Black Hat USA is known for cutting-edge security research, and this year’s conference is no different. If you’re a Qualys customer, here are some Black Hat sessions we think you’ll find relevant.
An investigation of real “next-gen” digital forensics and incident response cases like SolarWinds, and how to adapt your response processes to meet today’s global threats
How sophisticated attacks use novel ways to access the cloud, especially Microsoft 365, where more and more organizations are collaborating and storing some of their most confidential data
An interpretable machine learning model for malware detection built with a few hundred YARA rules that can generate signatures optimized for detection with minimal false positives
New memory forensic techniques that can analyze the Linux kernel’s tracing infrastructure and report on potential abuses that currently go undetected
How an attacker could manipulate various services in AWS and cause them to perform actions on other clients’ resources due to unsafe identity policies used by AWS services to access clients’ resources
An internet-scale IPv6 router discovery technique that uses a data fusion attack against residential home routers running IPv6 to discover and precisely geolocate millions of home routers deployed in the wild across the world
A new technical approach to securing auth systems’ golden secrets like private keys for SAML and how to break them into multiple less precious secrets in a fully backward compatible manner for better security
An investigation of the different exploit steps of the Zerologon attack discovered during research on Netlogon cryptography and how exactly Microsoft’s patch mitigates it
A Siamese neural network trained to detect brand impersonation (where a malicious user crafts content to look like a known brand to deceive a user into entering sensitive information) that outperforms a baseline image hashing algorithm on a held-out training set
A workload identity architected in AWS Lambda that shares identity between the data center and cloud services to create secure infrastructure between the two
Easy-to-implement, human-centric countermeasures against deepfake social media, e.g. when scammers impersonate executives via synthetic audio in vishing attacks to convince employees to wire funds to unauthorized accounts
Analysis of an attack that achieved remote code execution on the blockchain nodes through a vulnerability in an open source JSON parser and a reminder to blockchain developers and users to be careful about security
Key lessons learned in our experience coordinating the industry-wide remediation of some of the most impactful vulnerabilities ever disclosed, including Heartbleed, Shellshock, Rowhammer, and BlueZ
An investigation of a new attack surface based on a significant change in Exchange Server 2013 that has unparalleled impact not only as the basis of critical vulnerabilities such as ProxyLogon but also as a new paradigm in vulnerability research
Plus Some Non-Research Sessions
Don’t neglect the people aspect of building effective security teams and processes!
What manager doesn’t need to know more about how to create a more inclusive environment that also improves R&D team atmosphere and deliverables?
The lawyer’s role in a security incident and real-world client examples of how lawyers work together with information security professionals
And this last one just sounds too interesting! And it looks like it will be a good source of insights into how state actors and other sophisticated organizations plan and launch attacks.
Join Us Online at Black Hat USA 2021
We are excited to see you virtually at Black Hat on August 4-5! Schedule a meeting with a Qualys security expert, watch best practices and research sessions, and learn how to get more security with Qualys.
Unfortunately, in light of CDC guidance on the COVID-19 Delta variant and out of concern for the safety of Qualys employees, Black Hat attendees, and residents of Las Vegas, Qualys has made the tough decision to forgo our in-person presence at Black Hat USA 2021. We were very much looking forward to being at the event in person and will continue to support it through our virtual presence.