8 Black Hat sessions you don’t want to miss


Now entering its 26th year, the Black Hat USA conference has grown into one of the biggest and most prestigious cybersecurity shows in the world — a showcase for top security experts and companies.

Experts journey from across the world to reveal their discoveries and inventions at the Black Hat Briefings, which run August 9-10 — with more than 100 sessions to choose from. However, figuring out which talks to attend is a monumental task. 

If you’re attending Black Hat but are at a loss about what talks to see at this year’s show, here's our short list of must-see sessions.

[ See what's in store from ReversingLabs on our event page: ReversingLabs @ Hacker Summer Camp 2023 ]

Keynotes to start your day

Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow

Wednesday, August 9 from 9-10 am | Shoreline Ballroom, Level 2

There’s no greater question in the information security space (or high tech, in general) than about the impact that fast evolving artificial intelligence (AI) technology will have on the industry. In this keynote talk, taking place on the first official day of Black Hat USA, Founder of Azeria Labs Maria Markstedter will be tackling AI’s impact on cybersecurity. At a time when AI technology is being used for everything from sorting through security alerts to forging phishing emails, Markstedter will recount AI’s journey into what it has become today. She will also share the various considerations cybersecurity professionals may want to make when weighing applications of AI, such as what challenges AI tooling may bring. 

Acting National Cyber Director Kemba Walden Discusses the National Cybersecurity Strategy and Workforce Efforts

Thursday, August 10 from 9-10 am | Shoreline Ballroom, Level 2

For attendees looking to get the 411 on how the U.S. federal government is approaching cybersecurity right now, this session is for you. The White House’s Acting National Cyber Director Kemba Walden will be taking to the Black Hat stage to give an overview of where her office stands almost six months after releasing the National Cybersecurity Strategy. She’ll likely speak to other initiatives connected to this one, such as CISA’s 2024-2026 Cybersecurity Strategic Plan, released last week, as well as the White House’s May 2021 Executive Order on Improving the Nation’s Cybersecurity, plus the recent publication of the National Cyber Workforce and Education Strategy

Wednesday’s sessions

Reflections on Trust in the Software Supply Chain

Wednesday, August 9 from 10:20-11 am | Islander FG, Level 0 

Software supply chain threats and attacks are one of the most significant trends in cybersecurity over the past five years. And, while there have been many proposals for how to address the risk posed by vulnerable supply chains of open source and proprietary software, the picture can be a confusing one for both enterprises and practitioners. 

In this Black Hat talk, Jeremy Long, a Principal Engineer at the firm ServiceNow, helps to sort out that complicated picture: updating attendees on the current state of software supply chain security as well as the challenges organizations face in securing supply chains for software and hardware. Long will delve into proposed tools and strategies to level-up supply chain security like Supply-chain Levels for Software Artifacts (SLSA), Software Bill of Materials (SBOM), and code signing, trying to sort out effective means from ‘security theater.’ And he will explore binary-source validation as a promising solution to enhancing the security of the software supply chain.

Fast, Ever-Evolving Defenders: The Resilience Revolution

Wednesday, August 9 from 11:20-12 pm | Oceanside A, Level 2 

There's a pervasive sense that attackers continually outmaneuver us. They are fast. They are ever-evolving. How could we possibly outmaneuver them?

It’s a truism of cybersecurity that the job of defenders is harder than that of attackers. To compromise an organization, after all, attackers only need to find a single weakness in the cybersecurity armor. Defenders, in contrast, need to be perfect: anticipating and thwarting every effort to undermine their security. History has also shown malicious actors to be far more willing to embrace new technologies and approaches to achieve their end, whereas defenders tend to merely accrue - adopting new tools and techniques without jettisoning the old. 

But what if defenders started acting more like attackers: nimble, empirical, and curious. That’s the idea behind this talk, by Kelly Shortridge, a Senior Principal at the firm Fastly. Shortridge will talk about a new paradigm for systems defense that will transform organizations from plodding, reactive triage teams into fast, ever-evolving defenders who can outmaneuver attackers with ease.

Thursday’s sessions

Entrepreneur's Dilemma: Managing Growth and Dedication to Product Quality

Thursday, August 10 from 10:20-11 am | Oceanside D, Level 2 

Mention in casual conversation that you work in cybersecurity and you’re likely to get some knowing nods “that’s a hot industry!” No doubt. But that hardly makes cybersecurity startups a sure thing. In fact, it may be the opposite — the cybersecurity industry’s rapidly shifting terrain is perpetually creating, and closing off on new opportunities, spawning run-away successes while leaving countless other promising firms by the wayside. So what is a would-be cyber entrepreneur to do? Few people are better positioned to answer that question than ReversingLabs CEO and co-founder Mario Vuksan. And, at this year’s Black Hat, he will talk about his experience growing a successful firm in an industry characterized by rapid expansion on the one hand, and constant change driven by criminal and state sponsored actors on the other.

In this talk, part of Black Hat’s Entrepreneur Micro Summit, Vuksan will talk about the challenges of balancing product quality and continuity with strong customer engagement. Speaking as a founder and CEO, he’ll explore the various stages of growth that cybersecurity startups like his must navigate, the pros and cons of bootstrapping vs. fundraising, product management and the importance of building non-technical teams and when (and how) to change direction. 

Unsafe At Any Speed: CISA's Plan to Foster Tech Ecosystem Security

Thursday, August 10 from 10:20-11 am | Islander HI, Level 0 

After years — decades, really — of vague language about “public private partnerships” and the need for organizations to “do better” when it comes to securing IT environments, the focus and talk from the highest levels of government have shifted in recent months. Leaders like Jen Easterly, the Director of CISA, increasingly speak about the need to shift the burden of security from the consumers of software to the companies that make it. Analogies between software security and other critical sectors — food, water, medicine — abound.

The implication: The days of officials and regulators looking the other way at jaw dropping RCEs and other app sec failings are drawing to a close. If you want to get a sense of where the government’s thinking is on this, you should check out “Unsafe at Any Speed,” where two of CISA’s senior cyber executives, Senior Technical Advisors Bob Lord and Jack Cable, dig into CISA's strategy to foster a safer technology ecosystem. The two will discuss how products can be, including topics ranging from memory safety, to open-source security and cyber insurance. The two will also talk about erasing the security poverty line by enacting programs and policies that ensure that smaller organizations can demand better security from their vendors. 

Lemons and Liability: Cyber Warranties as an Experiment in Software Regulation

Thursday, August 10 from 11:20 am to 12:00 pm | Islander FG, Level 0

Expanding on the idea of software safety, the US National Cybersecurity Strategy seeks to shift responsibility for securing systems to the "most capable actors" — software vendors themselves. But what will that mean for the software industry as a whole, and the tens of thousands of companies that develop and release software? Well, we might look to adjacent industries and marketplaces for a clue. Take automobiles, where so-called “lemon laws” have long protected consumers from being burdened with faulty, problem plagued vehicles. 

In the software space, software “warranties” that promise to pay-out to customers if the vendor's product fails to prevent a security incident have been around for nearly a decade, as software vendors attempt to shape the market by drawing a line between high- and low quality wares. 

How has that worked? In this talk, Daniel Woods, a Lecturer in Cyber Security at the University of Edinburgh and a senior security researcher at Coalition, discusses the findings of research he has conducted on the economics of security and privacy. Woods and his colleagues studied fourteen software warranties and will discuss the findings of that work and how it can inform policy makers as they craft a software liability regime that incentivizes vendors to write secure software.

mTLS: When Certificate Authentication is Done Wrong

Thursday, August 10 from 2:30 to 3:00pm | Oceanside A, Level 2 

Overseeing one of the largest open source development platforms gives you an unprecedented view into both software supply chains and development practices. These days it also gives you a bird’s eye view of efforts by malicious actors to exploit supply chain weaknesses and loose development practices. That may be why security experts from GitHub dot the Black Hat schedule this year. 

One session that looks particularly promising is GigHub researcher Michael Stepankin’s: mTLS: When Certificate Authentication is Done Wrong. Stepankin will talk about the growing use of x509 certificates for client authentication in zero-trust environments, which offer advantages over passwords or hardware tokens, but which also open doors to malicious actors when they are not implemented correctly.

Stepankin will look at some novel attacks on mTLS authentication and how flaws in mTLS implementations make the systems vulnerable to user impersonation, privilege escalation and information leaks. Stepankin’s talk will include new CVEs discovered in popular open-source identity servers and a discussion of how they could be exploited by threat actors. He will also talk about how development organizations can identify those flaws in source code and how to properly implement mTLS to avoid attacks. 

[ See what's in store from ReversingLabs on our event page: ReversingLabs @ Hacker Summer Camp 2023 ]

Article Link: 8 Black Hat sessions you don’t want to miss