Heading to Vegas the Week of August 5th? Here’s Where to Find Us!

Join us in Las Vegas as we showcase our Code to Cloud^TM platform at Black Hat, BSides and Def Con. You won’t want to miss the breakout and theater sessions, demos, parties, prizes and more.

Prisma Cloud will be at three events during the week of August 7 in Las Vegas, Nevada, so mark your calendars!

• BSidesLV: August 6-7
• Black Hat: August 7-8
• Def Con: August 8-11

Secure from Code to Cloud

Prisma Cloud secures every stage of the application lifecycle. The platform helps organizations prioritize and eliminate risks across code/build, infrastructure and runtime.

• Ship secure code by design with developer-friendly code security integrations to fix risks before they reach runtime.
• Protect the entire application infrastructure and harden your cloud estate.
• Stop active attacks with inline protection and defense-in-depth.

BSides Las Vegas, August 8-9

Kick the week off at BSidesLV. Prisma Cloud by Palo Alto Networks is a Gold Sponsor. Stop by the Tuscany Suites and Casino Hotel to chat with our experts and enter our raffle for a chance to win a Flipper Zero.

Speaking Sessions

Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories

Tuesday, August 6th | 3:00 PM

Presented by Yaron Avital, Sr. Staff Researcher

Open-source projects often leverage GitHub Actions for automated builds. Join Yaron as he delves into a novel attack vector where he discovered a treasure trove of secrets — leaked access tokens — hidden within seemingly innocuous build artifacts, available for everyone to consume. These tokens encompassed various cloud services, interesting in their own right, but Yaron aimed to achieve more — taking control over these open-source projects.

Finding hidden GitHub Actions tokens in these artifacts was the easy part, and Yaron even managed to poison the projects’ artifacts and cache. But pushing malicious code into the repositories failed, as the ephemeral tokens created in each workflow run expired as soon as the job was finished. This presented a thrilling challenge, a race against time to steal and use these tokens before they vanish.

This session equips attackers with a novel attack path, revealing how to unearth sensitive data in build artifacts, craft a high-speed exploit to catch ephemeral tokens and utilize them for swift attacks. Yaron will showcase real-world examples of popular open-source projects he was able to breach, including projects maintained by high-profile organizations.

Black Hat USA, August 7-8

Experience Precision AI technology in action at Black Hat USA 2024.

Palo Alto Networks is a top sponsor and supporter of the Network and Security Operations Center (NOC/SOC) at Black Hat USA 2024 in Las Vegas, NV. Black Hat is a premier cybersecurity conference that brings together security professionals, researchers and leaders to discuss the latest threats, trends and technologies in information security. The event features hands-on training, briefings on the latest in information security research and networking opportunities for professionals at all career levels.

Related: Black Hat Executive Q&A with Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

Speaking Sessions

From Exploit to Shield: Attacking Generative AI Apps to Create Cyber Resilience, Sponsored Session

Wednesday, August 7 | 2:35 – 3:25 PM

Presented by Michael Sikorski, CTO, Unit 42 and Mike Spisak, Technical Managing Director, Proactive Services, Unit 42

Generative AI is becoming a driving force for innovation across industries, transforming how businesses operate. With rapid growth, though, comes new security risks. This presentation dives into the emerging threats facing generative AI.

Michael and Mike will discuss Unit 42's latest research, revealing how cybercriminals are actively using techniques to manipulate AI systems for malicious purposes. Through examples and live demonstrations, they'll expose how these attacks can bypass security measures, manipulate AI-generated content and compromise sensitive data. They'll then delve into practical defense strategies, empowering organizations to fortify their AI applications against evolving threats.

By understanding the tactics used to both attack and defend AI systems, organizations can better navigate the evolving security challenges and ensure that this powerful technology is used safely and responsibly.

Arsenal Session: Cloud Offensive Breach and Risk Assessment (COBRA)

Thursday, August 8 | 10:10 – 11:20 AM

Presented by Anand Tiwari, Manager, Product Management and Harsha Koushik, Technical Product Manager

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multicloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors, including external and insider threats, lateral movement and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

COBRA Features

1. Seamless Integration for POC and Tool Evaluation: COBRA provides seamless integration for Proof of Concept (PoC) and tool evaluation purposes. Whether you're exploring new cloud-native applications or evaluating existing solutions, COBRA offers a user-friendly interface and flexible deployment options to facilitate effortless testing and assessment.
2. Comprehensive Assessment of Cloud-Native Security Posture: Gain unparalleled insights into your organization's existing cloud-native security posture with COBRA. Our advanced assessment capabilities enable you to identify vulnerabilities, assess security controls and pinpoint areas for improvement. By understanding your current security posture, you can proactively address gaps and strengthen your defenses against emerging threats.
3. Benchmarking Against Industry Standards and Best Practices: COBRA enables you to benchmark your cloud security controls against industry standards and best practices. With our comprehensive benchmarking framework, you can compare your security posture against established benchmarks, identify areas of strength and weakness, and prioritize remediation efforts accordingly.
4. Actionable Insights and Recommendations: COBRA goes beyond providing insights by delivering actionable recommendations tailored to your organization's specific needs.
5. Continuous Threat Simulation: COBRA offers a modular and templatized approach for users to easily integrate additional modules, allowing for continuous threat simulation and adaptability. By providing a flexible framework for adding modules, COBRA ensures that users can tailor their threat simulation capabilities according to evolving security needs.

Prisma Cloud Theater Sessions at Booth #1632

Shift from Findings to Root Causes with Prisma Cloud

Wednesday, August 7 | 10:30 – 10:45 AM

Presented by Cameron Hyde, Product Marketing Manager, Prisma Cloud

Why Visibility Isn’t Enough for Runtime Protection

Wednesday, August 7 | 2:30 – 2:45 PM

Presented by Sohini Mukherjee, Prisma Cloud Solutions Architect

Shifting Left: Perceptions Vs. Realities

Wednesday, August 7 | 3:45 – 4:00 PM

Presented by Nick Ohri, Prisma Cloud Solutions Architect

Cloud Data Risk – Bringing Data into the Security Context

Thursday, August 8 | 1:30 – 1:45 PM

Presented by Brian Pierce, Prisma Cloud Solutions Architect

Attend Our Networking SOCial @ KUMI

Wednesday, August 7 | 6 – 8 PM

Experience a modern approach to Japanese Cuisine and specialty libations as you mingle with a who’s who of cybersecurity leaders and experts from around the world. Register for our Networking SOCial now.

Executive Meeting Requests: Visit with Prisma Cloud at Black Hat

Customer and partner engagement is important to us because it’s the building block of your experience and our relationship. If you’d like to schedule a meeting with Prisma Cloud subject matter experts, executives or sales reps, we’ll be available.

Take a minute to explore the many Palo Alto Networks Black Hat activities.

Def Con, August 8-11

Wrap up the week at Def Con 202,4 where Prisma Cloud researcher Avid Hahami will share his latest insights.

Speaking Sessions

OH-MY-DC: Abusing OIDC All the Way to Your Cloud

Saturday, August 10th | 1:00 PM

Presented by Aviad Hahami, Sr. Staff Researcher

As DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new OIDC alternative — the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked.

In this talk, Aviad will begin by recapping what OIDC is, who the interacting entities are when OIDC is used, and how OIDC is taking place to securely access one's cloud using CI/CD flows.

Once covered, Aviad will be able to alternate points of view between the entities in play and potential vulnerabilities in various setups.

Starting with the user POV, he’ll show you what "under-configurations" looks like and demonstrate how new OIDC configuration options can actually be misconfigurations that could result in a compromise.

He’ll then explore another attack vector where leaking an OIDC token from a single repository in an organization can allow an attacker to abuse under-configurations and access private clouds.

After that, he’ll shift the POV to the identity provider (IdP) to show you what happens if an IdP is misconfigured, and disclose a real-world security vulnerability found in one of the most popular CI vendors that allowed his team to access their customers' cloud environments.

As promised, you don’t want to miss out. See you in Las Vegas!