Hacker Summer Camp (aka Black Hat USA 2024) is almost here, and it's jam-packed once again with intriguing cybersecurity talks. With over 100 sessions to choose from over the span of just two days, leaders will need to take extra care in picking the talks that will resonate best with their security needs. That’s why our team has taken the time to comb through this list of talks, just for you.
Here are the nine Black Hat talks related to security operations (SecOps) that can your team stay up to speed. They include timely conversations about the state of cybersecurity policy, what the modern CISO needs to be on the lookout for, pressing threat research that can impact your security team’s efforts — and much more.
Democracy's Biggest Year: The Fight for Secure Elections
Keynote | Wednesday, August 7, 9:00-10:00 am
This year marks a milestone for global democracy, with an unprecedented number of countries holding national elections, with higher voter-participation than ever before. Amidst this, emerging technologies and escalating global tensions challenge even the longest-standing democracies – especially their electoral systems. This session explores how international leaders address election security risks like cyber threats, foreign interference, and generative AI, aiming to make 2024 a pivotal moment. Join the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Director Jen Easterly, NCSC CEO Felicity Oswald, and ENISA COO Hans de Vries as they discuss safeguarding democratic processes globally.
Project 0xA11C: Deoxidizing the Rust Malware Ecosystem
Wednesday, August 7,10:20-11:00 am
In malware analysis, the introduction of new programming languages poses significant challenges, from minor peculiarities to major paradigm shifts, often deterring reverse engineers and analysts from engaging with complex malware. The Go programming language exemplified this issue until high-profile incidents like the SolarWinds attack necessitated action. In response, researchers developed AlphaGolang, an analysis methodology revealing that with proper contextualization, reversing Go code is often easier to analyze than traditional languages. Similarly, Rust's features—memory safety, aggressive compiler optimizations, borrowing, and complex types—result in highly intricate code, embraced by APTs and ransomware groups, but avoided by analysts. This panel’s proposed 'Project 0xA11C' ('Oxalic') introduces practical methodologies and tools to make Rust reverse-engineering more accessible. Join Nicole Fishbein, Security Researcher at Intezer, and Juan Andrés Guerrero-Saade, AVP of Research at SentinelLabs, to explore these methodologies and enhance your malware analysis skills.
A Multilateral Framework for Evaluating National Cybersecurity Strategies
Wednesday, August 7, 11:20-12:00 pm
Governments are exploring various approaches to bolster national cybersecurity in response to today's complex threat landscape. This talk is based on a project that evaluates the national cybersecurity strategies of twelve countries, including the U.S., China, Germany, Australia, and more. The goal of the project was to identify the most effective and innovative policy approaches by comparing the work being done by these governments. The evaluation highlights leaders, innovators, and under-performers, taking into account each country's unique political context and threat environment. Join Fred Heiding, Research Fellow; Alex O'Neill, National Security Researcher; Lachlan Price, Research Assistant; and Eric Rosenbach, Senior Lecturer in Public Policy, to learn how their research done at Harvard University is guiding practitioners in developing more robust cybersecurity strategies and providing a template for countries that have yet to create one.
Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies
Wednesday, August 7, 1:30-2:10 pm
Attackers are continually exploiting SaaS vulnerabilities, and this briefing will include real-world examples of SaaS tenant attacks, threat tactics, techniques, and procedures (TTPs), and indicators of compromise (IoCs). Watch this panel of folks from AppOmni, featuring Cory Michal, VP Security, Brandon Levene, Principal Product Manager for Threat Detection, and Ben Pruce, Senior Engineering Manager for Threat Research to discover mitigation strategies to enhance your organizational security against evolving threats.
Essential Strategies for CISOs to Sidestep Government Post-Attack
Wednesday, August 7, 3:20-4:00 pm
CISOs are facing increasing federal regulatory and criminal liabilities, highlighted by cases such as the U.S. SEC v. SolarWinds and its CISO Tim Brown. This session will provide an overview of the current landscape of CISO liability at the federal level, with insights from notable InfoSec liability cases including U.S. v. Joe Sullivan (Uber). The session will offer practical advice on how CISOs and InfoSec professionals can protect themselves, focusing on steps to avoid being targeted, personal indemnity, Directors & Officers Insurance, and recognizing red flags during crises. Join Jess Nall, a partner at legal firm Baker McKenzie, to learn actionable strategies on how to safeguard against regulatory and criminal repercussions.
SnailLoad: Anyone on the Internet Can Learn What You're Doing
Wednesday, August 7, 11:20-12:00 pm
Daniel Gruss and Stefan Gast, an InfoSec Professor and an InfoSec Researcher from Graz University of Technology, will deliver a presentation introducing a novel method to infer network activity remotely, without relying on traditional person-in-the-middle techniques. They will showcase an end-to-end attack scenario where benign content from an attacker-controlled server facilitates spying on network activities based on latency variations. Additionally, he will discuss a video-fingerprinting attack using SnailLoad traces, illustrating advancements towards passive, fully remote Internet attacks.
Surfacing a Hydra: Unveiling a Multi-Headed Chinese Campaign
Wednesday, August 7, 4:20-5:00 pm
Morgan Demboski and Mark Parsons from Sophos will recount their intensive investigation into the "Crimson Palace," a sophisticated Chinese state-sponsored cyber espionage campaign targeting a Southeast Asian government organization. They will discuss the discovery of three interconnected threat clusters maintaining persistent access through advanced malware, DLL sideloads, and novel defense evasion tactics, including disrupting antivirus communications. Join this session to delve into the campaign's stages and learn how the actors' adaptation to countermeasures offers practical insights for identifying and analyzing complex APT intrusions.
The Hidden Treasure of Crash Reports?
Thursday, August 8, 1:30-2:10 pm
This session with Patrick Wardle, CEO/Co-founder of DoubleYou, focuses on the often overlooked but critical role of crash reports in macOS systems. Discover how crash reports can provide valuable insights into malware infections, exploitation attempts, and system vulnerabilities. Join Wardle as he discusses the structure of crash reports, their role in revealing the cause of crashes, and their application in real-life scenarios involving macOS flaws like uninitialized pointers and heap overflows.
Wardle will also be giving a talk about his book, The Art of Mac Malware, at RL’s Black Hat Booth #2660 on August 7 from 2-3pm. Those who attend will be able to snag a free, signed copy of his book!
Threat Hunting with LLM: From Discovering APT SAAIWC to Tracking APTs with AI
Thursday, August 8, 2:30-3:00 pm
This session will be presented by Hongfei Wang, Dong Wu, and Yuan Gu from DBAPPSecurity Co Ltd, where they will focus on their experience utilizing LLMs in threat hunting. They will discuss how they discovered and tracked APT SAAIWC, highlighting the role of LLMs in swiftly identifying attack samples and facilitating broader threat hunting applications. Additionally, they will cover techniques including filename-based threat hunting, automating sample hunting with LLM-generated YARA rules, and applying these methods in threat intelligence and hunting beyond the specific APT SAAIWC case.
Looking for something to do between talks? Meet the RL team at Booth #2660
Security leaders can stop by RL’s booth on the exhibition floor to chat with our experts about our powerful threat hunting and intelligence solutions, in addition to how we’re using these technologies to power software supply chain security. Plus, we have cookies (the good kind)!

Article Link: 9 SecOps talks you don’t want to miss at Black Hat 2024