Previewing Black Hat Europe 2022 in London: 12 Hot SessionsCollective DDoS Defense, Rethinking Internet Defense, Zero-Day Harvesting and More
Winter in London features throngs of holiday shoppers along Oxford Street, ice-skating at Hyde Park Winter Wonderland and the return of Black Hat Europe. The venerable cybersecurity event is being held again this year at the ExCeL conference center in London Docklands.
Individual sessions run the gamut from an analysis of how we can build an open, transparent, but also secure internet; tactics for harvesting zero-day flaws before attackers get to them; what we can learn from "metaparasitical" scammers who scam scammers; demonstrations of how to hack drones and electric cars; and more.
Here's a preview of what looks to be just some of the many hot sessions at this year's conference. The time zone, naturally, is Greenwich Mean Time:
Day 1: Wednesday, Dec. 7
- A Defendable Internet: Can We Build It? - 9:00 a.m.: In a keynote speech, longtime security researcher Daniel Cuthbert revisits a Black Hat keynote question voiced five years ago by Thomas Dullien (aka Halvar Flake). He asked: "Why aren't we collectively building a more defendable internet?" Cuthbert promises to update that question and to explore: "Does good security mean a lock-in approach, or are we actually capable of building an open, transparent and yet secure internet for all to enjoy?"
- Fail Harder: Finding Critical Zero-Day Vulnerabilities - 10:20 a.m.: Finding zero-day vulnerabilities and living life as an infamous bug bounty hunter might sound like fun and games, but two bug-seeking researchers from Trellix say heartbreak is such a common ethos when searching for zero-days that they now seek ways to "fail harder" - which they promise to detail in this talk - to better assist others with their own efforts.
- How We Organize Large-Scale DDoS Exercises in the Netherlands - 1:30 p.m.: How can cooperative distributed denial-of-service mitigation be implemented at a national level? The Netherlands has been exploring this question since 2018 via the Dutch Anti-DDoS Coalition, which has a remit that includes regularly running joint anti-DDoS exercises. Two members of the coalition will detail its efforts and promise to share "the technical as well as the organizational and legal aspects of organizing" these types of exercises.
- Social Engineering Pentest Aftermath: Are We Being Ethical? - 11:20 a.m.: That's the question in the wake of multiple incidents since the pandemic began involving organizations launching phishing exercises at employees using morally questionable methods, such as promising a Christmas bonus to anyone who clicked a lure. Caveat tester.
- Back-Connecting to Connected Cars - 11:20 a.m.: Who knew that a car offering "Wi-Fi, Bluetooth, V2X, 2G/3G/4G, custom RF protocols, CAN, OBD2 interfaces, automotive Ethernet, USB ports, remote diagnostics, telematics and mobile apps" could be hackable? Irony alert. Using a modern, European electric Volkswagen car - model ID3 - as a demonstration platform, security researchers promise to detail exploitable flaws that affect hundreds of thousands of cars now on the road.
- Confidence in Chaos: Strategies for World-Class Security Operations - 2:30 p.m.: Cybersecurity operations centers - SOCs - are being called on to do faster and more robust defense and detection. To help SOCs scale, representatives from Microsoft, MITRE and Red Canary promise to share "an actionable, strategic road map for any size organization to up their security ops game," based on in-depth interviews with a number of SOC-savvy experts, including themselves.
- Tracking Fraudster and Hacker 'Metaparasites' - 3:20 p.m.: Sounding worthy of a David Attenborough nature documentary, Sophos researchers will share details not just of fraudsters and hackers, but the fraudsters and hackers who prey on their own kind. "You might ask: Who cares if criminals rip each other off?" they say. "But metaparasites, inadvertently, provide an intelligence boon to analysts, allowing us to gain unprecedented insights into sales, operations, negotiations and identifiers which would otherwise remain hidden."
- Locknote: Conclusions and Key Takeaways from Day 1 - 4:20 p.m.: Unlike previous years, which featured a single, final-day "locknote" panel rounding up themes and trends from the event, this year features a locknote to conclude each day. Black Hat founder Jeff Moss, together with security experts Sharon Conheady, Meadow Ellis, Matt Suiche and Stefano Zanero, will recap the takeaways from the day and discuss how to apply them.
Day 2: Thursday, Dec. 8
- Cybersecurity: The Next Generation - 9:00 a.m.: Ransomware-battling expert Jen Ellis delivers a keynote focused on how to learn from the mistakes of the past 30 years to help security better "mature into its next phase," with a strong dose of ensuring that cybersecurity experts get to be the masters of their own collective destinies.
- Real-World Detection Evasion Techniques in the Cloud - 11:20 a.m.: Real-world malware attacks on cloud infrastructure, as well as serverless environments and containers, continue to intensify. What do defenders need to know? Matt Muir, a threat intelligence researcher at Cado Security, will detail how three malware campaigns - Abcbot, CoinStomp and Denonia - aimed to succeed, including tricks they used.
- The Hacker's Guide to Policyland - 1:30 p.m.: Want to influence how the government handles cybersecurity? A key British government cybersecurity adviser will be on hand to detail how policy development works in the U.K., how attendees can influence the outcomes, and the current strategy for international policy efforts.
- Locknote: Conclusions and Key Takeaways from Day 2 - 4:20pm: Like the end of day one, this will feature takeaways from the conference and how these trends will affect information security as we know it, analyzed by Black Hat founder Jeff Moss, this time joined by review board members Jiska Classen, Federico Maggi, Leigh-Anne Galloway and Anant Shrivastava.
Other sessions on Thursday that sound interesting include "Grand Theft Drone," on the quest for new ways to remotely take control of drones; how to better use artificial intelligence and machine learning to enhance SOCs; an analysis of how advanced persistent threat attackers target Azure Active Directory; how to bypass web application firewalls; and more.
The above list isn't meant to be exhaustive but rather to give a flavor of some of the discussions happening at this year's conference. Hope to see you there.