Black Hat '24: Your go-to guide for the show

Hacker Summer Camp is almost here, and the 2024 Black Hat USA conference is jam-packed once again with a plethora of intriguing cybersecurity talks, plus hundreds of vendors that attendees will be able to check out on the expo floor. Considering how some may find the amount of options offered at the show overwhelming, the RL team took the time to pick out the events that we think will generate the most value for you at Black Hat 2024. 

In this special-edition newsletter, we offer a simple, go-to guide for security leaders attending next week's conference. It includes our thoughts on what cybersecurity themes will take center stage, in addition to the Black Hat talks related to security operations (SecOps) and software supply chain security (SSCS) that you don't want to miss.  

Plus, continue reading to hear what is on RL's agenda at Black Hat Booth #2660. See you in Vegas!

The show's big themes - and why they matter

SSCS is in the hot seat

Software supply chain security incidents continued to wreak havoc on the cybersecurity industry this past year - one of them being the targeted campaign to take over the xz Utils open source project. This security scare, among a few others such as the software supply chain attack on Ivanti's Pulse Secure VPN, highlight the risks lurking in both open and closed (commercial) software.

Many of the talks happening at this year's show reflect these concerns for how to secure both kinds of software components. Many of the talks also delve into other subsections of cybersecurity, such as AI's impact on SSCS.

The double-edged sword that is AI

It should come as no surprise that AI is once again taking center-stage at this year's Black Hat conference. While most other technology conferences focus on the excitement and possible benefits surrounding AI, cybersecurity-focused discourse on it resembles a more muddled view. Based on the talks lined up for this year's show, it seems that AI is presented as both a cybersecurity panacea for overworked and understaffed security teams, while also allowing malicious actors to automate everything from vulnerability discovery to phishing campaigns in an effort to exploit security holes. 

This double-edged sword is only made more prominent due to the lack of clear cybersecurity guidelines and rules around AI’s use. Many of these talks will try to answer the question of whether AI and LLMs will be a boon for cybersecurity pros and defenders — or a force multiplier for attackers that will play out in real time.

To learn more about Black Hat 2024's biggest themes and why they matter, head to the RL Blog.

Black Hat talks to watch

Talks are listed in chronological order.

Wednesday, August 7th

9:00am-10:00am

• Keynote: Democracy's Biggest Year: The Fight for Secure Elections Around the World (Jen Easterly, Hans de Vries, Felicity Oswald OBE, Christina A. Cassidy)

10:20-11:00am

• Project 0xA11C: Deoxidizing the Rust Malware Ecosystem (Nicole Fishbein, Juan Andrés Guerrero-Saade)

11:20am-12:00pm

• We R In A Right Pickle With All These Insecure Serialization Formats (Kasimir Schulz, Tom Bonner)
• 15 Ways to break your CoPilot (Michael Bargury, Avishai Efrati) 
• A Multilateral Framework for Evaluating National Cybersecurity Strategies (Fred Heiding, Alex O'Neill, Lachlan Price, Eric Rosenbach)
• SnailLoad: Anyone on the Internet Can Learn What You're Doing (Daniel Gruss, Stefan Gast)

1:30pm-2:10pm

• Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies (Cory Michal, Brandon Levene, Ben Pruce) 
• Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction (Adnan Khan, John Stawinski) 
• From HAL to HALT: Thwarting Skynet's Siblings in the GenAI Coding Era (Chris Wysopal)

2:30pm-3:00pm

• PyLingual: A Python Decompilation Framework for Evolving Python Versions (Josh Wiedemeier, Elliot Tarbet, Max Zheng, Jerry Teng, Ximeng Liu, Muhyun Kim, Sang Kil Cha, Jessica Ouyan, Kangkook Jee)  

3:20pm-4:00 pm

• Dodging the Bullet: Essential Strategies for CISOs to Sidestep Government Fallout in the Wake of Major Cyber Attacks (Jess Nall)

4:20pm-5:00pm

• Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government (Morgan Demboski, Mark Parsons) 
• Isolation or Hallucination? Hacking AI Infrastructure Providers for Fun and Weights (Hillai Ben-Sasson, Sagi Tzadi)

Thursday, August 8th

11:20am-12:00pm

• Flipping Bits: Your Credentials are Certainly Mine (STÖK STÖK, Joona Hoikkala)

12:15pm-12:40pm

• Mainstage: Let Me Tell You a Story: Technology and the 4 Vs (Jen Easterly)

1:30pm-2:10pm

• The Hidden Treasure of Crash Reports? (Patrick Wardle)

2:30pm-3:00pm

• Threat Hunting with LLM: From Discovering APT SAAIWC to Tracking APTs with AI (Hongfei Wang, Dong Wu, Yuan Gu)  

For more information on the talks listed above, head over to the RL Blog to read about these SecOps and software supply chain security briefings happening next week. 

Don’t pass up Booth #2660

Curious about what you can expect from ReversingLabs at Black Hat? Well, RL’s booth (#2660) will be hosting round-the-clock live demos of our mature security tool-stack, all designed to enhance cybersecurity effectiveness, from SecOps to SSCS. All you have to do is stop by our booth and say hello, or book time with the RL team here. 

RL also has some engaging and insightful events lined up next week at booth #2660 that you don’t want to miss:

Open the Black Box of Commercial Software

August 7th & 8th at 10:30am

Before you buy. Before you deploy. Learn how to assess and manage your third-party software risk.

Make Software, Not Malware

August 7th & 8th at 11:30am

For every component, every check in, every release. Learn how to identify software supply chain attacks before you ship.

RL Book Club: The Art of Mac Malware by Patrick Wardle

August 7th from 2-3pm

Patrick Wardle , the CEO/Co-Founder of Double You and the Founder of the Objective-See Foundation, Inc , is joining the RL team at Black Hat for a presentation on his essential book: The Art of Mac Malware. The first 100 people to attend will be able to partake in a live Q&A with Wardle, and will be offered a free, signed copy of his book. 

Get More from Your SOAR: Automated Malware Analysis

August 7th at 5pm & August 8th at 2:45pm

Move beyond reactive to proactive in your security operations with more complete enrichment of artifacts and definitive classifications.