Black Hat 2019 is just around the corner, and this year promises to be better than ever. “Hats” off to Black Hat for once again filling the schedule with an awesome set of intriguing talks, events, and parties. With all the presentations and panels to choose from, it can be difficult to plan your schedule. That’s why we’ve compiled a shortlist of must-see, talks, so you don’t miss out on anything Black Hat has to offer!
Now let’s dive in:
Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
Time: Wednesday, August 7th|10:30am-10:55am
Place: South Seas ABE
Listen in on this riveting discussion by researcher, Wenxu Wu, and learn about some revolutionary research regarding finding critical vulnerabilities within Windows 10. Wu will explain a certain, “silver bullet,” he has found which will discover file privilege escalation bugs, which he is hoping to use to build a preventative detection system. This informative discussion will give you an in-depth view as to the research Wu has conducted, and future possibilities that stem from it!
Cybersecurity Risk Assessment for Safety-Critical Systems
Time: Wednesday, August 7th|5:05pm-5:30pm
Place: South Pacific
If you are interested in cybersecurity, and are interested in space systems you do not want to miss this briefing! The speakers will give an intriguing insight into the fact that we give little to no focus on the cybersecurity of the space system that the majority of the world’s critical infrastructure relies on, due to the lack of governance of the critical infrastructure. The presentation will provide details on the potential risks present in these systems, and will provide next steps, into how we can both decrease and assess cyber risk in space systems–and explore the use of the Honeywell technique. Don’t miss out on this groundbreaking presentation!
Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society.
Time: Wednesday, August 7th|11:15am-12:05pm
Place: South Seas CDF
Hackers, cybersecurity, and more! If you are interested in crowdsourced security (as much as we are), this is the talk for you! The speaker will go into detail regarding the increased importance for corporate crowdsourced security programs to go public to reduce cyber risk. The speaker argues the need for ethical and experienced hackers to detect and destroy bugs in corporate systems. In this panel, security technologist Bruce Schneier, Mozilla Fellow, and Camille Francois, will give in-depth examples about how public-interest technologists are necessary in preserving a socially safe digital society, while also discussing how hackers can aid in diminishing some of the most prominent social issues we have. This promises to be a fascinating discussion!
Bounty Operations: Best Practices and Common Pitfalls to Avoid in the first 6-12 Months.
Time: Wednesday, August 7th|11:00am-11:50am
Place: Mandalay Bay CD
Want to learn more about Bug Bounty Programs from experienced professionals? Visit this panel to hear about common program trends, learn some important tips regarding day-to-day operations, triage strategies, and more! The panelists will also explain why certain trends seem to be recurring even with the rapid technological advancements that have been put into effect.
Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term
Time: Wednesday, August 7th|12:10pm-1:00pm
Place: Mandalay Bay CD
Are you running a bug bounty program, but not sure if you are optimizing your results? Well listen in on this talk to learn more about how to run a successful, and long-term Bug Bounty Program. Bugcrowd’s very own Strategy Program Manager, Chloe Brown, will explain more about building gamification and incentive models that lead to impressive results, and much more. Do not miss this talk if you are hoping to run a successful bounty program!
Testing Your Organization’s Social Media Awareness
Time: Thursday, August 8th| 9:00am-9:25am
Place: Breakers GHI
Social media is among the most frequently used platforms in the world today, allowing us to connect with the world. What we often ignore is the dangers that can stem from such always-on connectivity. In this talk speaker, Jacob Wilkin, will explain how new tools can lead to mass information gathering on social media, and how our understanding of these practices can help us prevent fraudulent activity. Wilkin will also detail Social Mapper, as well as release Social Attacker, the first open source, multi-site, automated Social Media Phishing Framework. This is not one to be missed!
Moving from Hacking IoT Gadgets to Breaking into One of Europe’s Highest Hotel Suites
Time: Thursday, August 8th | 5:00pm-6:00pm
Place: Islander FG
This talk will cover everything from hacking simple bluetooth padlocks to hotel suites and elevators. Physical Security Researcher, Ray Michael Huebler will give an in-depth presentation on the methods used to reverse engineer the wireless protocol based on BTLE captures, analyzing the decompiled mobile phone app and intercepting the TLS encrypted traffic to the back end API. Stop by to learn how this combination enabled compromise of one of Europe’s highest hotel suites.
Every Security Team is a Software Team Now
Time:Wednesday, August 7th | 9:00am-10:00am
Place: Mandalay Bay Events Center
Nowadays, every single company relies on software, whether they develop it on their own or they purchase it. In this presentation Staff Security Engineer, Dino Dai Zovi will explain what impact this trend has on cybersecurity. Zovi will explain how the increased use of software has caused an overall shift in company makeup. He’ll also explain why each and every unit of a company must become fully involved in their own cybersecurity, and the security team must move away from general security, to a focus on integrated software security. In the talk, Zovi explore how this is already being done across high-performing companies and how to foster this security transformation in our organizations as well.
Controlled Chaos: The Inevitable Marriage of DevOps & Security
Time: Wednesday, August 7th|4:00pm-5:00pm
Place: South Pacific
Does the company you work at, run on software? Well, this is the talk for you! Nowadays, every single company is gearing more towards software to run vital programs. In this talk, Capsule8’s VP of product strategy, Kelly Shortridge, and Google Cloud Researcher Nicole Forsgren will lead a discussion regarding how DevOps will inevitably become the backbone of most companies, those that resist will inevitably fall behind in the grand scheme of things. The discussion’s primary purpose is to explain the basics of DevOps as well as the concept of resilience and chaos engineering. They will provide an in depth overview, describing what characteristics of a company grant it an “elite title,” while also discussing how modern DevOps goals are similar to modern infosec’s goals. Go to this talk to learn how to embrace the chaos!
How Do Cyber Insurers View The World?
Time: Wednesday, August 7th|4:00pm-4:50pm
Place: Mandalay Bay CD
Cyber insurance in the modern world is among the most necessary assets a company must have. In this talk, Cyber Project Manager, Matt Prevost will explain how there are a lot of misconceptions and misinformation presented to us about cyber insurance. In this presentation the speaker will discuss, How Insurance Companies See Companies Actuarial, Pricing and Underwriting, Do the insurance carriers actually pay claims, how is the insurance industry evolving, and more. You do not want to miss this presentation about cyber insurance!
Lessons and Lulz: The 5th Annual Black Hat USA NOC Report
Time: Thursday, August 8th| 5:00pm-6:00pm
Place: South Seas ABE
Once again, Black hat will be presenting it 5th annual Black Hat USA NOC Report! Visit this talk to hear all about the data that keeps all unusually puzzled, crushing statistics, and much more! Learn about all of the tools needed in order to stabilize the network, as well as possible changes that could be made. Visit this talk to hear about our humorous network activity. This is one of the must see talks of the conference, do not miss it!
No matter which presentations you choose to attend, #HackerSummerCamp is set to be a blast. Stay tuned for our DEF CON edition, and we’ll see you next week in Las Vegas!
Got a suggestion? Reach out to us on Twitter @Bugcrowd!