In the weeks leading up to Black Hat my inbox was flooded with requests for meetings, interviews, and conversations. There were so many that some ended up rolling into Def Con and some are yet to happen days after summer camp has ended. This was a very drastic change from last year and while I did have a full calendar, it was nothing like 2023. I went in expecting a very busy time and I was not disappointed.
My focus for this year was on the rapidly evolving threat landscape and how the industry was looking to adapt. I met with people from many different companies and even had a sit down with Stuart McClure to talk about his new venture Qwiet AI, there will be a lot more on that later. Speaking of AI, that buzz word was front and center all over Black Hat along with some new and fun ones like “code to cloud” and new versions of Data Loss Prevention. The show felt busy and buzzing with excitement around the future of cybersecurity when it comes to AI. I still could not help but contrast this with more and more news about layoffs at major cybersecurity companies as well as news of cutbacks for cybersecurity spending in many market verticals. It made the excitement almost feel like nervous excitement as opposed to optimistic excitement about the future.
As always, I want to understand the direction the industry is going compared to what the landscape looks like and once again, I believe there is a gap. This gap is not a bad thing, and certainly not the fault of the industry. It is simply a matter of business and how most businesses move and make changes. It gives the impression of fighting the last war as opposed to preparing for the next one. Again, I want to be clear, most companies recognize this but time to develop and release products often means things are not ready when it is time to talk about them for either RSA or Black Hat. The problem is that the threat landscape can and does change faster than the industry or organizations can move to adapt (and the threat actors know this). However, there is good news in Mudville, the Mighty Casey has not struck out! The industry felt a little close to the threat landscape in terms of helping organizations shift things to the left in terms of stopping attacks.
What does this mean? Well, it means there is an effort to identify and remediate vulnerabilities and attack vectors before they hit the wild west. Companies like Qwiet AI, Eclypsium, and many others are working to shore up the supply chain while others are looking to augment existing controls against data loss either via insider threat or Ransomware. Halcyon was one of these that jumped onto the radar with a specific focus on Ransomware.
Qwiet AI is what I would call a force augmentation tool to identify issues in the pre-production phase for applications. Although I will get into a lot more detail later, in overly simplistic terms, they use a context-based (specific to each tenant and development environment) ML engine to detect potential issues in applications before they are rolled out. A remediation engine is in the works to help provide guidance to development teams.
Eclysium calls themselves a supply chain security company, but I think it would be more accurate to call them an infrastructure security company. They are not just looking to protect the companies that you buy things from, but also protect your environment as you deploy new items into production. This shift in view makes what they do much more important to most, if not all, business verticals. It allows you to get the jump on potential security issues at the firmware and system management level that are often completely overlooked.
Halcyon is, again, a ransomware prevention tool. It is not meant as a replacement, but as an augmentation to existing anti-malware tools. The low cost per end point and effectiveness against ransomware combined with the potential to grab encryption keys in memory make it a handy tool. When you compare the cost to the fact that encryption events are still on the rise it fits well into a tactical and logistical approach to cyber security.
I will have a lot more about these three and many others that I met, but these were ones that stood out to me in the overall show.
Outside of that I walked back and forth through Mandalay Bay multiple times a day, went to some amazing parties, stayed up way too late most days, and met some awesome people, including the SBOM Guy, Allen Friedman, PhD. I lost my voice, accidentally fell asleep on the couch in my hotel room and missed 11 hours of fun… yes all during Black Hat alone.
For Def Con, it was a stark change from last year. Def Con 31 felt more like the Def Cons of days past. I still miss the days of having Def Con at the Rio, but after a few stumbles, things are back on track. Masking was voluntary this year and I am already hearing some are testing positive for Covid (which is a shame). Still, it was a much more open con than the previous year. There was a much better vibe to Def Con this year than last. The quality of the talks seemed better as well. As always, I met a ton of very cool people and had great conversations with people who I might normally not encounter in my normal life. We did not always agree on the topics, but I never felt like I could not talk openly about a topic. As with any such conversation, I felt like I learned a bit and hoped that I was able to add context to my personal views. My views are controversial in the first place, it is just that I understand why many in the press are not trusted. This feeling of inclusion, even though I am there as part of a group that is not always kind to the community, is why I will always say the “hacker” community is the best. The diversity of people, ideas, thoughts etc. makes it one I am happy to be part of.
Some of the highlights for me was a talk on MacOS and iOS malware and how the existing tools to protect those operating systems actually impede detection and removal efforts. A second was a conversation on Baseboard Management Controllers and how simple it can be to compromise them for malicious purposes. The third was a fascinating talk on breaking websites using common vulnerabilities found in Web Browsers. It was great having the time to hit the talks again this year. Some of my other favorite spots were the lock picking village (where I spent way too much on cool new tools), car hacking village, Social Engineering Village, and the contest area.
In all Black Hat 2023 and Def Con 31 were a blast. I am still recovering from the event and have so much information to go through and articles to get posted, I am not sure where to start, I am already looking forward to next year’s event.
On a side note, after year of planning and internal thoughts about starting a pod cast of my own… I talked a bit about it with some people at both shows. I was shocked with the response, happy but shocked. The idea of Bits, Bytes, and Bourbon seems to be something that people would like to see. In addition to getting many, many articles out about both shows, I will be putting in the time to kick this off and look forward to sharing conversations about cybersecurity, have general thoughts on life and the industry we work in as well as Bourbon (or other spirits). We are looking to get some great guests on as well. I will be posting updates as we get closer to the launch date for the show.
Thank you again Black Hat and Def Con for a great time and always making me (and others I know) feel at home during the show.