SquareX at Hacker Summer Camp: DEF CON 32 Day 1
Day 1 Recap with Team SquareX
Energized from the rush of Black Hat USA, Team SquareX dove straight into the next phase of Hacker Summer Camp: DEF CON 32. This year, the event was held at the Las Vegas Convention Center, a familiar venue for the infosec community. Much like Black Hat, DEF CON attracts thousands of hackers, infosec professionals and security researchers, all gathering to explore the latest in (offensive) cybersecurity.
Setting the Stage for The Be Fearless Podcast
Our team arrived early to set up our booth, but with a unique twist this time: we decided to record episodes of our Be Fearless Podcast right at our booth.
Throughout the day, we had the pleasure of hosting a stellar lineup of guests, including Vangelis Stykas, CTO of ATROPOS.ai; Phillip Wylie, host of The Phillip Wylie Show; Subho Halder, co-founder and CISO of Appknox and Rachid Harrando of Black Hat Arsenal fame. We also hosted old friends like Jordyn Short of the Stats on Stats Podcast — whom we’ve collaborated with before — at the booth.
These conversations were both insightful but also inspiring, as we picked the brains of some the industry’s brightest folks. Stay tuned for the full podcast episodes — we can’t wait to share them with you!
SquareX in Action
DEF CON is known for its diverse range of talks, and Team SquareX was right in the middle of the action. Our founder Vivek Ramachandran, kicked off the day as part of the Adversary Village Kickoff Panel. Themed Let’s Hack the Planet, Vivek both entertained and educated the audience, regaling them with tales of his previous pentests, humorous anecdotes and lessons learnt.
Along with Vivek, our teammates Shourya and Dakshitaa later took the stage at Recon Village, where they showcased a new tool developed by the team: SWGRecon. Their talk, titled SWGRecon: Automate SWG Rules, Policy, and Bypass Enumeration, demonstrated how attackers could scope the capabilities of Secure Web Gateways (SWGs) using this tool. The talk was well-received with the audience keenly interested in how SWGRecon could automate the process, making it easier to pentest and identify potential vulnerabilities.
On the DEF CON Main Stage
The highlight of Day 1 was undoubtedly SquareX’s much-anticipated talk, Breaking Secure Web Gateways (SWG) for Fun and Profit. In this groundbreaking session, Vivek and the team demonstrated the limitations of SWGs with specific use cases, then showed how they could be bypassed with Last Mile Reassembly Attacks, where the malicious components are assembled directly in the victim’s browser from seemingly non-malicious data.
To cap off the session, we shared a website (browser.security) where attendees could learn more about Last Mile Reassembly Attacks and even test them against their own SWGs. The response was overwhelming, with a full house in attendance and a lively discussion following the presentation.
Wrapping Up Day 1
And that was Day 1 of DEF CON 32! After recording multiple podcast episodes, meeting lots of new people and going on stage for talks, it’s now time for Team SquareX to recharge their batteries with a good ol’ team dinner, and we’ll catch you tomorrow for Day 2!
SquareX at Hacker Summer Camp: DEF CON 32 Day 1 was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from SquareX Labs - Medium authored by SquareX. Read the original post at: https://labs.sqrx.com/squarex-at-hacker-summer-camp-def-con-32-day-1-dc60450d5982?source=rss----f5a55541436d---4
