SquareX at Hacker Summer Camp: It’s a Wrap!
Wrapping Up an Incredible Experience for Team SquareX
Team SquareX has just wrapped up the third and final day of DEF CON 32, marking the end of our time at Hacker Summer Camp — attending both Black Hat USA and DEF CON — in Las Vegas.
It’s been an unforgettable experience, and here are the top three highlights of our time here:
Sharing Our Research with the Cybersecurity Community
One of the proudest moments for Team SquareX was sharing our groundbreaking research with the larger cybersecurity community. Our mainstage talk, Breaking Secure Web Gateways (SWG) for Fun and Profit, led by our founder Vivek Ramachandran, was a standout event on the first day of DEF CON 32.
In this session, Vivek demonstrated how Secure Web Gateways often fall short in protecting enterprises, due to architectural limitations. He also introduced Last Mile Reassembly Attacks, which involve assembling malicious components directly in the victim’s browser from seemingly harmless data, bypassing SWGs and traditional security measures. Instead, enterprises need a browser-native solution to protect themselves against web attacks — especially at a time where employees spend most of their day on the browser.
To further underscore the point, Vivek unveiled our newly released website, browser.security, which allows anyone to test their SWG’s capabilities and empowering enterprises to better protect themselves. Check it out for yourself!
We were also honored to speak at two events at Adversary Village. Our founder Vivek was also a guest on the Village’s kickoff panel titled Let’s Hack the Planet, where he captivated the audience with insights on browser security and shared stories of his past experience with pentesting and security awareness training.
On DEF CON’s second day, Vivek and Principal Software Engineer Shourya delivered a technical talk titled Sneaky Extensions: The MV3 Escape Artists at Adversary Village. This presentation focused on Chrome’s new Manifest V3 (MV3) and demonstrated how malicious actors could still bypass its security restrictions.
Lastly, we also had the privilege of speaking at Recon Village, where our team introduced SWGRecon, a tool designed to automate the scoping of Secure Web Gateway capabilities. In our talk titled SWGRecon: Automate SWG Rules, Policy, and Bypass Enumeration, Vivek, Shourya and Product Evangelist Dakshitaa shared the inner workings of Secure Web Gateways and how the eponymous tool could help pentesters and enterprises better understand and test their SWGs.
Overall, our research was well-received, with multiple members of the media being interested to learn more about how Last Mile Reassembly Attacks work and the implications these attacks have for the broader cybersecurity industry. Such press opportunities allowed us to spark further discussion and explain the importance of browser-native security solutions for enteprises, as opposed to over-relying on Secure Web Gateways and SASE/SSE solutions.
Recording the Be Fearless Podcast at DEF CON 32
Another major highlight of our time at DEF CON was recording new episodes for the Be Fearless Podcast. We’ve long wanted to record episodes with guests overseas, and DEF CON provided the perfect opportunity to do so in person. We had set up a mobile recording studio at our booth, where our invited guests could join us for insightful chats.
Our team had an absolute blast hosting our stellar lineup of guests, from cybersecurity leaders and industry experts to academics who brought a wealth of knowledge to the table (literally!). The conversations revolved around a wide range of cybersecurity topics — from research interests and personal cybersecurity journeys to industry trends, particularly the role of the browser in modern security. We ended each episode feeling not just edified but inspired. These “DEF CON Special” episodes will be rolling out in the coming weeks, so stay tuned!
Forging New Connections and Rekindling Old Ones
Finally, our team immensely enjoyed the human connection at these conferences. There’s something special about in-person events that remote conferences can’t replace, and we thoroughly enjoyed meeting cybersecurity professionals from all walks of life at our booth.
Not only that, the past week was an immensely fulfilling bonding period for Team SquareX, with members from our offices in the USA, India, and Singapore coming together to make it all happen. We created many great memories at this year’s Hacker Summer Camp, and 2024’s experience will surely go down in SquareX lore!
What’s Next for SquareX
As we close this chapter, we’re already looking ahead. Keep an eye on this blog and our social channels for more updates, including detailed information about Last Mile Reassembly Attacks and other exciting developments. We have plenty more in store — exciting times indeed!
SquareX at Hacker Summer Camp: It’s a Wrap! was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from SquareX Labs - Medium authored by SquareX. Read the original post at: https://labs.sqrx.com/squarex-at-hacker-summer-camp-its-a-wrap-66dbeab4f70b?source=rss----f5a55541436d---4
