Security tools showcased at Black Hat USA 2021

While everyone associates the Black Hat security conference with high-profile keynotes and state-of-the-art cybersecurity research, ever since the 2017 edition, the conference has also been the place where the cybersecurity community has also announced and released security tools part of the lesser-known "Arsenal" track.

While The Record is not going to list each and every tool, we selected the most interesting releases from this year's conference below:

  • Cloud Katana - a tool developed by Microsoft to automate the execution of adversarial techniques in Azure with the help of Azure Functions with the main goal to validate detection rules and learn the underlying behavior of an attack. (Black Hat | GitHub)
  • Cloud Sniper - a platform designed to manage Cloud Security Operations, intended to respond to security incidents. (Black Hat | GitHub)
  • Kubestriker - a blazing fast security auditing tool for Kubernetes (Black Hat | GitHub | Blog)
  • REW-sploit - a tool to analyze Windows shellcode or attacks originating from the Metasploit or Cobalt Strike offensive tools. (Black Hat | GitHub)
  • LUDA - standing for "Large URLs Dataset Analyzer," this tool was developed by security researchers at Akamai to detect patterns in large collections of URLs. The tool can be used by security teams to spot URLs schemes associated to known malware strains or threat actors. (Black Hat | GitHub)
  • SGXRay - an automated tool developed by Baidu engineers to detect SGX enclave bugs rooting from violations of trusted boundaries. (Black Hat | GitHub)
  • Cotopaxi - a tool developed by Samsung for testing the security of various IoT protocols. (Black Hat | GitHub)
  • Packet Sender - an open-source utility available for Windows, Mac, and Linux to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets. (Black Hat | GitHub)
  • Kubesploit - a tool for pen-testing the security of Kubernetes clusters, complete with a post-exploitation HTTP/2 Command & Control server and agent. (Black Hat | GitHub | Blog)
  • Siembol - open-source, real-time Security Information & Event Management (SIEM) tool based on big data technologies. (Black Hat | GitHub | Blog)
  • Cloudtopolis - a tool for running a password-cracking system on the Google Cloud Shell platform. (Black Hat | GitHub)
  • Racketeer - a tool to provide a way for security teams to simulate and test detection of common ransomware operation, in a controlled manner, against a set of company assets and network endpoints. (Black Hat | GitHub)
  • Phishmonger - is an email phishing tool that allows penetration testers to quickly template, test, and deploy phishing campaigns. (Black Hat | GitHub)
  • Blue Pigeon - a Bluetooth-based data exfiltration and proxy tool. (Black Hat | GitHub)
  • Magpie - an open-source cloud security posture management (CSPM) tool meant to help companies secure cloud infrastructure. (Black Hat | GitHub | Video)
  • PurpleSharp 2.0 - a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. (Black Hat | GitHub)
  • WARCannon - a tool to search the internet at scale for web vulnerabilities. Security researchers and bug bounty hunters can leverage WARCannon to scale their research horizontally across the entire internet in a fast, cost-effective, and entirely non-invasive/invisible way. (Black Hat | GitHub)
  • PMapper - a script and library for identifying risks in the configuration of AWS Identity and Access Management (IAM) for an AWS account or an AWS organization. (Black Hat | GitHub | Blog)
  • Ping Castle - a tool for performing security audits on Active Directory servers. (Black Hat | GitHub)
  • reNgine - an automated reconnaissance framework meant information gathering during penetration testing of web applications. (Black Hat | GitHub | Homepage)
  • Solitude - an open-source privacy analysis tool that aims to help people inspect where their private data goes once it leaves their favorite mobile or web applications. (Black Hat | GitHub | Blog)
Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.