The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019August 19, 2019
Black Hat and DEFCON are a wrap! Digital Shadows was there in a big way this year and it was also a year of firsts: our first big island booth, my first time getting to go to the show, Richard Gold’s first time presenting at DEFCON, and Digital Shadows’ first open source tool release, the “Offensive Orca”. The week prior to that, Photon Research Team released two major pieces of work. The first was a blog, The Account Takeover Kill Chain: A Five Step Analysis, which explored the full account takeover (ATO) kill chain with examples and screenshots galore (also an awesome mitigation graphic at the end!). At the same time, we launched our report Two-Factor In Review: A technical assessment of the most popular mitigation for account takeover attacks, detailing the technologies involved with 2FA, attacks against the solution, and ways to mitigate them. We described the problem, and provided the best solutions, which is something that Photon strives to do with every piece of work we do. Needless to say, the team has been busy!
In this blog, I want to briefly recap Black Hat as a newcomer and talk about why I think the show is so special – as well as why I’ll definitely be back for Summer Camp 2020.
So, I’m going to cheat a little bit and work backwards to start my nouns with the Things that I saw at Black Hat this year. There were three talks in particular that I want to highlight because I thought they were just too dang cool not to talk about.
- Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware: This presentation was the culmination of a four-year investigation conducted by the researchers at GoSecure which broke down nearly every level of the ecosystem around buying, selling, and operating social media accounts. I love research like this which pulls on single threads that unravel into a huge chaotic mess that really puts it onto the presenter to accurately and succinctly describe what’s going on. If you have some time, catch up on their work because Masarah Paquet-Clouston and Olivier Bilodeau really knocked it out of the park with this one.
- I’m Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy: Matt Wixey from PwC presented a unique perspective to operational security that was fascinating. Matt described “human side-channels” can be used to identify certain individuals online using forensic linguistics, behavioral signatures and cultural references. He also presented some very interesting tools which could be used to group these characteristics, attributing them to unique individuals.
- MITRE ATT&CK: The Play at Home Edition: Digital Shadows has written about MITRE ATT&CK several times before, but this presentation was awesome because like all great talks, Ryan Kovar from Splunk and Katie Nickels from MITRE structured it around a narrative. A small security team of a defenders and executives are trying to understand what the best way to leverage MITRE ATT&CK within their organization, and Ryan and Katie break down their successes along with their failures while trying to secure the systems they’re responsible for. Ryan and Katie are both previous guests on ShadowTalk, so maybe we can get them back to talk about the presentation!
Our Photon Research Team also put together a blog post around some of the team’s favorite sessions at this year’s events. Check out the blog here.
I’m from Texas. I’ve been here my entire life. When I say Las Vegas is hot, I mean it. When I touched down Monday morning, it was 110 degrees outside (that’s a little over 43 Celsius). It’s that kind of heat that slaps you in the face as you walk outside. However, despite the sweat, shows like Black Hat are always a sight to behold – an entire industry coming together to talk about the cool stuff they’ve seen over the last year, new products launching, and maybe have a couple drinks or play the slots (it is Vegas, after all).
Fuego! Note: I landed in the 110 degree afternoon.
I’m going to cheat a little bit more on this next part: Las Vegas (a Place!) brought a big chunk of the Photon team together in one spot. Pictured below (left to right) is: Me (HVR), Rob Curtis, Rick Holland, Simon Hall, Richard Gold, and Isidoros Monogioudis.
Somehow, I managed not to see a SINGLE grasshopper, despite The Great Grasshopper Swarm of 2019 that was being reported prior to the show. A little disappointed by that, but I’ll live.
I know I already covered some of the people (I told you, I’m cheating a little bit), but I want to talk more generally now. One of the main topics in Dino Dai Zovi’s keynote presentation as well as others I attended at Black Hat was about collaboration among the industry. InfoSec as a whole has come so far in finding solutions to a wide variety of technical problems, but we have yet to take a full step into collaboration among the industry. And this is a really important thing, which Microsoft’s Eric Doerr described in his talk The Enemy Within: Modern Supply Chain Attacks – Eric led off his presentation talking about how the security industry in particular is more connected than you’d initially think. Using the all too common “supply-chain” analogy, we are all within each other’s supply chain, which has advantages and disadvantages. But we need to step up to this next challenge as an entire community and address the problems that face our customers, whether they are internal or external, head on.
Finally, shout out to the Black Hat and DEFCON staffers working both the events. Every single one of them were patient and helpful when trying to navigate the winding hallways of the Mandalay Bay Convention Center. I think I asked where Islander EI was about 10 times. Even as I strolled up Wednesday morning, breakfast sandwich in one hand, coffee in another, I was stopped by a staffer asking for my badge. Oh no. I did put it in my backpack right? How am I going to set all this down without spilling my precious caffeine?!?! Lucky for me, Black Hat Staffer #1 held my breakfast and coffee as I fished my badge out of my backpack.
Thank you, all and see you next year!!
If you didn’t get a chance to see us at Black Hat / DEFCON this year, or are just interested in learning more about Digital Shadows and receiving threat intelligence updates, subscribe to our email list below: