Hacker summer camp may be cancelled, but thankfully we are still on course for an interesting Black Hat. For those who have already registered for Black Hat, we will be hanging out virtually in the Business Hall to answer any questions you might have and to give away some cool swag (get a custom tee!). But we will also be attending briefings during the week, and I want to take a minute to highlight some of the ones we are the most excited for.
Shlomi Oberman, Moshe Kol, and Ariel Schön are presenting on Ripple20, a series of vulnerabilities they found in IoT devices that affect hundreds of millions of devices around the world.
Why are we excited about this talk?
As technology moves forward, we are seeing a dramatic shift to mobile and IoT devices. This talk looks to be a great example of the shift we are seeing, combined with a timely and important conversation about supply chain attacks. I expect this talk will delve into the complexities that come with securing IoT devices, even with incredibly widespread and well-known vulnerabilities.
Chris Krebs is speaking on election security in the United States, with the added complexity of a global pandemic.
Why are we excited about this talk?
As the director of CISA and someone with a well-known history of work in the public and private sector, I anticipate this will be a very intriguing talk. At Cybereason, we have been working closely with state and federal law enforcement agencies to help secure our elections through tabletop exercises; this talk continues to highlight the importance of election security with the backdrop of COVID-19.
Justin Wynn and Gary Demercurio, two professional pentesters, will present on their now infamous red team exercise gone wrong.
Why are we excited about this talk?
They were (legally) hired to test the physical and network security of the state of Iowa’s judicial system, but ended up being arrested, held for 24 hours, and only released on a $100,000 bail. They were initially charged with felony third-degree burglary and the possession of burglary tools, charges which were lowered to a misdemeanor for trespassing. As with many in security, we are no stranger to red team exercises that give those outside of security pause. However, it’s critically important that we as a community communicate that red team exercises are not meant to be evil or malicious, but are meant to make security better.
Laura Tich and Evelyn Kilel are presenting on cyberattacks in sub-Saharan Africa and the challenges that come along with securing the region.
Why are we excited about this talk?
Understanding and considering regional challenges adds a layer of complexity to a strong security strategy, especially for worldwide organizations. The more visibility we can get into regional challenges, the better. This talk seems to be an extensive deep dive into security in sub-Saharan Africa, which is an important region with a lot to offer for the security community.
Rich Mogull is presenting on the similarities between Emergency Medical Services (EMS) and cybersecurity, along with how EMS can be applied to cyber.
Why are we excited about this talk?
A lot of important lessons can be taken from other fields when it comes to making security better. Diversity is important in all forms, including diversity of backgrounds. As an outsider to this world, I imagine paramedics deal with constant high-risk incidents, and so I’m interested in learning more about learned techniques from years of stressful experience that can be applied to cybersecurity.
Are you attending Black Hat USA 2020? Come stop by our booth for a free, custom T-shirt!