With Black Hat and DEF CON kicking off in Vegas this week, there’s no better time than the present to highlight some of the hot trends and topics to catch while you’re at the show — in person or virtually. Our security practice at Merritt Group has put together some of the top talks, workshops, and sessions to attend. And even better, we’ve made it easy for you to navigate them by topic!
Social Engineering and Human Risk:
“No Mr. Cyber Threat!” – A Psychological Approach To Managing the Fail-to-Challenge Vulnerability
Black Hat | August 11 | 1:30 pm
This is the “Malicious Floorwalker” exercise, an impactful behavioral intervention designed and delivered by the UK MOD Cyber Awareness Behaviors & Culture team. Grounded in robust psychological theory and interwoven with social engineering practice, it is a way to manage human vulnerability rather than just uncover it.
Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering
Black Hat | August 11 | 1:30 pm
This talk will unmask ways in which ongoing operations by advanced persistent threats based in different countries (North Korea and Iran) are using recruitment themes to compromise victims.
Balancing the Scales of Just-Good-Enough
DEF CON | August 12 | 1:15 pm
This talk will explore how enterprises can create an efficient and effective MITRE ATT&CK test plan. Attendees can expect to learn how enterprises can strategically balance MITRE ATT&CK techniques, sub-techniques, and procedures to maximize their test plans and minimize cost, gaining the key confidence that procedural variation offers while staying true to threat intelligence and keeping budget in mind.
Nation-State and Geopolitical Warfare:
Industroyer2: Sandworm’s Cyberwarfare Targets Ukraine’s Power Grid Again
Black Hat | August 10 | 10:20 am
This talk covers the technical details behind the reverse engineering of Industroyer2 and compares it against the original. It also provides a higher-level analysis of the attackers’ modus operandi and discusses why and how the attack was mostly unsuccessful.
The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
Black Hat | August 10 | 11:20 am
This session will cover Nisos researchers’ discovery of a prolific disinformation campaign during Colombia’s May 2022 elections. Panelists will explore how Venezuelan leftist organizations are driving social media narratives in support of current leftist Colombian presidential candidate and former M-19 revolutionary member, Gustavo Petro.
Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine
Black Hat | August 10 | 3:20 pm
From the beginning of 2022, we have dealt with at least seven strains of wiper malware targeting Ukraine. The latest wiper was used to attack satellite modems with suspected spillover into critical infrastructure in Western Europe. Before this, nation-state wiper malware was relatively rare. This period of abundance is teaching us a great deal about the effects attackers can and cannot have during military operations and what we should realistically expect in an era of hybrid warfare with cyber components.
OopsSec: The Bad, the Worst, and the Ugly of APT’s Operations Security
DEF CON | August 12 | 10:30 am
Advanced Persistent Threat (APT) groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on target machines for as long as possible. These researchers will explore whether the same efforts are invested in the operation security of these campaigns.
Security Guidance, Policies, and Standards:
No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook to Develop a Shared Narrative of Major Cyber Incidents
Black Hat | August 10 | 3:20 pm
Have you been looking for tips on how to upgrade your next cyber investigation? This session will cover the eight fundamental questions you should ask and provide guidance on communicating the indisputable facts of an incident rather than opinions.
Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories
Black Hat | August 11 | 11:20 am
This talk provides examples of systemic problems with security patches and how those problems negatively impact enterprise security. Learn about methods for incentivizing vendors to improve their servicing habits, including alternative disclosure timelines for failed patches.
How the “Assume Breach” Mentality Impacts Future Proofing Your Organization
Black Hat | August 11 | 11:30 am
This discussion will explore the “assume breach” approach to ongoing cybersecurity dilemmas in 2022 and how focusing on detection and prevention can complement each other.
Identity and Access Management:
The Technical Building Blocks of Zero Trust Security in 90 Minutes
Black Hat | August 6 – 7, 8 – 9 | Time Varies
In this workshop, top security experts will break down Zero Trust into its fundamental technical components and show attendees how to connect them together to protect corporate assets and prevent lateral movement.
IAM The One Who Knocks
Black Hat | August 10 | 11:20 am
This talk presents the hidden risks of managing identities and access in a multi-cloud environment. We will expose access flaws and misconfigurations that attackers can easily abuse to gain access to confidential and sensitive information.
Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
Black Hat | August 10 | 3:20 pm
Gain insight into the external identities concepts, the technicalities that allowed these attacks to exist, and ways to harden against these attacks and detect abuse of these vulnerabilities.
Cloud and Platform Security:
The COW (Container On Windows) Who Escaped the Silo
Black Hat | August 11 | 3:20 pm
Virtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host. This talk will answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?”
Asaf Gilboa and Ron Ben-Yitzhak – LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS
DEF CON | August 12 | 3:00 pm
Researchers discovered a novel technique for credential dumping in which undocumented components of the operating system are going undetected by current security products. Credentials that are extracted from the memory of LSASS (the system process that manages authentication and holds the credentials of all logged-in users) can be used by attackers for lateral movement and execute ransomware across the network. Join this session to learn more about the steps and approach of how they reverse-engineered the WER dumping process, the challenges they found along the way, and their methods for solving them.
Remote/Physical Access and Risks:
Perimeter Breached! Hacking an Access Control System
Black Hat | August 11 | 10:20 am
According to a study done by IBM in 2021, the average cost of a physical security compromise is $3.54 million and takes an average of 223 days to identify a breach. This presentation will provide a detailed walkthrough of the eight discovered zero-day vulnerabilities, describing end-to-end exploitation using malware that IBM designed to control system functionality.
RollBack – A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
Black Hat | August 11 | 1:30 pm
This talk introduces RollBack, a new replay-and-resynchronized attack against most of today’s RKE systems. It shows how the rolling codes can be resynchronized back to a previous code used in the past from where all subsequent yet already used signals work again. Moreover, the victim can still use the key fob without noticing any difference before and after the attack.
Bug Bounty/Hunting:
Bug Bounty Evolution: Not Your Grandson’s Bug Bounty
Black Hat | August 11 | 10:20 am
This talk is for the dreamers, the wishers, the post-modern risk economists, the hackers of labor systems, and the destroyers of status quos. This is not your grandson’s bug bounty.
Bug Hunters Dump User Data. Can They Keep it? Well, They’re Keeping it Anyway
Black Hat | August 11 | 11:20 am
A security researcher used a modern bug bounty platform to disclose an accidental dump of personal data of ~50,000 FAANG companies’ users from that company’s servers. The data passes through several third-party systems not related to the company and lands on the researcher’s laptop. What were the legal obligations of the company running the program to protect the data affected? What were the legal obligations, if any, put on the researcher around protecting the data? Who should be responsible for the cleanup? We recommend you attend this session to find out.
For help standing out in the crowded security market and driving additional awareness, visit https://www.merrittgrp.com/industries/security/ or contact Michelle Schafer, Senior Vice President and Partner, at schafer@merrittgrp.com.