Security team

Buckle Up for Black Hat 2022: Sessions Your Security Team Shouldn’t Miss

Black Hat is set to return next week with two years of pent-up cybersecurity research and discovery. Here are the conferences not to be missed.

DevOps Connect: DevSecOps @ RSAC 2022

Just because the biggest cybersecurity conferences have shut down productions in the past couple of years doesn’t mean cybersecurity itself hasn’t taken a back seat. Continued industry progress, along with relentless cybercriminal activity, has left the community with much to discuss as we reflect on the events that have unfolded since the pandemic began (think SolarWinds, Colonial Pipeline, and Log4j. .. to name a few). ).

After two years of cancellations and a hesitant return, Black Hat USA 2022 is set to return to Las Vegas next week in something close to its former glory. And with two years of research and pent-up discoveries on cybersecurity, there’s a lot to look forward to.

To help you plan your itinerary, we’ve compiled the Black Hat sessions we’re looking forward to attending, broken down by category.

Opening speech

Chris Krebs: Black Hat at 25: Where Do We Go Now?

Thursday at 9:00 a.m.

Since being unceremoniously fired by then-President Trump for confirming the 2020 presidential election was free of incidents of hacking or tampering, Chris Krebs has been on the front line helping businesses across the private sector to deal with their cyber risks, as a founding partner of the Krebs Stamos group (with former Facebook CISO Alex Stamos).

Krebs’ unique perspective as a former top federal government cybersecurity expert and highly regarded private sector consultant makes his Black Hat keynote address this year a “must-attend” event. In this talk, Krebs will reflect on the current situation of the InfoSec community after meeting in the desert for 25 years. His thoughts on where we are? Not good. Krebs will explain how the industry must change both its mindset and its actions in order to face the next 25 years of InfoSec.

Kim Zetter: Before Stuxnet, after Stuxnet: everything changed, nothing changed

Thursday at 9:00 a.m.

In the “in-depth perspective” category, Thursday’s keynote by award-winning cybersecurity investigative journalist Kim Zetter is another “must see” event at Black Hat. Zetter has covered cybersecurity and national security since 1999, writing for WIRED, Politico, PC World and other publications. She is the author of Countdown to Zero Day, the definitive account of the creation of the Stuxnet malware, which was deployed against Iran.

Zetter’s talk will focus on cyberattacks on critical infrastructure (CI) dating back to Stuxnet in 2010. Despite all the changes in cybersecurity since Stuxnet’s discovery, Zetter argues that nothing has really changed: the continued attacks on CIs surprise when the community should have seen these attacks coming. In this talk, Zetter will argue that attacks like Colonial Pipeline were predictable and attacks in the future will be no different.

Cyber ​​war

With kinetic warfare ravaging cities and towns across Ukraine, the specter of cyber warfare has faded into the background. But behind the scenes, offensive cyber operations played a central role in Russia’s war on Ukraine, long before Russian troops crossed the border last February. This year, Black Hat offers a number of interesting discussions on the cyber aspects of the conflict in Ukraine. They understand:

Industroyer2: Cyber ​​sandworm warfare targets Ukrainian power grid again

Wednesday at 10:20 a.m.

ESET’s Robert Lipovsky and Anton Cherepanov walk us through the multiple forms of cyber warfare that have taken place throughout Russian military operations against Ukraine, dating back to 2016 with the launch of the original Industroyer malware. Recently, a new version of the malware was discovered, known as Industroyer2, with the same goal of triggering blackouts. In this talk, ESET researchers will provide a technical overview of this new malware, as well as several other erasing malware they discovered that impacted Ukraine in the past year.

Real ‘cyber warfare’: espionage, DDoS, leaks and windshield wipers during the Russian invasion of Ukraine

Wednesday at 3:20 p.m.

Experts agree that cyber is a new operational threat in military conflict, but disagree on what form real cyber warfare might take. Russia’s war against Ukraine puts an end to much of this debate. In this talk, Juan Andres Guerrero-Saade and Tom Hegel of SentinelOne will provide insight into what cyber warfare really is, versus society’s collective assumptions about the role of cyber in modern warfare.

They will specifically discuss the strains of wiper malware that hit Ukraine in 2022, given that wiper malware from nation states before Russia’s war on Ukraine was rare. This discussion of the different strains of wiper malware will help show what we can reasonably expect from cyber warfare in the modern age.

Securing open source and the software supply chain

The security of software supply chains and development organizations is another dominant theme in this year’s Black Hat Briefings, with a slew of discussions addressing various aspects of supply chain risks and attacks (see our analysis supply chain thread at Black Hat here). If you want to learn more about how malicious actors can target your organization by exploiting weaknesses in your software supply chain, here are some discussions to consider:

Don’t own your dependencies: How FireFox uses in-process sandboxing to protect itself from exploitable libraries (and you too!)

Thursday at 2:30 p.m.

UC San Diego’s Black Hat doctoral student Shravan Narayan and research scientist Tal Garfinkel will discuss the threat of memory security vulnerabilities in third-party C libraries, which are a major source of zero-day attacks in computer applications. ‘today. Their research team used Firefox to test sandboxing capabilities that could mitigate this threat, which led them to create RLBox: an open source language level framework. Their presentation will explain how they created this tool and how it can be applied to other applications.

Evolve the security researcher to eliminate OSS vulnerabilities once and for all

Thursday at 3:20 p.m.

Patrick Way of Moderne Inc., along with Jonathan Leitschuh and Shyam Mehta of HUMAN Security will present their talk on how to manage open source software (OSS) in a way that makes the most of researchers’ time, knowledge, and resources. The solution they propose is the generation of bulk pull requests, which they will demonstrate on several real OSS projects during their presentation. Their goal is to fix vulnerabilities on a reasonable large scale.

Source control: abusing source code management systems

Thursday at 3:20 p.m.

Brett Hawkins, a Red Team Operator part of IBM X-Force Red’s Adversary Simulation, will discuss an overlooked and widely used system that threat actors can exploit to carry out software supply chain attacks : source code management systems (SCM). His presentation will demonstrate how popular SCM systems can be easily exploited by attackers. Brett will also share an open source tool and defensive tips that can be used to mitigate this threat.

Threat hunting

It wouldn’t be Black Hat without discussions of vulnerabilities, threats, attacks, and cyber defense. And this year’s show does not disappoint. A clear theme in the discussion agenda is the growing importance of “boom law” tools and approaches in the cybersecurity community. A number of discussions are looking at new approaches to improving the quality of incident response and threat hunting. They understand:

The Open Threat Hunting Framework: Enabling organizations to create, operationalize and scale threat hunting

Wednesday at 2:30 p.m.

The definition of threat hunting and its practical application vary across industries and technologies, making it difficult to start a threat hunting program from scratch that works best for your organization. But, too often, threat hunting floats above the security “poverty line,” inaccessible to organizations without large information security budgets and teams.

In this presentation John Dwyer, Neil Wyler and Sameer Koranne of IBM Security X-Force will share a new free threat hunting framework. The team hopes this framework will help detect incidents that can be prevented by a reliable threat hunting program.

No one is entitled to their own facts, except in cybersecurity? Introducing an investigation manual to develop a shared narrative of major cyber incidents

Wednesday at 3:20 p.m.

Do the stories we tell ourselves (and others) about cyber incidents affect our ability to respond to them? Of course they do! In fact, developing a common understanding of cyber incidents is key to ensuring they never happen again. Fortunately, we can look to other industries to find the best way to do this.

In this talk, Victoria Ontiveros, a researcher at the Harvard Kennedy School, discusses the findings of a Harvard Belfer Center report that examines how the aviation industry learns lessons from aviation incidents and applies those lessons to cybersecurity incidents. This allowed his team and Tarah Wheeler, CEO of Red Queen Dynamics, Inc, to create the Major Cyber ​​Incident Investigations Playbook. In this talk, Ontiveros and Wheeler will present this playbook, which aims to make cyber incident investigation more actionable within the industry.

A New Trend for Blue Team — Using a Convenient Symbolic Engine to Detect Evasive Forms of Malware/Ransomware

Wednesday at 4:20 p.m.

Blue teams have it tough. Constrained by time, staff and budget, they must choose carefully when deciding which threats to investigate and how best to direct their reverse engineering talents against suspicious malware or ransomware binaries, while by managing the efforts of malicious actors to hijack or even attack them.

In this talk, Sheng-Hao Ma, Mars Cheng, and Hank Chen of TXOne Networks Inc. will highlight the efforts of real-world Blue Teams and share a new tool for Blue Team known as the Practical Token Engine, which they claim will offers the best threat hunting techniques in a totally static situation.

Come say hello to ReversingLabs at the show

The ReversingLabs team will be at Black Hat 2022. Stop by booth 2460 to chat with us. Our team will give demos, presentations, as well as limited edition schwag. We’ll see each other there!

keep learning

*** This is a Security Bloggers Network syndicated blog from the ReversingLabs blog written by Carolynn van Arsdale. Read the original post at: