat training sessions globally including at Black Hat USA, Black Hat Europe and Black Hat DC. These include “The Shellcode Lab”, “Practical Threat Intelligence” and “Automating Security with Open Source”.  Our team have also run numerous Black Hat Presentations and Black Hat Webcasts including “Reverse DNS Tunneling Shellcode”, “The Active Directory Botnet”, “The Best Way to Catch a Thief”, “Automating Threat Detection and Response” and “Intelligent Security Automation”.

Threat Intelligence was also invited to hold a position on the “Black Hat Asia Review Board” where we select the presentations to go through to Black Hat Asia each year. This provides us with a unique insight into the phenomenal security research that happens around the world and also within the AsiaPac region. We also moderated and/or participated in the “Black Hat Asia Locknote Panel” in 2020 and 2021 where we, along with the Review Board Members, discussed our favourite presentations from the briefings and put our 2 cents in, amongst discussing other current cyber affairs.  One of our most profound moments was being Gold Sponsors at Black Hat USA as our global launch of the Evolve Security Automation Cloud.

The Shellcode Lab

The Shellcode Lab is one of the most popular courses at Black Hat with feedback like “This is the BEST class I have attended in my 17 year professional career”, which is why our team always enjoys running this training.
Ultimately this training teaches students how to write custom shellcode for macOS, Linux and Windows on 32-bit and 64-bit systems to increase their exploitation success rate. Students then integrate their custom developed shellcode into public exploits and create a Metasploit payload module to leverage their shellcode within thousands of exploits.
The training consists of 17 multi-part hands-on labs and over 150 slides of deep technical content. Students start with learning the fundamental knowledge, being how to code in assembly and basic memory management concepts, as well as techniques for how to make their shellcode as small as possible so it can fit into as many exploits as possible and avoiding “bad characters” to ensure that the exploits work, through to compiling and extracting shellcode, as well as using syscalls and dynamically locating functions in memory.
Day 1 starts with Linux 32-bit assembly and Command Execution with Privilege Escalation shellcoding, followed by macOS 64-bit shellcoding. One of the things that amazes us every year is how students can go from zero-assembly coding experience to writing their own macOS 64-bit Port Bind shellcode from scratch to remotely compromise a server by the end of the first day!
Day 2 then kicks off with Windows memory management and Windows 32-bit and 64-bit shellcoding where students get their own Egg Hunter and Reverse TCP shellcode working to get a remote shell on the target system. This is followed by integrating their custom shellcode into public exploits and creating a Metasploit Payload Module.

The training is closed off with a walkthrough of Kernel-Level shellcode to open the students eyes as to what else is possible if they take their skills to an advanced level. Although as you can see the training is not for the fainthearted, we hold the students’ hands the whole way along to ensure they enjoy it and learn a huge amount in 2 days.

Automating Security with Open Source

This training course is into it’s 4th year at Black Hat and has been delivered across both Black Hat USA and Black Hat Europe. With quite a large lab set up with a total of around 2,000 servers running in the cloud, the first year we ran this training it was an absolute disaster! This was only recovered due to our dedicated team training during the day and working throughout the night, sometimes with only 45 minutes sleep before training the next day.
Thankfully, the lessons were learnt that first time and from the second version this training became a well oiled machine, which was confirmed with fantastic feedback and an average total score of 96%! We were told years ago that anything over 85% is absolutely fantastic. Security automation is designed to reduce your security costs, increase your security skills and capabilities, and streamline your security resources to mature your security posture so that security teams can effectively and efficiently stay on top of the constantly evolving threats, attacks and security breaches that occur every day.
Automating Security with Open Source teaches students what areas of security can be automated and how they can streamline their security operations, including: 
  • Automated Intelligence Collection and Security Monitoring
  • Automated Vulnerability Identification and Penetration Testing
  • Automated Incident Investigations and Response
  • Automated Security Infrastructure Integration and Protection
  • Automated Security Alerting

Black Hat students like their courses to be based on open source, so this is what we did. It is common to find that enterprises often find that open source automation has too much operational overhead to maintain compared to a commercial automation platform. But this course provides students with the option to build security automation using open source if they wish to, or at least learn the concepts and ask the right questions when they go to implement a commercial security automation capability.

Thank you to the Black Hat Team

It has been an absolute pleasure working (and drinking) with the Black Hat team over the years – including one year where we wiped out half the Black Hat team during the conference with our over enthusiastic night time activities. We appreciate all of the support that the Black Hat crew have given us over the years, and we hope that everyone continues to support Black Hat during the pandemic with their fantastic virtual events and training. They are, by far, still the #1 conference after all of these years for security training and top notch technical presentations.  We are looking forward to working with Black Hat over the next decade!

AI in Pen Testing
By Anupama Mukherjee 25 Mar, 2024
In this blog post, we will explore how AI can enhance cybersecurity through pen testing, and the risks of using AI in this way.
AI in Cybersecurity
By Anupama Mukherjee 13 Mar, 2024
In this article, we will discuss the role of AI in protecting digital assets from cybercrime.
IRAP Assessments
By Anupama Mukherjee 07 Mar, 2024
In this blog post, we're breaking down IRAP, who it applies to, and how to achieve it. This content has been created with the help of our Technical GRC Specialist, Sam Panicker.
2024 Cybersecurity Trends
By Anupama Mukherjee 04 Mar, 2024
And as the year draws to a close, the question that remains is: What will the new year hold for the cybersecurity industry? Find out in this blog post!
Share by: