Top Black Hat USA Sessions for Qualys Customers

Black Hat USA is known for cutting-edge security research, and this year’s conference is no different. If you’re a Qualys customer, here are some Black Hat sessions we think you’ll find relevant.

Next-Gen DFIR: Mass Exploits & Supplier Compromise

An investigation of real “next-gen” digital forensics and incident response cases like SolarWinds, and how to adapt your response processes to meet today’s global threats

Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild

How sophisticated attacks use novel ways to access the cloud, especially Microsoft 365, where more and more organizations are collaborating and storing some of their most confidential data

Generating YARA Rules by Classifying Malicious Byte Sequences

An interpretable machine learning model for malware detection built with a few hundred YARA rules that can generate signatures optimized for detection with minimal false positives



Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing

New memory forensic techniques that can analyze the Linux kernel’s tracing infrastructure and report on potential abuses that currently go undetected

Breaking the Isolation: Cross-Account AWS Vulnerabilities

How an attacker could manipulate various services in AWS and cause them to perform actions on other clients’ resources due to unsafe identity policies used by AWS services to access clients’ resources

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation

An internet-scale IPv6 router discovery technique that uses a data fusion attack against residential home routers running IPv6 to discover and precisely geolocate millions of home routers deployed in the wild across the world

MFA-ing the Un-MFA-ble: Protecting Auth Systems’ Core Secrets

A new technical approach to securing auth systems’ golden secrets like private keys for SAML and how to break them into multiple less precious secrets in a fully backward compatible manner for better security

Zerologon: From Zero to Domain Admin by Exploiting a Crypto Bug

An investigation of the different exploit steps of the Zerologon attack discovered during research on Netlogon cryptography and how exactly Microsoft’s patch mitigates it

Siamese Neural Networks for Detecting Brand Impersonation

A Siamese neural network trained to detect brand impersonation (where a malicious user crafts content to look like a known brand to deceive a user into entering sensitive information) that outperforms a baseline image hashing algorithm on a held-out training set

Bridging Security Infrastructure Between the Data Center and AWS Lambda

A workload identity architected in AWS Lambda that shares identity between the data center and cloud services to create secure infrastructure between the two

Deepfake Social Engineering: Creating a Framework for Synthetic Media Social Engineering

Easy-to-implement, human-centric countermeasures against deepfake social media, e.g. when scammers impersonate executives via synthetic audio in vishing attacks to convince employees to wire funds to unauthorized accounts

How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain

Analysis of an attack that achieved remote code execution on the blockchain nodes through a vulnerability in an open source JSON parser and a reminder to blockchain developers and users to be careful about security

Securing Open Source Software – End-to-End, at Massive Scale, Together

Key lessons learned in our experience coordinating the industry-wide remediation of some of the most impactful vulnerabilities ever disclosed, including Heartbleed, Shellshock, Rowhammer, and BlueZ

ProxyLogon is Just the Tip of the Iceberg: A New Attack Surface on Microsoft Exchange Server!

An investigation of a new attack surface based on a significant change in Exchange Server 2013 that has unparalleled impact not only as the basis of critical vulnerabilities such as ProxyLogon but also as a new paradigm in vulnerability research

Plus Some Non-Research Sessions

Don’t neglect the people aspect of building effective security teams and processes!

The Ripple Effect: Building a Diverse Security Research Team

What manager doesn’t need to know more about how to create a more inclusive environment that also improves R&D team atmosphere and deliverables?

Legal Pitfalls to Avoid in Security Incidents

The lawyer’s role in a security incident and real-world client examples of how lawyers work together with information security professionals

Whoops, I Accidentally Helped Start the Offensive Intel Branch of a Foreign Intel Service

And this last one just sounds too interesting! And it looks like it will be a good source of insights into how state actors and other sophisticated organizations plan and launch attacks.

Join Us Online at Black Hat USA 2021

We are excited to see you virtually at Black Hat on August 4-5! Schedule a meeting with a Qualys security expert, watch best practices and research sessions, and learn how to get more security with Qualys.

Unfortunately, in light of CDC guidance on the COVID-19 Delta variant and out of concern for the safety of Qualys employees, Black Hat attendees, and residents of Las Vegas, Qualys has made the tough decision to forgo our in-person presence at Black Hat USA 2021. We were very much looking forward to being at the event in person and will continue to support it through our virtual presence.