Black Hat USA 2022 Continued: Innovation within the NOC

In part among our Black Hat USA 2022 NOC blog, we discussed developing the network with Meraki:





  • Adapt
  • Developing the Hacker Summer season Camp system, by Evan Basta
  • The Cisco Stack’s Potential doing his thing, by Paul Fidler
  • Port Safety, by Ryan MacLennan, Ian Redden and Paul Fiddler
  • Mapping Meraki Location Information with Python, by Orlando Clausen
  • In this component two, we shall discuss:
     <li>     Bringing everything with SecureX     </li>      together
     <li>     Generating Custom made Meraki Dashboard Tiles for SecureX, by Matt Vander Horst     </li>     
     <li>     Talos Threat Hunting, by Jerzy ‘Yuri’ Kramarz and Michael Kelley     </li>     
     <li>     Unmistaken Identification, by Ben Greenbaum     </li>     
     <li>     25+ Many years of Black Hat (plus some DNS stats), by Alejo Calaoagan     </li>     

    Cisco is really a Premium Companion of the Dark Hat NOC , and may be the Official Wired & Cellular Network Equipment, Mobile Gadget Administration, DNS (Domain Name Services) and Malware Analysis Service provider of Black Hat.

     <img class="aligncenter wp-image-414158 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fgcgxfgxfxfg.jpg" alt width="1100" height="623" />     

    Each year dark Hat USA is the best section of my professional life. We had an unbelievable employees of 20 Cisco engineers to create and secure the system. Also, for the very first time, we’d two Talos Threat Hunters from the Talos Incident Reaction (TIR) team, providing special skills and perspectives in order to the attacks upon the network. I must say i appreciated the close up collaboration with the Palo Alto NetWitness and Networks associates. We created brand-new integrations and the NOC continuing to serve being an incubator for innovation.

    We should allow real malware in the network for education, demonstrations, and briefing periods; while safeguarding the attendees from assault within the system from their fellow attendees and stop bad actors utilizing the network to strike the Internet. This is a critical stability to make sure everyone includes a safe experience, while having the ability to learn from real life malware still, vulnerabilities, and malicious sites. Therefore, context is what actually issues when investigating a possible attack and bringing therefore many technologies jointly in SecureX actually accelerated investigation and reaction (when needed).

     <img loading="lazy" class="aligncenter wp-image-414159 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fcgcfgcgfxfgx.jpg" alt width="1100" height="956" />     

    All of the Black Hat system traffic has been supported by Meraki switches and wi-fi access points, utilizing the latest Meraki equipment donated by Cisco. Our Meraki group could block folks from the Dark Hat network, when a study showed they do something in violation of the attendee Program code of Conduct, upon acceptance and evaluation by the Dark Hat NOC leadership.

    Cisco Secure provided all of the domain name services (DNS) requests on the Dark Hat system through Umbrella, whenever attendees wished to connect to an internet site. If there will be a particular DNS assault that threatened the meeting, we supported Dark Hat in blocking it to safeguard the network. However, automagically, we allow and keep track of DNS requests to malware, control and command, phishing, crypto mining, along with other dangerous domains, which may become blocked in a creation environment. That stability of permitting cybersecurity demos and training that occurs, but prepared to block when needed.

     <img loading="lazy" class="aligncenter wp-image-414160 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fgxfdxfhx.jpg" alt width="1430" height="809" />     

    As well as the Meraki networking equipment, Cisco Safe shipped an Umbrella DNS virtual appliance to Dark Hat USA also, for inner network visibility with redundancy. The Intel NUC that contains the virtual appliance included the bridge to the NetWitness on-premises SIEM also, custom produced by Ian Redden.

     <img loading="lazy" class="aligncenter wp-image-414161 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/efwefwefwef.jpg" alt width="1430" height="1002" />     

    We furthermore deployed the next cloud-based security software:

     <img loading="lazy" class="aligncenter wp-image-414162 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfgcfcfgc.png" alt width="1430" height="751" />     

    We analyzed files which were downloaded on the system, checking them for malicious actions. When malware will be downloaded, it really is confirmed by us will be for a training, briefing or demonstration, rather than the beginning of an strike on attendees.

     <img loading="lazy" class="aligncenter wp-image-414163 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/sdfghj.png" alt width="1430" height="724" />     

    During a study, we used SecureX in order to visualize the threat cleverness and associated artifacts, correlating information. In the illustration below, an attacker had been attempting remote program code execution on the Sign up Servers, alerted by the Palo Alto group, investigated by the NOC risk hunters, and blocked by order of the NOC leadership upon the full total outcomes of the investigation.

     <img loading="lazy" class="aligncenter wp-image-414164 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/xfdxxfgxfd.png" alt width="624" height="316" />     
     <strong>     Cisco Protected Threat Cleverness (correlated through SecureX)     </strong>     
     <strong>     Donated Companion Threat Cleverness (correlated through SecureX)     </strong>     
     <img loading="lazy" class="aligncenter wp-image-414165 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfgcfcgcfc.png" alt width="624" height="318" />     
     <strong>     Open-Supply Threat Cleverness (correlated through SecureX)     </strong>     
     <strong>     Continuing Integrations from past Dark Hat events     </strong>     
     <li>     NetWitness SIEM integration with SecureX     </li>     
     <li>     NetWitness PCAP document carving and submission to Cisco Safe Malware Analytics (formerly Threat Grid) for evaluation     </li>     
     <li>     Meraki syslogs into NetWitness Palo and SIEM Alto Firewall     </li>     
     <li>     Umbrella DNS into NetWitness Palo and SIEM Alto Firewall     <strong>     &nbsp;     </strong>          </li>     
     <strong>     New Integrations Created at Dark Hat United states 2022     </strong>     
     <li>     Protected Malware Analytics integration with Palo Alto Cortex XSOAR, extracting data files from the system stream via the firewall     </li>     

    The NOC partners, netWitness and Palo Alto Systems especially, were so collaborative and we still left Vegas with an increase of ideas for future integration development

     <strong>          <u>     Creating Custom made Meraki Dashboard Tiles for SecureX, by Matt Vander Horst     </u>          </strong>     

    One of the primary great things about Cisco SecureX is the open up architecture. Anyone can develop integrations for SecureX should they can form an API with the proper endpoints that talk the right language. In the entire case of SecureX, the language may be the Cisco Risk Intelligence Design (CTIM). As stated above, Cisco Meraki powered Black Hat United states 2022 by providing wifi and wired networking for the whole conference. This meant a whole large amount of equipment and users to help keep track of. To avoid needing to change between two various dashboards in the NOC, we made a decision to create a SecureX integration that could supply Meraki dashboard tiles straight into our individual pane of cup: SecureX.

    Building an integration regarding SecureX is easy: decide what efficiency you need your integration to provide, build an internet-obtainable API that provides those functions, and add the integration to SecureX then. At Dark Hat, our Meraki integration backed two abilities: health insurance and dashboard. Here’s a listing of those features and the API endpoints they anticipate:

     <td width="98">     Capacity     </td>     
     <td width="278">     Explanation     </td>     
     <td width="247">     API Endpoints     </td>     
     <td width="98">     Wellness     </td>     
     <td width="278">     Enables SecureX to ensure the module will be reachable and working correctly.     </td>     
     <td width="247">     /wellness     </td>     
     <td width="98">     Dashboard     </td>     
     <td width="278">     Offers a list of accessible dashboard tiles and, following a tile is put into a dashboard, the tile information itself.     </td>     
     <td width="247">     /tiles


    With this capabilities decided, we shifted to building the API for SecureX to speak to. SecureX doesn’t treatment how you create this API if it gets the anticipated endpoints and speaks the proper language. You could create a SecureX-suitable API into your item directly, as a serverless Amazon Web Providers (AWS) Lambda , as a Python script with Django, and so forth. Make it possible for rapid development at Dark Hat, we thought we would build our integration API about a preexisting Ubuntu server in AWS running PHP and Apache.

    After creating the API framework on our AWS server, we’d to choose which dashboard tiles to provide. Here’s what we finished up supporting:

     <td width="312">     Tile Title     </td>     
     <td width="312">     Explanation     </td>     
     <td width="312">     Top Apps     </td>     
     <td width="312">     Displays the very best 10 applications by movement count     </td>     
     <td width="312">     Client Stats     </td>     
     <td width="312">     Exhibits a listing of clients     </td>     
     <td width="312">     Best SSIDs by Use in GB     </td>     
     <td width="312">     Displays the very best 10 SSIDs by information use in GB     </td>     
     <td width="312">     Access Stage Status     </td>     
     <td width="312">     Exhibits a listing of access points     </td>     

    Finally, after the API has been and running up, we’re able to add the integration to SecureX. To get this done, you should develop a module description and then press it to SecureX which consists of IROH-INT API . Following the module is developed, it seems in the Accessible Integration Modules portion of SecureX and may be additional. Here’s what our module appeared as if after being put into the Dark Hat SecureX instance:

     <img loading="lazy" class="aligncenter wp-image-414166 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfgcfgfgcfgc.png" alt width="660" height="427" />     

    After adding our fresh tiles to the SecureX dashboard, SecureX would ask our API for data. The API we constructed would fetch the info from Meraki’s APIs, format the info from Meraki for SecureX, and return the formatted data then. Here’s the effect:

     <img loading="lazy" class="aligncenter wp-image-414167 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/gfgfxgfxfx.png" alt width="1430" height="849" />     

    These dashboard tiles gave us helpful insights into that which was going in in the Meraki network environment alongside our current dashboard tiles for various other products such as for example Cisco Safe Endpoint, Cisco Umbrella, Cisco Protected Malware Analytics, and so forth.

    In order to learn more about developing integrations with SecureX, have a look at these resources:

     <strong>     Talos Threat Hunting, by Jerzy ‘     </strong>          <a href="https://qa.linkedin.com/in/jerzykra" target="_blank" rel="noopener">          <strong>     Yuri’ Kramarz     </strong>          </a>          <strong>      and      </strong>          <a href="https://www.linkedin.com/in/mikewkelley/" target="_blank" rel="noopener">          <strong>     Michael Kelly     </strong>          </a>     

    Black Hat USA 2022 was our very first supported event fully, where we deployed an onsite threat hunting group from Talos Incident Reaction (TIR). Our close friends and colleagues from different business units, linked by SecureX integration, given us access to all of the underlying consoles and API factors to aid the threat hunting initiatives enhanced by Talos Cleverness.

     <img loading="lazy" class="aligncenter wp-image-414168 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfcfgcjc.jpg" alt width="1430" height="1078" />     

    The threat hunting team centered on answering three key hypothesis-driven questions and matched that with information modelling across all the various technology stacks deployed in Dark Hat NOC:

     <li>     Any kind of attendees wanting to breach each other’s techniques in or beyond a classroom atmosphere?     </li>     
     <li>     Any kind of attendees wanting to subvert any NOC Techniques?     </li>     
     <li>     Any kind of attendees which are compromised and they could possibly be warned by us about this?     </li>     

    To answer the aforementioned hypothesis, our analysis started with knowledge of the way the network architecture is organized and what type of data accessibility is given to NOC. We rapidly realized our critical partners are fundamental to extending presence beyond Cisco deployed technology. Great many thanks head to our buddies from NetWitness and Palo Alto Systems for sharing full usage of their technologies, to make sure that hunting didn’t stop on simply Cisco package and contextual cleverness could be collected across different safety products.

    Everyday threat hunt started with gathering data from Meraki API to recognize IP and DNS levels requests leaving the devices linked to cellular access points throughout entire conference. Although Meraki will not filter the visitors directly, we wished to find indications of malicious exercise such as for example DNS exfiltration efforts or connections to identified and malicious domains that have been not portion of the course teaching. Provided the known degree of access, we were then in a position to investigate network visitors capture connected with suspicious connections and look for suspected Order and Control (C2) factors (there were several from different danger actors!) or attempts for connecting back again to malicious DNS or Quick Flux domains which pointed out that a few of the attendee devices were certainly compromised with malware.

    That said, that is to be likely given hostility of the system we were researching and the truth that classroom conditions have users who is able to bring their own products for hands-about labs. SecureX permitted us to rapidly plot this internally to get specific hosts that have been connecting and speaking with malicious endpoints while furthermore showing several additional datapoints that have been ideal for the investigation and hunting. Is one particular investigation below, using SecureX threat reaction.

     <img loading="lazy" class="aligncenter wp-image-414169 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fcjgcgccxgcx.png" alt width="1430" height="550" />     

    While considering internal traffic, we’ve furthermore found and plotted several different port-scans running over the internal network quite. Without stopping these, it had been interesting to notice different attempts and attempts by students to get ports and gadgets across networks. Good thing that system isolation was set up to prevent that! We blurred out the Macintosh and IP addresses in the image below.

     <img loading="lazy" class="aligncenter wp-image-414170 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/chgfcfjcfcg.png" alt width="936" height="702" />     

    Here is another exemplory case of actually nice port scan clusters which were running throughout both internal and external networks we’ve found. This period it had been the case of several hosts scanning one another and seeking to discovery ports locally and across most of the Internet-based techniques. All that was section of the course but we’d to verify that since it looked very suspicious from the outset. Again, blurred image for anonymity.

     <img loading="lazy" class="aligncenter wp-image-414171 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfgcfcgcfgg.png" alt width="936" height="746" />     

    In several instances, we furthermore identified remarkably interesting clear-text LDAP traffic departing the surroundings and giving an obvious indicator which organization the precise device belonged to due to the domain name that was requested in the cleartext. It had been interesting to note that in 2022 quite, we still have a whole large amount of devices talking clear textual content protocols such as for example POP3, LDAP, FTP or http, which are an easy task to subvert via Man-In-The-Middle kind of attacks and will easily disclose this content of important text messages such as e-mail or server credentials. Can be an exemplory case of the plain textual content email attachments below, visible inside Cisco and NetWitness Safe Malware Analytics.

     <img loading="lazy" class="aligncenter wp-image-414172 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfcfgcgfcgf.png" alt width="1430" height="693" />     

    With regards to the exterior attacks, Log4J exploitation attempts were virtually an everyday occurrence on the infrastructure and applications useful for attendee registration and also other standard web-based attacks such as for example SQL injections or path traversals. General, we saw a great number of interface scans, floods, probes and all sort of web program exploitation attempts daily turning up, at various peak hrs. Fortunately, every one of them were effectively identified for context (will be this part of an exercise course or demonstration) and included (if suitable) before causing any injury to external systems. Provided the known proven fact that we’re able to intercept boundary visitors and investigate particular PCAP dumps, we used each one of these attacks to recognize various command-and-control servers that we furthermore hunted internally to make sure that no organs and circulatory system is compromised.

    The final little bit of the puzzle we appeared to handle, while threat hunting during Dark Hat 2022, was automation to find interesting investigation avenues. Both folks investigated a chance of threat hunting making use of Jupyter playbooks to get outliers that warrant a nearer look. We’ve created and created a couple of scripts which may gather the info from API endpoints and develop a data frames that could end up being modeled for more analysis. This allowed us to quickly gather and filter connections and systems that have been not that interesting. Then, concentrate on specific hosts we have to end up being checking across different technologies stacks such as for example Palo and NetWitness Alto.

     <strong>     Unmistaken Identification, by Ben Greenbaum     </strong>     

    An unusual facet of the Dark Hat NOC and associated protection functions activities is that can be an intentionally hostile system. People arrived at learn new tricks also to carry out what would in virtually any other circumstance be looked at rightfully as malicious, undesired behavior. Therefore, determining whether that is “appropriate” or “unacceptable” malicious conduct can be an added step. In addition, this is a seriously BYOD environment even though we do not need attendees attacking one another, or our infrastructure, there exists a specific amount of suspicious or indicative habits we may want to overlook to spotlight higher priority alerts.

    In short, you can find broadly speaking 3 degrees of security event at Dark Hat:

     <li>     Allowed - demonstration or classroom activities; i.e. a big part of the reason for Black Hat     </li>     
     <li>     Tolerated -C&amp;C communications from BYOD techniques, other proof infections that aren't evidence of direct episodes; attendee cleartext communications that needs to be encrypted, but aren't relevant to the procedure of the meeting.     </li>     
     <li>     Forbidden - immediate assaults on attendees, instructors, or infrastructure; overt criminal action, or some other violations of the Program code of Conduct     </li>     

    When Umbrella alerted us (with a SecureX orchestration Webex workflow) of DNS requests for a domain involved with “Illegal Activity” it had been reminiscent of a meeting at a previous meeting where an attendee was captured using the meeting network to download forged vaccination paperwork.

     <img loading="lazy" class="aligncenter wp-image-414173 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfcgccfgcfg.png" alt width="720" height="348" />     

    Using the Cisco Protected Malware Analytics platform’s phishing investigation instruments, I loaded plus explored the topic domain and discovered it to become a program that generates and pseudo-randomized fake identities, customizable in a variety of ways to match upon demographics. Certainly, a thing that could be useful for nefarious reasons, but is not unlawful in and of itself. Physical gain access to and security handle is, however, important at Dark Hat also, and when this activity was section of an attempt to undermine that, this is still a problem then.

     <img loading="lazy" class="aligncenter wp-image-414174 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fgcfgfgcgccg.png" alt width="720" height="574" />     

    This is, however, the type of thing that gets taught at Dark Hat… also

    Utilizing the reported internal web host IP from Umbrella, Meraki’s link records, and the Meraki gain access to point map, we could actually narrow the activity right down to a particular classroom. Finding out about what was being shown for the reason that available room, we could actually confirm that the experience was linked to the course’s subject material

     <img loading="lazy" class="aligncenter wp-image-414175 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/fcfgcgfgfc.png" alt width="720" height="222" />     

    Network administrators and owners, especially businesses, don’t want their network to be utilized for crimes typically. However, here at Dark Hat what some would consider “crimes” is merely “the curriculum”. This provides a level of complexity to securing and safeguarding not only Black Hat, but Dark Hat attendees also. In security operations, don’t assume all investigation results in a smoking cigarettes gun. At Dark Hat, when it does even, you might find that the cigarette smoking gun had been fired in a secure way at an approved focus on range. Getting the right tools readily available can help you create these determinations rapidly and free you around investigate another potential threat.

     <strong>     25 Yrs of Dark Hat - Musings from the present (plus some DNS stats),     </strong>          <strong>      by Alejo Calaoagan     </strong>     

    In Singapore back, I wrote around cloud app utilization and the potential risk scenery surrounding them.  My original plan at Dark Hat USA has been to dig deeper into this vector to discover what exciting tidbits I could discover on our attendee system. However, given that this is the 25th anniversary of Dark Hat (and my 14th altogether between Vegas, Singapore, and London), I’ve made a decision to pivot to speak about the show itself.

    I believe it’s safe to state, after two challenging pandemic yrs, Black Hat back is. Maybe it’s the truth that almost everyone has captured COVID right now (or that the majority of people simply stopped caring). This season back June i captured it myself at RSA, the initial of consecutive summer very spread events (Cisco Live life Vegas was the next week). Both of these exhibits were in the 15-18k attendee range, properly below their pre-pandemic quantities. Black Hat USA 2022 was estimated at 27,000 attendees.

    If I correctly remember, 2019 was in the 25-30K range. Year in Vegas last, there have been ~3,000 individuals at the function, tops. 2021 in London, was lower…it experienced like there were significantly less than 1 even,000 attendees. Things definitely found in Singapore (2-3k attendees), though that occasion doesn’t generally see attendee figures as high because the other locations. Overall, while the pandemic definitely isn’t over, NEVADA offered glimpses of what items were like prior to the “Rona” got over our lives.

     <img loading="lazy" class="alignleft wp-image-414176 size-medium" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfhcfcggfcg-209x300-1.png" alt width="209" height="300" />     

    The show floor was back again to the norm certainly, with swag flying off the lines and countertops for Nike sneaker and Lego giveaways wrapping around different booths.  The smiles on people’s faces because they pitched, marketed, hustled, and educated the masses reminded me personally just how much I missed this known degree of engagement.  RSA provided me this feeling aswell, before COVID sidelined me through the show anyhow midway.

    Not everything was exactly the same quite. The Dark Hat party scene isn’t what it was previously certainly. This season or last there is no Fast 7 rager, or perhaps a happy hour occasion thrown by way of a security business you’ve never heard about at every bar you stroll by on the strip. There have been the right networking events occasionally still, and there have been some awesomely random Vanilla Ice, Glucose Ray, and Smashmouth displays. For anybody acquainted with Jeremiah Grossman’s yearly Dark Hat BJJ throwdown, that’s still, fortunately, a plain thing. Hopefully, in the coming years, a few of that older awesomeness returns….

    Enough reminiscing, listed below are our DNS numbers from the show:

     <img loading="lazy" class="aligncenter wp-image-414177 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/efewfwregter.png" alt width="480" height="284" />     

    From a sheer visitors perspective, this is the busiest Black Hat ever, with over 50 million DNS requests produced…

     <img loading="lazy" class="aligncenter wp-image-414178 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/efrewrewte.png" alt width="618" height="316" />     

    Digging into these correct numbers, Umbrella observed over 1.3 million safety events, including numerous kinds of malware over the attendee network. All week our threat hunting group was busy!

    We’ve also seen a rise in app usage from Black Hat:

     <li>     2019: ~3,600     </li>     
     <li>     2021: ~2,600     </li>     
     <li>     2022: ~6,300     </li>     

    In a real-planet production atmosphere, Umbrella can block unapproved or high-danger apps via DNS.

     <img loading="lazy" class="aligncenter wp-image-414179 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/rgerger.png" alt width="624" height="86" />     
     <img loading="lazy" class="aligncenter wp-image-414180 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/cfgcfctrd.png" alt width="624" height="336" />     

    The increases in DNS visitors quantity and Cloud App use obviously mirrors Dark Hat’s return to the guts stage of protection conferences, following 2 yrs of pandemic uncertainty. I’m hopeful that things shall continue steadily to trend in a confident direction before London and, hopefully, we’ll find you there all.

    Hats off to the complete NOC team. Have a look at Dark Hat European countries in London, december 2022 5-8!

     <img loading="lazy" class="aligncenter wp-image-414181 size-full" src="https://www.infracom.com.sg/wp-content/uploads/2022/08/rgreytryrt.jpg" alt width="1100" height="766" />     
     <strong>     Acknowledgements     </strong>     : Special because of the Cisco Meraki and Cisco Protected Black Hat NOC group.
     <em>     SecureX danger response, orchestration, gadget insights, customized integrations and Malware Analytics     </em>     : Ian Redden, Aditya Sankar, Ben Greenbaum, Matt Vander Robert and Horst Taylor
     <em>     Umbrella DNS     </em>     : Alfredia Clasen and Alejo Calaoagan
     <em>     Talos Incident Reaction Threat Hunters     </em>     : Jerzy ‘Yuri’ Kramarz and Michael Kelley
     <em>     Meraki Systems Supervisor     </em>     : Paul Fidler (team innovator), Paul Hasstedt and Kevin Carter
     <em>     Meraki System Engineering     </em>     : Evan Basta (team head), Gregory Michel, Richard Fung and CJ Ramsey
     <em>     Network Style and Wireless Site Study     </em>     : Jeffry Handal, Humphrey Cheung, JW McIntire and Romulo Ferreira
     <em>     Network Construct/Tear Down     </em>     : Dinkar Sharma, Ryan Maclennan, Ron Taylor and Leo Cruz
     <em>     Critical assistance in sourcing and providing the Meraki APs and switches     </em>     : Lauren Frederick, Eric Goodwin, Isaac Flemate, Scott Pope and Morgan Mann

    Also, to your NOC partners NetWitness (specifically David Glover), Palo Alto Networks Jason Reverri) (specifically, Lumen, Gigamon, IronNet, and the complete Dark Hat / Informa Tech staff Grifter ‘Neil Wyler’ (specifically, Bart Stump, Steve Fink, James Pope, Jess Stafford and Steve Oldenbourg).

     <strong>     About Dark Hat     </strong>     

    For 25 years, Black Hat has provided attendees with the most recent in information security research, development, and trends. These high-profile worldwide trainings and activities are driven by the requirements of the security neighborhood, striving to bring the very best minds in the market together. Black Hat inspires specialists at all career ranges, encouraging development and collaboration among academia, world-class researchers, and leaders in the personal and public sectors. Dark Hat Briefings and Trainings are usually held in america annually, Europe and United states. More information can be acquired at: blackhat.com . Dark Hat is presented by Informa Tech.

     <hr />     
     <em>     We’d want to hear everything you think. Ask a relevant question, Comment Below, and Remain Linked to Cisco Secure on sociable!     </em>     
     <strong>     Cisco Safe Social Channels     </strong>     
     <strong>          <a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer">     Instagram     </a>          </strong>          <br />          <strong>          <a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer">     Facebook     </a>          </strong>          <br />          <strong>          <a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer">     Twitter     </a>          </strong>          <br />          <strong>          <a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer">     LinkedIn     </a>          </strong>     
     <pre>          <code>        &lt;br&gt;