Hacker Summer Camp (a.k.a. Black Hat USA 2024) is almost here, and it's going to be jam-packed once again with intriguing cybersecurity talks. With over 100 sessions to choose from over the span of just two days, leaders will need to take extra care in picking the talks that will resonate best with their particular security needs. That’s why our team has taken the time to comb through this list of talks for you.
Here are the nine Black Hat talks related to security operations (SecOps) that can help your team stay up to speed. They include timely conversations about the state of cybersecurity policy, what the modern CISO needs to be on the lookout for, pressing threat research that can impact your security team’s efforts — and much more.
[ Come visit the team and learn more about what we have planned: RL @ Black Hat 2024 ]
Democracy's Biggest Year: The Fight for Secure Elections
Keynote | Wednesday, August 7, 2024, 9:00–10:00 am
This year marks a milestone for global democracy, with an unprecedented number of countries holding national elections and with higher voter participation than ever. Meanwhile, emerging technologies and escalating global tensions challenge even the longest-standing democracies — especially their electoral systems. This session will explore how international leaders are addressing election security risks such as cyberthreats, foreign interference, and generative AI. Join Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA); Felicity Oswald, CEO of the U.K.'s National Cyber Security Centre (NCSC); and Hans de Vries, COO of the European Union Agency for Cybersecurity (ENISA) as they discuss safeguarding democratic processes globally.
Project 0xA11C: Deoxidizing the Rust Malware Ecosystem
Wednesday, August 7, 2024, 10:20–11:00 am
In malware analysis, the introduction of new programming languages poses significant challenges that can deter reverse engineers and analysts from engaging with complex malware. The Go programming language exemplified this issue until high-profile incidents such as the SolarWinds attack prompted action. Researchers developed AlphaGolang, an analysis methodology revealing that, with proper contextualization, reversing Go code is often easier than traditional languages. Similarly, Rust's features — memory safety, aggressive compiler optimizations, borrowing, and complex types — result in highly intricate code that is embraced by advanced persistent threats (APTs) and ransomware groups but avoided by analysts. This panel’s proposed Project 0xA11C (Oxalic) introduces practical methodologies and tools to make Rust reverse engineering more accessible. Nicole Fishbein, security researcher at Intezer, and Juan Andrés Guerrero-Saade, assistant vice president of research at SentinelLabs, will explore these methodologies and enhance your malware analysis skills.
A Multilateral Framework for Evaluating National Cybersecurity Strategies
Wednesday, August 7, 2024, 11:20 am–12:00 pm
Governments are exploring various approaches to bolster national cybersecurity in response to today's complex threat landscape. This talk is based on a project that evaluates the national cybersecurity strategies of 12 countries, including the United States, China, Germany, and Australia. The goal of the project is to identify the most effective and innovative policy approaches by comparing the work being done by these governments. The evaluation highlights leaders, innovators, and under-performers, taking into account each country's political context and threat environment. Fred Heiding, research fellow; Alex O'Neill, national security researcher; Lachlan Price, research assistant; and Eric Rosenbach, senior lecturer in public policy, will explain how their research at Harvard University is guiding practitioners in developing more robust cybersecurity strategies and providing a template for countries that have yet to create one.
Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies
Wednesday, August 7, 2024, 1:30–2:10 pm
Attackers are constantly exploiting SaaS vulnerabilities, and this briefing will include real-world examples of SaaS tenant attacks; threat tactics, techniques, and procedures (TTPs); and indicators of compromise (IoCs). A panel from AppOmni, featuring Cory Michal, vice president for security; Brandon Levene, principal product manager for threat detection; and Ben Pruce, senior engineering manager for threat research, will disclose mitigation strategies to enhance your organizational security against evolving threats.
Skirting the Tornado: Essential Strategies for CISOs to Sidestep Government Fallout in the Wake of Major Cyberattacks
Wednesday, August 7, 2024, 3:20–4:00 pm
CISOs are facing increasing federal regulatory and criminal liabilities, highlighted by cases such as those brought by the U.S. Securities and Exchange Commission against SolarWinds and its CISO, Tim Brown. This session will provide an overview of the current landscape of CISO liability at the federal level, with insights from notable InfoSec liability cases including U.S. vs. Joe Sullivan (Uber). The session will offer practical advice on how CISOs and InfoSec professionals can protect themselves, focusing on steps to take to avoid being targeted, personal indemnity, directors' and officers' insurance, and red flags to recognize during crises. Join Jess Nall, a partner at legal firm Baker McKenzie, to learn actionable strategies on how to safeguard against regulatory and criminal repercussions.
SnailLoad: Anyone on the Internet Can Learn What You're Doing
Wednesday, August 7, 2024, 11:20 am–12:00 pm
Daniel Gruss and Stefan Gast, an InfoSec professor and an InfoSec researcher from Graz University of Technology, will deliver a presentation introducing a novel method to infer network activity remotely without relying on traditional person-in-the-middle techniques. They will showcase an end-to-end attack scenario where benign content from an attacker-controlled server facilitates spying on network activities based on latency variations. Additionally, Gruss and Gast will discuss a video-fingerprinting attack using SnailLoad traces, illustrating advancements toward passive, fully remote internet attacks.
Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government
Wednesday, August 7, 2024, 4:20–5:00 pm
Morgan Demboski and Mark Parsons from Sophos will recount their intensive investigation into Crimson Palace, a sophisticated, Chinese state-sponsored cyber-espionage campaign targeting a Southeast Asian government organization. They will discuss the discovery of three interconnected threat clusters maintaining persistent access through advanced malware, DLL sideloads, and novel defense evasion tactics, including disrupting antivirus communications. Join this session to delve into the campaign's stages and learn how the actors' adaptation to countermeasures offers practical insights for identifying and analyzing complex APT intrusions.
The Hidden Treasure of Crash Reports?
Thursday, August 8, 2024, 1:30–2:10 pm
This session with Patrick Wardle, CEO and co-founder of DoubleYou, will focus on the often overlooked but critical role of crash reports in macOS systems. Discover how crash reports can provide valuable insights into malware infections, exploitation attempts, and system vulnerabilities. Wardle will discuss the structure of crash reports, their role in revealing the cause of crashes, and their application in real-life scenarios involving macOS flaws such as uninitialized pointers and heap overflows.
Wardle will also be giving a talk about his book, The Art of Mac Malware, at ReversingLabs' Black Hat booth, #2660, on August 7, 2–3pm. Those who attend will be able to snag a free, signed copy of his book.
Threat Hunting with LLM: From Discovering APT SAAIWC to Tracking APTs with AI
Thursday, August 8, 2024, 2:30–3:00 pm
This session will be presented by Hongfei Wang, Dong Wu, and Yuan Gu from DBAPPSecurity and will focus on their experience utilizing large language models in threat hunting. They will discuss how they discovered and tracked APT SAAIWC, highlighting the role of LLMs in swiftly identifying attack samples and facilitating broader threat hunting applications. Additionally, they will cover techniques including doing filename-based threat hunting, automating sample hunting with LLM-generated YARA rules, and applying these methods in threat intelligence and hunting beyond the specific APT SAAIWC case.
Looking for something to do between talks? Meet the RL team at booth #2660
Security leaders can stop by ReversingLabs' booth on the exhibition floor to chat with our experts about our powerful threat hunting and intelligence solutions, in addition to how we’re using these technologies to power software supply chain security. Plus, we have cookies (the good kind!).
