Watching Katie and John present was such a highlight especially as its been a major influence in my research. Many of the concepts were known to me and yet others were game changers. I feel attribution tends to get too much air time (yes I know everyone hates it when I say that!), and it was interesting to hear Mitre's take on it especially as it related to their ATT&CK framework. They demonstrated some useful tools which I was personally wasn't aware off that will be used in the future to better focus on requirements building. I look forward to discussing the Mitre ATT&CK framework more as I work on completing my v2 of my EPP framework. Prevention is still number 1 in terms of my priority list, but for those who are mature in this space and are looking at detection, Mitre ATT&CK all the way!
Wednesday and Thursday are always big days as I thoroughly enjoy my time at Black hat USA. Being a previous speaker in 2017, I knew what these speakers were going through, the emotions, the joy, excitement and probably that “OMG I am gonna puke!!” feeling.
This years keynote was presented by Parisa Tabriz. What was not to be excited about this talk!!. She was graceful and sophisticated. She spoke about her experiences and triumphs at Google specifically Project Zero. The importance of team work, collaboration and celebrating the wins with your team. Whilst she hit on so many good points, the thing that stuck with me was asking all the Defenders to standup and be recognised for their work. Being a defender for the past 15 years of my career, I appreciated the sentiment as its so much harder to play defense than offense. Our scope is often wider, more challenging and not considered cool. Often blamed for 1 bad incident while all the other good things are over looked. Thankyou Parisa for calling out the work of Defenders.
After the keynote had ended, the most challenging part was deciding what to do next, who and what to attend. This years did not disappoint with a huge selection of 9 tracks. The vendor hall was buzzing with colour, sponsored sessions and workshops, arsenal was really impressive this year, a career hall for those wanting to seek out new opportunities, community workshops such as Kali linux and OWASP Top 10, Yoga for any wanting some downtime, childcare facilities, parties, networking events, I mean my dance card was full within minutes.
I’ve been spending a lot of time recently learning and up skilling in AWS, so the first talk Detecting Credential Compromise in AWS by William Bengtson from Netflix was the logical choice. I enjoyed his talk, the technical background and tools provided great scope to continue on with after his talk was over. Was a great start to the morning.
The next talk I attended was A Dive in to Hyper-V Architecture & Vulnerabilities. Having experimented with many different virtualisation platforms, I was curious why two gents from Microsoft wanted to discuss bug bounties on a platform they love and maintained. They described all the different components of the virtualisation platform, where attendees should focus their time and effects if they wanted to claim a bounty from Microsoft. I found their approach bold and unique but respected their motivation. For the past 12 months having tested a lot of endpoint solutions, vendors want to shut you down for calling out weakness in their software. Instead these two researcher from Microsoft were saying "Please Try! We want to know the bad news so we can provide good software to our users". Software isn’t perfect, but by reiterating, getting feedback, listening to others, that’s the only way software can improve.
Black hat introduced a new community track this year which was a bold move, I enjoyed seeing some of the issues that affect this community. Yes we all suffer from imposter syndrome, especially me, but the topics discussed were hard hitting. There were a few I wanted to see, but cloning yourself is not possible!.
I did get an opportunity to see one community talk, I wished I could have seen more - How can Communities Move Forward After Incidents of Sexual Harassment or Assault? by Makenzie Peterson. What surprised me the most was the diverse community of people who attended this talk. To be blunt, I expected just to see women attend these type of community talks. In the past I have attended women in infosec talk where the mass of the audience is women, the value add is low as you are on repeat. But this was highlight, not just due to the topic but to genuinely see the impact to the people equally made up of men and women. Makenzie presentation was thoughtful, insightful and respectful. You could see she touched and connected with so many people in her talk. I hope Black hat continue with this stream. Yes we love our tech, but we all have lives outside of tech and that reality is rarely spoken about.
One of the most popular talks on the Thursday was Applied Self-Driving Car Security. I don’t think there was a single seat left in the room. These two guys are hilarious, but know their vehicles. I loved the history of the automotive industry and also the technical deep dive into issues they have encountered along the way. They referred to self-driving cars as a data centre on four wheels but with complete segregation. After seeing how these cars were previously exploited, I can see why they would say this. Looking forward to seeing this talk again.