As I’m sitting here about to embark on my second annual trip to Black Hat, I’m wondering why anyone would want to bear the summer heat in Las Vegas. This time last year, temps topped out at 108o, and it's looking to be similar this time around.
In 2023, amidst the craze for those MoonSwatch watches, I found some free time and attempted to walk up the Las Vegas Strip, hoping to find the colorway I wanted. Unfortunately, it was sold out, and I ended up taking an Uber back to the hotel because I had traveled too far in the heat.
In an effort to justify the spend to send me to Vegas for the week (Thanks Palo Alto Networks ), my manager asked me what I was most excited about and interested in seeing at the event. Every year, BSides, Black Hat and Def Con butt up against each other in Sin City — forming this kind of super week for practitioners that some refer to as “Hacker Summer Camp.” Secretly, I’m also hoping to see Dead & Co at the Sphere.
But in all reality, if you're looking to discuss hot topics from the previous year and where the upcoming trends are — in addition to attending training to learn new skills and hear about rad open-source projects from vendors (and maybe hit a party or two) — there isn’t a better week.
So yeah, I’ll be braving the heat (though not too excited about that part).
Top 10 Cool Sessions and Hot Topics I’m Looking Forward To
1. Practical LLM Security from an AI Leader? Yes, Please
Unless you’ve just emerged from a two-year hibernation, it’s no secret that AI has been big news. Between the release of ChatGPT and the rocketship that has been NVIDIA’s stock price, even my non-technical dad is asking me about this stuff.
The full impact that LLMs will have, from a security perspective, is rapidly evolving. Who better to hear from than a principal security architect at NVIDIA who's spent time in the trenches?
Of course at Palo Alto Networks, we have our opinions. It’ll be good, though, to get a pulse check on where we are and where others think we are. Lets see what types of attacks they say are prevalent and most impactful, how to assess LLM integrations from a security perspective, and hear thoughts on mitigation and principle-first security built into design from the outset.
Session details: Practical LLM Security: Takeaways From a Year in the Trenches
2. Enough AI Talk? Not Yet
Following on the AI/LLM theme, it will prove to be important to explore how to efficiently use these tools in incident response. Predict, Prioritize, Patch: How Microsoft Harnesses LLMs for Security Response seems like it will be worth the time to have a crash course in leveraging LLMs to reduce the impact of tedious security response workflows.
I’ll be looking forward to learning how COBRA can address these issues.
3. Lessons Learned from Fixed AWS Vulnerabilities
You’re probably using a CIEM tool to lock down access to your cloud — managing the customer side of the shared responsibility model. But what about gaining access from the other side? Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access explores what we can learn from vulnerabilities in AWS services that had allowed access to cloud resources before they were fixed.
4. A Single JavaScript Object Creation Can Trick the V8 JavaScript Engine?
So I’m a little biased here, but it's always awesome to learn about the great work your colleagues are doing.
This presentation by our Palo Alto Networks team reveals the full exploit chain the presenters used to successfully compromise Google Chrome and Microsoft Edge. It features a unique approach that breached both the V8 engine and its sandbox at Pwn2Own Vancouver 2024, marking the first such occurrence after Chrome's three-year unbeaten streak at the event.
Session details: Let the Cache Cache and Let the WebAssembly Assemble: Knockin' on Chrome's Shell
5. Are You Protected from Shadow Exposures? Not Likely
Recently, I wrote about the risks posed by shadow cloud resources, which I like to describe as swimming in the ocean at night — you don’t know what’s out there. While looking through the Black Hat catalog, I found a session titled Breaching AWS Accounts Through Shadow Resources, which seems to play.
6. Automate the Testing of Multistage Attacks (Arsenal Session)
Black Hat Arsenal sessions are a great place to interact with researchers and the open-source community to learn about the latest open-source tools and products.
From an insider’s perspective, the market is trending toward platforms that combine insights from multiple tools to highlight attack paths. Security teams will benefit from having an open-source tool that can test platform features.
Single-point simulations fall short of representing the spectrum of potential threats, resulting in a false sense of security. To address this, my colleagues have developed a tool that automates the testing of various threat vectors — external and insider threats, lateral movement, data exfiltration, to name a few — enabling organizations to test their security posture against multistage attacks.
Session Details: Arsenal Session: Cloud Offensive Breach and Risk Assessment (COBRA)
7. Headed to BSides? Here’s One for You
Right down the road at BSides in the Tuscany Hotel — that’s where you’ll find me on Tuesday, hiding from the heat. Throw a good Indiana Jones pun at me, and you’ve sparked my interest.
Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories
Hidden treasures — aka, sensitive data — are everywhere in the cloud. In fact, the State of Cloud-Native Security Report 2024, which I contributed to, found that data assets account for 40% of cloud resources.
In this session, another of my colleagues will dissect a novel attack path he discovered on GitHub Actions, where he found leaked access tokens within build artifacts accessible to the public. He’ll show us how he was able to use these tokens from various cloud services to attempt taking over open-source projects. I’m particularly interested in seeing high-profile examples of breaches in popular open-source projects.
8. Black Hat Day 1 Cool Down: Join Cortex at the Minus-5o ICE BAR
Where better to be when it’s been 100+ degrees all day than an ice bar? While we’re at it, we can escape the ice age of outdated security operations and step into the future with Palo Alto Networks® in an exclusive after-hours party on Wednesday, August 7.
9. Black Hat Day 2 Cool Down: GitHub and Friends Happy Hour
If you're sticking around for Def Con or are looking for something to do after Black Hat on Thursday evening, you’ll find me at Libertine Social — the place to be.
10. Okay Fine. One for Def Con
I won’t be sticking around for the weekend (I can only handle so much time in Vegas, plus the heat.). If I were sticking around, though, attending OH-MY-DC: Abusing OIDC All the way to Your Cloud would top my Def Con to-do list.
A more secure alternative for shifting away from the use of long-lived static credentials, OpenID Connect (OIDC) is gaining traction among DevOps and developers. Though largely underutilized due to its complexity, it takes just one significant exploit to underscore its importance. And that's a good reason to plan on hitting this session.
Here, you'll get a recap of OIDC, learn about the key entities involved, and walk away with an understanding of OIDC’s integration into cloud access via CI/CD workflows. It’ll be interesting to hear alternate points of view between the entities in play and the potential vulnerabilities in various setups.
And oh hey, I almost forgot. When you're at Black Hat, you can come hear me at Prisma Cloud's booth #1632. I'll be talking about shifting from findings to root causes on Wednesday, August 7 at 10:30.
See you in Las Vegas!