14 Hot Sessions at Black Hat Europe 2018Top-Flight Information Security Conference Returns to London
London is calling all information security professionals, as the Black Hat Europe conference returns to the U.K. capital for the third year in a row.
The annual European conference, now in its 17th year, is being held this week at the ExCeL - short for Exhibition Center London - at London Docklands.
Organizers have booked 100 speakers and researchers who are again set to deliver 40 research-based briefings on Wednesday and Thursday. All of the briefings have been selected by the Black Hat Review Board, composed of 30 leading information security experts.
The diverse topics to be covered include politically motivated cyberattacks, recovering passwords from keyboards by using thermal emanations, hacking Microsoft Edge and detecting "deep fakes."
Where to begin? Here's my rundown of 14 especially good-looking briefings:
- Developments and Challenges in Cybersecurity from the Nation-State Perspective (Wednesday, 9:00): Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, kicks off the conference with a keynote that will look back to 2007, when Estonia became the first country to be targeted by politically motivated cyberattacks.
- DeepPhish: Simulating Malicious AI (Wednesday, 11:45): Alejandro Correa Bahnsen of Cyxtera Technologies will offer tactics for identifying malicious TLS certificates in the wild, with a claimed accuracy of 95 percent.
- Attacking and Defending Blockchains: From Horror Stories to Secure Wallets (Wednesday, 14:00): Jean-Philippe Aumasson of Kudelski Security promises to review some of the most spectacular information security failures involving blockchain systems - bitcoin, ethereum and beyond - with an eye toward helping everyone involved to better mitigate their risks.
- Under the SEA - A Look at the Syrian Electronic Army's Mobile Tooling (Wednesday, 14:00): Mobile security firm Lookout's Kristin Del Rosso and Michael Flossman will offer a deep dive into the SEA's tactics, including its use of SilverHawk mobile surveillanceware. "To date, SilverHawk has been identified in over 30 trojanized versions of many well known apps, including Telegram, WhatsApp, Microsoft Word, YouTube, and the Guardian Project's Chat Secure app," they say.
- Video Killed the Text Star: OSINT Approach (Wednesday, 16:30): Francisco Gomez and Cesar Jimenez of Devo - the analytics and security firm, not the band - promise to round up machine learning techniques that can be used by open source intelligence analysts to determine if a preselected individual appears, or does not appear, in hundreds of hours of video.
- When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence (Wednesday, 16:30): Magal Baz and Tom Sela Illusive Networks review how a Windows 10 security feature introduced in April can shred the safety of Windows domains and offer tools and techniques to help block attackers from using the security feature as a backdoor entrance into enterprises.
- AI Gone Rogue: Exterminating Deep Fakes Before They Cause Menace (Thursday, 9:00): "Deep fake technology is an artificial-intelligence-based human-image blending method used in different ways such as to create revenge porn, fake celebrity pornographic videos or even in cyber propaganda," say Symantec's Vijay Thaware and Niranjan Agnihotri. They'll look at ways to combat deep fakes.
- Deep Impact: Recognizing Unknown Malicious Activities from Zero Knowledge (Thursday, 10:00): Researchers Hiroshi Suzuki and Hisao Nashiwa from Internet Initiative Japan discuss how tracking command-and-control servers as well as detecting exploit kits can help organizations to better spot malicious activity. The researchers say they're reliably able to track 14 different kinds of exploit kits, including Rig, Nebula, Terror, Sundown and KaiXin.
- Don't Eat Spaghetti with a Spoon - An Analysis of the Practical Value of Threat Intelligence (Thursday, 10:00): Can threat intelligence be used to predict malicious activity? Charl van der Walt and Sid Pillarisetty of SecureData have looked at whether malicious IP addresses, once detected, map to any ability to predict or track threats.
- Bleedingbit: Your APs Belong to Us (Thursday, 13:30): Researchers Ben Seri and Dor Zusman of Armis review Bleedingbit, which refers to two separate zero-day flaws in Bluetooth Low Energy chips used in Cisco, Meraki and Aruba wireless access points, that that an unauthenticated attacker could exploit to monitor all traffic flowing over the access point, inject malware and gain access to other parts of the network.
- Cutting Edge: Microsoft Browser Security - From People Who Owned It (Thursday, 14:45): With Windows 10, Microsoft jettisoned Internet Explorer for Microsoft Edge. But while heavily sandboxed, just how secure is Edge? Three researchers from Tencent Security Xuanwu Lab - Chuanda Ding, Zhipeng Huo and Wei Wei - who are veterans of the annual Pwn2Own hacking competition promise to describe logical sandbox escape attacks via three bugs in Microsoft Edge, only one of which has been publicly disclosed. These flaws "are entirely different from memory corruption bugs, as all we've done is abusing normal features implemented in the browser and operating system," the researchers say.
- The Mummy 2018 - Microsoft Accidentally Summons Back UglyAttacks from the Past (Thursday, 16:00): It's back to the future with security researcher Ran Menscher, who says that a reorganization of the Windows kernel reintroduced a flaw - CVE-2018-8493 - that attackers can use to intercept and modify packets as well as cause a denial of service.
- Thermanator and the Thermal Residue Attack (Thursday, 16:00): Three University of California at Irvine researchers - Tyler Kaczmarek, Ercan Ozturk and Gene Tsudik - offer "a framework for password harvesting from keyboard thermal emanations," which works on popular keyboards up to 60 seconds after a user has typed in their password.
- Black Hat Locknote (Thursday, 16:45): Bookending the opening keynote, the annual "locknote" features Black Hat founder Jeff Moss (@TheDarkTangent), joined by members of the Black Hat Review Board, discussing top issues facing the information security community.
Beyond those sessions, another 30 briefings are also scheduled for the Business Hall, where vendors will be analyzing application security, infrastructure protection, identity and access management and more.
Black Hat Europe Arsenal, which allows researchers and the open-source community to deliver live demonstrations of tools they develop and use in their daily professions, also returns to the Business Hall. This year's arsenal will feature nearly 50 tools covering topics ranging from Android and iOS to mobile hacking and the internet of things.
Stay tuned for updates as I hit London this week for Black Hat Europe.