Key Highlights from Next Week’s Black Hat USA 2019

0
2

KEY EVENT HIGHLIGHTS

Background Information & Black Hat USA 2019 by the Numbers:

  • What is Black Hat?Black Hat is a vendor‐neutral community that brings together leading professionals from the public and private sector, academia, and research to share the most critical, actionable security research and insights through cutting‐edge conferences and educational programs.
  • Conference Schedule & Speakers: Black Hat USA 2019 will welcome more than 200 speakers and trainers across nearly 120 Briefings and more than 90 deeply technical Trainings. The lineup is further enhanced this year by nearly 90 sponsored sessions and in-depth sponsored workshops.
  • Attendance: Black Hat USA only reports on verified attendee data, post event. We had nearly 19,000 attendees in 2018 and have had a strong 2019 registration. We expect to exceed the nearly 19,000 attendees we saw last year – making this the largest show in the event’s history.
  • Review Board:All Briefings are reviewed and selected by the Black Hat Review Board, which includes 24 of the world’s foremost security experts. For Black Hat USA, we also welcome 40 Guest Review Board members to help evaluate our large number of submissions.
  • Keynote, Wednesday, August 7 at 9:00 AM (Events Center):Dino Dai Zovi, responsible for leading security engineering for Square’s Cash App, will present, “Every Security Team is a Software Team Now.”
  • Full Briefings Schedule (Wed/Thurs): See all Briefings Abstracts here.
  • Black Hat 2019 Arsenal (Wed/Thurs, Business Hall) –Black Hat USA Arsenal has returned for its tenth year, offering researchers and the open source community the ability to demonstrate tools they develop and use in their daily professions – live. This year’s program will feature more than 90 tools spanning data forensics, network attacks, iOS, exploitation, and more. New this year, attendees can also participate in the Arsenal Lab, which offers a hands-on, unique opportunity to play with hardware, ICS gear, and IoT devices in a controlled environment.
  • Business Hall (Wed/Thurs, Shoreline, Oceanside, and Mandalay Bay Ballrooms, Level 2):  The Business Hall will provide access to more than 300 leading companies. Attendees will be given the opportunity to experience hands on learning, demonstrations and education on the latest products and technologies as well as deep dive sessions presented by vendors in the Business Hall Theaters. The Business Hall will also include focused areas for attendee, vendor and community engagement including – Innovation City, Arsenal, Career Zone, the Business Center, and various lounges.

NOTABLE THIS YEAR

  • EFF Donation: Back for a sixth year – for every Business Pass sold, Black Hat will donate $100 to the EFF to support their important work, up to a maximum of $50,000.
  • 2019 Black Hat USA Attendee Research Report Consumers in the Crosshairs: available for complimentary download. The report highlights major security risks associated with voting machines to be used in the 2020 U.S. presidential election, ATMs, ride service and banking apps, social media, and more.
  • Black Hat USA Micro Summits (Wednesday/Thursday, Mandalay Bay C/D): The Micro Summits are designed to foster education and collaboration on focused topics in the information security industry. Leading experts will share their insights on topics including cyber liability insurance and bug bounty best practices.
  • Arsenal Lab (Wednesday/Thursday, Business Hall – Oceanside): The Arsenal Lab is our newest addition to the Arsenal and will offer attendees a hands-on approach to hacking various tools led by Arsenal veterans and Black Hat Trainers. It provides a unique opportunity to play with hardware, ICS gear, and IoT devices in a controlled environment.
  • SpecterOps Workshop (Wednesday, South Seas I/J): Attendees can join the SpecterOps team on Wednesday to learn the tactics, techniques, and procedures used by adversaries to attack Active Directory in real-world breaches. In this workshop, attendees will discuss and demonstrate how an adversary can find common abusable misconfigurations, while gaining hands-on experience with analyzing a representative enterprise environment for these attacks.
  • Black Hat NOC (Saturday–Thursday, Surf E/F): Black Hat will be partnering with Palo Alto Networks, RSA, Ruckus Networks, CenturyLink, Gigamon, and Cisco to deliver a highly secured, state-of-the-art network infrastructure.
  • Black Hat NOC Presentations (Wednesday/Thursday, Surf D): Leaders of the Black Hat Network Operations Center (NOC) will present an overview of the overall network and security architecture, educate attendees on the network, and share statistics that they are discovering within the NOC at the event.
  • DEF CON Badge Distribution: Badge pickup will take place on August 9, starting at 07:00 for Black Hat attendees at the 2nd Floor, Built-in Counters (across from Mandalay Bay J).
  • Merchandise Store: Visit the Official Black Hat USA Merchandise Store, on Level 2 in the Palm Foyer, to grab T-shirts, outerwear, gifts, hats, and more.

SPECIAL EVENTS

  • PWNIE Awards: The annual PWNIE Awards will take place on Wednesday, August 7 at 6:30 in Lagoon Ballroom D-L. Known as the security industry’s premier awards show, the PWNIES celebrate the achievements and failures of the security community over the past year. For more information, visit: pwnies.com/.
  • Official Black Hat USA Parties:  https://www.blackhat.com/us-19/parties.html

NEWS AND COVERAGE PAGE

FUTURE DATES/EVENTS

  • Black Hat Trainings 2019, Alexandria, VA, October 17-18
  • Black Hat Trainings 2019, Tokyo, Japan, October 24-25
  • Black Hat Europe 2019, London, UK, December 2-5
  • Black Hat Asia 2020, Singapore, March 31 – April 3
  • Black Hat USA 2020, Las Vegas, NV, August 1-6

SAFETY TIPS TO PREVENT BLACK HAT TRICKS

Black Hat USA is the premier international security conference, welcoming the best and brightest security experts and thus some of the most experienced and talented hackers in the world.  While Black Hat does not condone or endorse any sort of malicious activity, all attendees – regardless of their profession, level of experience or knowledge – should take the necessary precautions to ensure their security while onsite at the show – or any security conference for that matter.

Here are some quick security tips:

INTERNET

Browsing: To avoid tricks, do not surf anywhere that would require you have any expectation of privacy and do not perform any banking functions, or other sensitive transactions while onsite at the event. Do not open a random website or link sent or provided to you by an unknown or untrusted source. The best way to combat, but not eliminate, such risks is to always encrypt your traffic.

Wireless: To ensure you are securely using a wireless network (and not a fake!), do not connect to any unknown network, regardless of the name.  Be sure to also disable all Bluetooth and NFC functionality on your computer, phone, and tablet.

Wired: Do not plug into any random/unfamiliar open line, jack, or cable. There will be no random loose jacks or cables that will be secured outside designated Black Hat areas.

MOBILE DEVICES (LAPTOPS, PHONES, TABLETS)

To ensure you are securing your mobile data properly, consider the following:

  • Don’t leave a device out of sight, even for a moment
  • By far, the most secure place for your device(s) when you don’t need them is in your hotel room, locked in the room safe and completely off
  • Be up-to-date on all patches before arriving in Vegas
  • Any device that you bring to Las Vegas with sensitive data on it should be encrypted and include strong passwords
  • Turn off file Sharing, Bluetooth and WiFi (when not connected to a secure access point) on all devices
  • Be aware that data and voice transmissions can be intercepted, and tailor your interactions appropriately
  • Pay attention to the overall performance of your device(s). Crashes, slow speeds and bugs can be reasons for concern
  • Change your passwords immediately after leaving Vegas

SOCIAL ENGINEERING

Social engineering is when someone tries to influence you into taking an action that may or may not be in your best interest. As such there are a number of things to watch for during personal interactions while onsite (and in general!):

  • In general, be on-guard and aware of your surroundings
  • Refrain from letting others use your computer/devices for any purpose
  • If presented with a USB drive/key/thumb drive, do not plug it into your laptop unless you are absolutely sure you can trust its contents
  • Credit Card numbers are prime candidates for theft. Do not use the ATM machines anywhere near the conference. Cash is always a safe option!
  • RFID enabled Credits Cards are at particular risk for handheld scanners/wands. Use a shielded wallet if you have RFID credit cards or identification
  • Your hotel key card can be scanned by touch, so keep it deep in your wallet
  • Talk quietly and conduct confidential phone calls off site

BLACK HAT CODE OF CONDUCT

Black Hat believes our community should be truly open for everyone. As such, we are committed to providing a friendly, safe and welcoming environment for all. By participating at Black Hat USA 2019, you agree to abide by the Black Hat Code of Conduct, which can be viewed at: blackhat.com/code-of-conduct.html

Keep an eye on Black Hat here:

https://www.flickr.com/photos/blackhatevents/

https://www.facebook.com/Black-Hat-Events-107691635153/

https://www.linkedin.com/company/black-hat/

https://twitter.com/BlackHatEvents 

Sources:  Black Hat and Cyber Defense Magazine