Black Hat: What’s in a Name

Black Hat starts Sunday. Over the years, the conference has come to be known by many names, ranging from “cybersecurity summer camp” to “hacker boot camp.” Equally interesting is the array of titles for the dozens of Briefings and Arsenal presentations scheduled. 

There is simply no way for anyone to attend every session, they overlap. The level of importance each holds for event-goers is certainly relevant to their interests and positions held. There are a few on the agenda this year that are attention grabbing to a wider audience, as they touch on several widely-publicised trends. For anyone who wants to gain more technical and general understanding of what some of these current events are all about, here is a list of a few talks to consider attending:

Trend: Biometrics
Briefing: Biometric Authentication Under Threat: Liveness Detection Hacking
Schedule: Wednesday, Aug. 7 | 10:30-10:55 AM

Over the years, hackers and researchers have demonstrated lots of ways to bypass biometric authentication controls. This session adds an interesting twist. It will show attendees how the recent scourge of the security world, deep fake video and audio, can be used to fool biometric authentication layers. Anyone interested in leveraging these types of controls to protect their organization’s assets should consider attending.

Trend: Deep Fakes
Briefing: Detecting Deep Fakes with Mice
Schedule: Wednesday, Aug. 7 | 10:30-10:55 AM

In the news media, the “deep fake” focus has been mostly on video. This is likely due to the fact that it provides great visuals for broadcast audiences and opens up myriad story possibilities tied to lightningrod politicians. Who won’t click on a news link about a deep fake video targeting Donald Trump? 

What’s super interesting about this briefing is that while it does take advantage of a huge trend, in terms of infosec it appears to be more focused on the more practical side of deep fake threats, the manipulation of voice. Add to it the live-animal factor and you have interesting X2. It looks like PETA can now carry its protests to the world of infosec. 

Trend: Cyber Insurance
Briefing: Cyber Insurance 101 for CISO’s
Schedule: Wednesday, August 7 | 1:30-2:20 PM

Admittedly, this may not be the sexiest or most exciting topic in security. I mean who wants to sit around discussing the nuances of insurance coverage when you could be learning how to hack electric motors and ATM machines? 

For CISOs and other leaders in charge of protecting the “business” against risk, this may be a key session they need to attend.

Trend: Phishing
Briefing: Testing Your Organization’s Social Media Awareness
Schedule, Thursday, August 8 | 9-9:25 AM

Phishing is a trend that won’t die. As long as there are people connected to the internet, there are going to be scam artists attempting to take advantage of naivety. For anyone working to defend a company with employees who are frequently engaged in social media networks such as LinkedIn and Facebook, this may be one to attend. The presenters are going to build greater understanding on methods to identify the most likely attack targets within organizations. 

Trend: Culture
Briefing: Making Big Things Better the Dead Cow Way
Schedule: Thursday, August 8, 2:30-3:20 PM

Although this doesn’t appear to be a session on how to build a better and more effective security culture, it looks as if it may reveal how a force of hackers can actually be used to shape things to come. Participating in the session based on Reuters’ reporter Joe Menn’s best selling book, Cult of the Dead Cow,” this briefing will offer a huge reveal, as an original cDc member will appear for the first time as his authentic self. 

Trend: Cyberwar
Briefing: Responding to a Cyber Attack with Missles
Schedule: Wednesday, August 7 | 2:40-3:30 PM

The abstract says it all: The lines between real and virtual worlds are blurring fast. Several governments have publicly stated that they reserve the right to respond to cyber attacks with kinetic force. Now we are seeing that happening for real. What are the rules of engagement in these new conflicts? And where is the cyber arms race taking us next?

Trends: Skills Shortage and Malware Analysis
Arsenal: The Go Reverse Engineering Tool Kit
Schedule: Thursday, August 8, 1-2:20 PM

With more than 1.5 million cybersecurity jobs unfilled and uncountable volumes of malware floating around, you can bet that most CISOs and organizations are looking for ways to deal with the challenges that both of these trends are creating. In this presentation, Anomali’s own Joakim Kennedy will demonstrate an open source tool he developed that makes it easier to perform reverse engineering and analysis and which lowers the bar to entry for anyone wanting to enter the analysis field. 

Trend: 0-Days
Briefing: Selling 0-Days to Governments and Offensive Security Companies
Schedule: Wednesday, August 7 | 1:30pm-2:20pm, Thursday, August 8 | 11:00am-11:50am

What? You can do that? Attend this event to look at how 0-day brokerage dynamics work. 

Happy Black Hatting and do be careful of locust swarms!

Joe Franscella

About the Author

Joe Franscella

Joe Franscella is a Senior Director of Strategy at Anomali. Over the course of his career, he’s led strategies at numerous cybersecurity companies that have helped them to convey the value that their solutions deliver to the market. He is passionate about helping all organizations to defend themselves against advanced cyberthreats.