12 Events at Black Hat USA 2019 You Won’t Want to Miss

“We are totally overwhelmed by the amount of [tasks] we should be doing but can’t because of a lack of resources.” That’s how one respondent characterized the state of cybersecurity affairs in the fifth annual survey of attendees conducted by Black Hat.

Among the findings were statistics like this: 65% of respondents “believe they will have to respond to a major security breach in their own organization in the coming year, up from 59% in 2018; most do not believe they have the staffing or budget to defend adequately against current and emerging threats.”

The survey polled 345 security professionals and was released earlier this month in advance of the annual Black Hat USA conference. The conference – being held August 7th and 8th in Las Vegas – is expected to attract an estimated 19,000 attendees (the Bricata team will be there too in booth #1275).

The conference has a reputation for being more technical than other conferences – which in turn brings in a more technical audience – like those that completed this survey. Some of the other interesting revelations in the survey that stood out for us were the following:

  • “90% of security pros believe that no matter how careful individuals are, their data is likely to be available to criminals right now;”
  • “75% of cybersecurity experts say that using any social network is a bad idea;”
  • “More than three-quarters of respondents (77%) believe that a successful cyberattack on US critical infrastructure will occur in the next two years, up from 69% in 2018;” and
  • “Four in 10 security professionals consider themselves ‘burned out.’”

These statistics do well to define the backdrop for the conference this year. Ideally, the conference will also present and discuss ways to overcome some of the challenges.

>>> Related: 96+ Articles, Blogs and Links that Summarize the Black Hat USA 2018 Conference

Black Hat Briefings and Arsenals that You Won’t Want to Miss

The show features two main formats for presenting information. First, are the “Briefings” which generally mirror the classic conference session format. Second, those events labeled “Arsenal” are often interactive live demonstrations from researchers and members of the open source security community.

We’ve combed through both categories of events through the lenses of network security and identified the following sessions as likely to be of interest to our community. We’ve also linked to the complete session description and, where possible, to presenter social media profiles.

1) Building Tools for Detecting HTTPS Interception [Briefing]

What: “In this talk, we will provide an overview of the various forms of HTTPS interception, the development of an open-source HTTPS interception detection tool, along with the insights we observed and want to share with the security community.” Read more.


>> Luke Valenta, Ph.D. Student, University of Pennsylvania
>> Gabriele Fisher, Systems Engineer, Cloudflare

When: Wednesday, August 7 | 10:30am-10:55am

Where: South Seas CDF

2) Attacking and Defending the Microsoft Cloud [Briefing]

What: “This presentation focuses on the Microsoft Cloud (Office 365 & Azure AD) and explores the most common attacks against the Cloud and describes effective defenses and mitigation. While the content is focused on the Microsoft Cloud, some of the attack and defense topics are applicable to other cloud providers and are noted where applicable.” Read more.


>> Sean Metcalf, CTO, Trimarc
>> Mark Morowczynski, Principal Program Manager, Microsoft

When: Wednesday, August 7 | 11:15am-12:05pm

Where: South Pacific

3) New Vulnerabilities in 5G Networks [Briefing]

What: “In this talk, we visit security features of 5G radio networks and reveal new vulnerabilities affecting both the operator infrastructure and end-devices (including mobiles, NB-IoT, laptop, etc.).” Read more.


>> Altaf Shaik, M.Sc., Technical University of Berlin and Kaitiaki Labs
>> Ravishankar Borgaonkar, Dr., SINTEF Digital

When: Wednesday, August 7 | 1:30pm-2:20pm

Where: South Pacific

4) Cyber Insurance 101 for CISOs

What: “This session provides a basic understanding of a cyber policy including market dynamics, coverage terms and conditions, and services included with the product.” Read more.


>> Jeffrey Smith, Managing Partner, Cyber Risk Underwriters

When: Wednesday, August 7 | 1:30pm-2:20pm

Where: Mandalay Bay CD

5) LMYN: Let’s Map Your Network [Arsenal]

What: “You can’t secure what you are not aware of. LetsMapYourNetwork (LMYN) aims to provide an easy-to-use interface to visualize any network in graphical-form with zero manual error at any point-of-time, where a node represents a system and relationship between nodes represents the connection.” Read more.


>> Pramod Rana, Senior Security Engineer, Coupa Software

When: Wednesday, August 7 | 2:30pm-3:50pm

Where: Business Hall (Oceanside), Arsenal Station 10

6) He Said, She Said – Poisoned RDP Offense and Defense

What: “In this talk, we will not be covering a typical RDP vulnerability where a server is attacked – instead, we will show that just by connecting to a rogue machine, your own host can be reliably and silently compromised. Although there are numerous vulnerabilities in popular open source RDP clients, this talk heads straight for the crown jewel: the Microsoft Terminal Services Client or MSTSC.EXE.” Read more.


>> Dana Baril, Security Software Engineer, Microsoft
>> Eyal Itkin, Vulnerability Researcher, Check Point Software Technologies

When: Wednesday, August 7 | 4:00pm-4:50pm

Where: South Seas ABE

7) Detecting Malicious Files with YARA Rules as They Traverse the Network

What: “YARA, the pattern matching swiss knife for malware researchers, has been extremely useful at detecting suspicious files on the endpoint. However, little or no information is publicly available on how to leverage this useful tool to scan for files as they are traversing the network. In this presentation, I will show how you can open source Zeek IDS (formerly Bro) and how some custom developed scripts can be used to extract files from the network and identify attacks on an early stage before it causes more damage.” Read more.


>> David Bernal, Lead Security Researcher, SCILabs – Scitum

When: Wednesday, August 7 | 5:05pm-5:30pm

Where: Islander FG Date

8) On Trust: Stories from the Front Lines

What: “We’ll explore how companies, like people, develop a character, and that a key determinant of that character is their approach to security and privacy. And we’ll see how this character can lead to, or away from, earning trust. Finally, we’ll consider several major industry happenings over the past few years as examples of companies who have successfully (and unsuccessfully) navigated times of transformative change.” Read more.


>>Jamil Farshchi, Chief Information Security Officer, Equifax

When: Thursday, August 8 | 9:00am-9:25am

Where: Lagoon GHI

9) The Enemy Within: Modern Supply Chain Attacks

What: “Go behind the scenes and learn about previously undisclosed supply chain attacks – from the techniques and objectives of adversaries, the mechanisms that were effective in blunting their attacks, and the sometimes-comical challenges dealing with our most complex asset to defend… developers.” Read more.


>> Eric Doerr, General Manager, Microsoft Security Response Center

When: Thursday, August 8 | 9:45am-10:35am

Where: Islander EI

10) DevSecOps: What, Why and How

What: “In this talk, we shall focus on how a DevOps pipeline can easily be metamorphosed into a DevSecOps and the benefits which can be achieved with this transformation. The talk (assisted with various demos) will focus on developing a DevSecOps pipeline using free/open-source tools in various deployment platforms, i.e. on-premise, cloud-native and hybrid scenarios.” Read more.


>> Anant Shrivastava, Regional Director – Asia Pacific, NotSoSecure

When: Thursday, August 8 | 11:00am-11:50am

Where: South Pacific

11) Predictive Vulnerability Scoring System

What: “We’ll look at tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, scraping mailing lists, collecting data feeds and ultimately end up with a few dozen data points that helped us understand the probability of a vulnerability being exploited. Finally, we’ll use all that data as well as billions of in-the-wild events collected over 5 years in order to create a machine learning model for predicting the probability of a vulnerability being exploited, a scoring system which outperforms CVSS on every metric: accuracy, efficiency and coverage.” Read more.


>> Michael Roytman, Chief Data Scientist, Kenna Security
>> Jay Jacobs, Chief Data Scientist, Cyentia Institute

When: Thursday, August 8 | 12:10pm-1:00pm

Where: South Seas CDF

12) Making Big Things Better the Dead Cow Way

What: “In this session, three key figures from the 35-year-old group’s history — Mudge Zatko, Chris Rioux, and Deth Vegetable — will discuss the cDc’s evolution from teenage misfits into industry leaders, its many contributions, and the enduring lessons for other hackers out to make a difference. They will be questioned by Joseph Menn, author of ‘Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World,’ published June 4.” Read more.


>> Joseph Menn, Investigative reporter and author, Reuters
>> Peiter “Mudge” Zatko, Chair, Stripe / Cyber-ITL
>> Christien Rioux, Co-founder, Veracode
>> Luke Benfey, Head of Operations / ISO, Cloud.IQ Ltd.

When: Thursday, August 8 | 2:30pm-3:20pm

Where: Islander FG

* * *

If you are attending Black Hat USA 2019, we’d welcome the opportunity to speak with you in booth #1275. We’ll be set up to provide live demonstrations of our product. If you’d like to learn more about us before the show, be sure to check out the overview of the network threat detection we provide or peruse our newsroom to see our latest announcements.

If you enjoyed this post, you might also like:
5 Fundamentals for Mitigating the Risk of Laterally Spreading Malware

*** This is a Security Bloggers Network syndicated blog from Bricata authored by Bricata. Read the original post at: