New Video from @BlackHatOfficialYT Highlights Black Hat NOC Operations

The video begins with an introduction from the presenters, Neil Wier, alias Grifter, and Bart Stump. They explain their roles within the cybersecurity community and their involvement in organizing the Black Hat event. Grifter is the VP of defensive services for Coalfire, while Bart is the principal manager at Coalfire. They emphasize the importance of security and their passion for the field. The team behind the "NOC" (Network Operations Center) of Black Hat is then introduced. The NOC is a crucial space for ensuring the stability and security of the network during the event. The team consists of numerous technicians and partners who work together to monitor and secure the network. The partners are not paying sponsors but collaborators chosen for their skills and technologies. The network architecture is explained in detail. The NOC uses state-of-the-art equipment provided by various partners, such as firewalls, packet capture systems, sandboxing solutions for analyzing malware, and network monitoring tools. The architecture is designed to be deployed quickly, in just three days, thanks to meticulous preparation and pre-established configurations. The video highlights the importance of automation and the integration of different technologies to improve the efficiency of the NOC. For example, the use of Cortex XDR allows for the centralization of alerts and their transformation into actionable incidents. This significantly reduces the number of alerts that need to be handled manually, which is crucial given the high volume of malicious traffic on the Black Hat network. Interesting statistics are shared, such as the number of DNS queries, the most visited website categories (including dating and pornography sites), and the proportion of encrypted traffic versus unencrypted traffic. It is noted that encrypted traffic has slightly decreased, which is surprising given current trends. The video also addresses challenges and errors encountered, such as a change management incident that caused an eight-minute network outage. This underscores the importance of access and change management to avoid such disruptions. Stories and anecdotes are shared, such as the detection of a user performing an illegal penetration test from a training class, or the discovery of location data being sent in plaintext by a VPN. These examples illustrate the types of behaviors and vulnerabilities that the NOC team must manage. Finally, the video concludes with a discussion on future improvements, such as adding additional sensors to enhance network telemetry and automating incident detection and response processes. The NOC team continues to innovate and improve its capabilities to meet the growing challenges of network security. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=63bUI-2APY4