Black Hat USA 2021 – Top 5 Sessions to Attend & Tips to Survive Now that Conferences are Back In-Person

It is that time of the year again—hacker summer camp is back! In 2020, the global pandemic dramatically changed our social environment, and both Black Hat and Defcon went virtual with in-person networking and parties placed on hold. This year, both events are back with a hybrid flavor to them.

Black Hat USA, Saturday, July 31 to Thursday, August 5 is a hybrid offering—you can choose to go in person or attend online. It’s followed by Defcon 29, August 5 to August 8.

The in-person Black Hat event has limited places accommodating less than half of the 17,000-attendee count that typically attend. As I am based in Europe and face the current restrictions on international travel, this will be a virtual-only event for me.

Reviewing hundreds of session is a challenge, so I’ve listed my top 5

Whether you’re preparing to go to Las Vegas or, like me, finding a comfortable place at home to participate, it’s always challenging to review the hundreds of sessions available. In an effort to help you in your decision-making process, I have listed my top 5 sessions not to miss at Black Hat 2021.

Choosing sessions to attend this year was more difficult, with many of my favorite speakers missing from the lineup. I’ll definitely be watching the keynote with Matt Tait, COO at Corellium, who previously worked as an analyst at GCHQ. He will be sharing details on defending supply chains as well as the future of contactless deliveries.

Top 5 sessions to attend at Black Hat 2021

I hope my Black Hat conference picks will help you get started with your planning, and that we all have an awesome hacker summer camp experience.

Breaking the Isolation: Cross-Account AWS Vulnerabilities

Shir Tamari  | Head of Research, Wiz.io
Ami Luttwak  | Co-Founder & Chief Technology Officer, Wiz.io

Date: Wednesday, August 4 | 11:20am-12:00pm and 3:20pm-4:00pm ( Virtual )

Tracks: Cloud & Platform Security, AppSec

With so many organizations accelerating their migration to the cloud, this session stands out as a must-watch.

Multiple AWS services were found to be vulnerable to a new cross-account vulnerability class. An attacker could manipulate various services in AWS and cause them to perform actions on other clients’ resources due to unsafe identity policies used by AWS services to access clients’ resources.

The vulnerabilities have been proven on three major AWS services (AWS Config, Cloudtrail, and Serverless Repository) and have allowed a potential attacker to write and read certain objects from private S3 buckets. This session reviews the specific mitigations provided to the IAM vulnerabilities and discuss the current gaps in the way the vulnerability management process for IAM is handled today.

FROM ZERO TO FULL DOMAIN ADMIN – Tracking the digital footprint of a ransomware attack—a real-world incident

Joe Carson  | Chief Security Scientist & Advisory CISO, ThycoticCentrify

Date: Thursday, August 5 | 1:40pm-2:00pm ( Virtual )

Tracks: Risk, Compliance and Security Management, Security Operations & Incident Response

Last but not least, my own session at Black Hat will demonstrate and discuss a real-world security incident that involved the CryLock Ransomware variant. I will share the methods and techniques used by attackers while providing tips on how you can avoid becoming the next victim.

Connect with ThycoticCentrify virtually or in person at Black Hat 2021.
Booth #1770

VIRTUAL and IN-PERSON BUSINESS HALL

Stop by our booth to learn more about Cloud-Ready PAM.  Don’t forget to enter our raffle. We’ll be giving away a Peloton, an Xbox Series X, an Oculus VR Headset, and more. 

LIVE DEMOS

We are offering customized product demos, tailored to address your organization’s modern security needs at scale. Discover and explore how our cloud-ready PAM solutions can help your organization stay safe from the ever-expanding threatscape. Book your demo today.

Not registered? Join us at the Black Hat virtual event, registration is FREE!

And Finally, My Top Survival Tips for Hacker Cons

There are several tips for those attending Black Hat or Defcon in person. They’ll help you stay safe and reduce the risk of becoming compromised. I follow these practices on my frequent travels, but I take specific precautions during Black Hat and Defcon to further reduce risks.

Here’s a quick list to keep in mind:

  • Keep valuables in your hotel room locked in your suitcase
  • You are going to be caught on camera and tracked, so accept it
  • Update, patch, and backup your devices before you leave home
  • Power off any devices that you are not using
  • Leave sensitive data at home
  • Use cash and keep your contactless cards in an RFID protected wallet
  • Always assume someone is watching and monitoring you
  • Avoid Public WIFI and use mobile data always with a VPN

Have fun and stay safe!

*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Joseph Carson. Read the original post at: https://thycotic.com/company/blog/2021/07/29/black-hat-usa-2021-top-5-sessions/