7 Sessions Not to Miss at Black Hat USA 2024

COMMENTARY

As always, Black Hat USA 2024 promises to be a treasure trove of insights for cybersecurity professionals. The artificial intelligence craze notwithstanding, vulnerability remediation continues to be the core focus for all sizes of organizations seeking to make security more efficient. Understandably, this year's conference promises a variety of approaches, case studies, and informative discussions on this topic. Here are the seven most illuminating sessions we suggest you attend, for insights on discovering, prioritizing, and patching vulnerabilities: 

Breaching AWS Accounts Through Shadow Resources

Speakers: Yakir Kadkoda, Michael Katchinskiy, Ofek Itach 
Date: Wednesday, Aug. 7, 10:20 a.m.-11 a.m. 
Tracks: Cloud security, enterprise security

Did you know that six critical vulnerabilities in Amazon Web Services (AWS) have the potential to lead to severe breaches, including remote code execution and information disclosure? This session dives into a methodology for discovering these vulnerabilities, and the speakers will introduce a new open source tool for researching service internal API calls. This session is essential for understanding and mitigating complex cloud vulnerabilities. 

Predict, Prioritize, Patch: How Microsoft Harnesses LLMs for Security Response

Speaker: Bill Demirkapi 
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m. 
Tracks: AI, ML & data science, application security: defense

Joining this session will help you understand more about how Microsoft leverages large language models (LLMs) to streamline security response workflows. Hear about practical applications of LLMs for deriving vulnerability information, predicting report severity, and generating root causes from crash dumps. This is a seminal session for organizations looking to enhance their vulnerability management with AI. 

Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction

Speakers: Adnan Khan, John Stawinski 
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m. 
Tracks: Enterprise security, application security: offense

This technical deep dive addresses the security risks associated with self-hosted CI/CD runners, highlighting critical vulnerabilities discovered in GitHub and other platforms. Attendees will learn how to defend against pipeline poisoning and privilege escalation attacks, which are vital for securing the software development life cycle. 

The GCP Jenga Tower: Hacking Millions of Google's Servers With a Single Package (and More)

Speaker: Liv Matan 
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m. 
Tracks: Cloud security, application security: offense

Explore how a single faulty command in Google Cloud Platform (GCP) led to a critical RCE vulnerability, affecting millions of servers. This session will provide insights into the complexity of cloud services and present tools for uncovering hidden APIs used by cloud providers. Security leaders managing cloud security in their organizations and seeking to understand cloud service vulnerabilities will find this talk invaluable. 

Will We Survive the Transitive Vulnerability Locusts?

Speakers: Eyal Paz, Liad Cohen 
Date: Thursday, Aug. 8, 2:30 p.m.-3 p.m. 
Tracks: Application security: defense, exploit development & vulnerability discovery

Learn about the risk of transitive dependencies in software projects, with speakers clearly demonstrating how these vulnerabilities can be exploited. Attendees will learn practical strategies for mitigating these risks and prioritizing vulnerabilities in their threat model, which is crucial for secure software development. 

Break the Wall From Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls

Speakers: Qi Wang, Jianjun Chen, Run Guo, Chao Zhang, Haixin Duan 
Date: Thursday, Aug. 8, 2:30 p.m.-3 p.m. 
Tracks: Application security: offense, cloud security

Discover how protocol-level evasion vulnerabilities in WAFs can be exploited to bypass security measures. This session introduces WAF Manis, a novel testing framework that uncovered 311 evasion cases and could be extremely useful for those looking to strengthen their Web application defenses against sophisticated attacks. 

Are Your Backups Still Immutable, Even Though You Can't Access Them?

Speakers: Ryan Kane, Rushank Shetty 
Date: Thursday, Aug. 8, 3:20 p.m.-4 p.m. 
Tracks: Enterprise security, application security: offense

This session explores the security of immutable backups, highlighting how attackers can target the infrastructure hosting backup data. Learn the processes, failures, and successes in testing immutable backups, crucial for ensuring data resilience against ransomware attacks.

These sessions and many others on vulnerability remediation are a testament to the growing importance of building a culture of proactive security, by addressing the constantly evolving attack surfaces and staying vigilant. Ensuring that you have a robust vulnerability remediation process is a critical and vital security checkpoint in your organization's security posture.