A Bishop Fox Guide
Infosec always waits for that once-a-year opportunity to check out the latest and greatest security research (as well as rub elbows with some of the industry’s best, and maybe even Vegas it up if that’s your thing). Bishop Fox has been a consistent presence at both Black Hat USA and DEF CON for the past decade. This year, we happen to have a bevy of exciting talks scheduled – Ben Morris on AWS security, Dan Petro and Gavin Stroy unveiling their perimeter intelligence tool Eyeballer, and Francis Brown and Matt Gleason on smarter home invasion with ZigDiggity.
The only downside of “hacker summer camp” is that there is almost too much going on; every year, it can feel like it gets more difficult to decide where to spend your time. Check out a village? Stop by the keynote? Pick some locks?! But wait, there’s badass-looking training then, too! If this is your predicament, fear not! After our own sessions, here’s the talks that we’re most excited about at this year’s events. See you there!
*First, a shameless plug for our Bishop Fox speakers:
A Picture is Worth a Thousand Vulns - Weaponized Machine Learning to Target Website Screenshots
Dan Petro + Gavin Stroy @ Black Hat Arsenal, speaking on weaponized machine learning.
Thursday, August 8 at 11:30 - Location: Business Hall (Oceanside), Arsenal Station 1, Track Web AppSec
More Keys Than a Piano: Finding Secrets in Publicly Exposed EBS Volumes
Ben Morris @ DEF CON discussing AWS cloud security – specifically, how the public mode of Amazon EBS could be putting organizations at risk
Friday, August 9 at 13:00 - Track 4
ZigBee Hacking: Smarter Home Invasion With ZigDiggity
Francis Brown + Matt Gleason @ DEF CON + Black Hat Arsenal, bringing back ZigBee hacking w/ ZigDiggity. Read more
Arsenal: Wednesday, August 7 at 1:50 + August 8 at 11:55 - Location: Business Hall (Oceanside)
DEF CON: Sunday, August 11 at 10:00 - Location: Sunset 2 at Planet Hollywood
Must-see talks:
New Vulnerabilities in 5G Networks
Wednesday, 8/7 @ 1:30pm-2:20pm at Mandalay Bay
Altaf Shaik | M.Sc., Technical University of Berlin and Kaitiaki Labs
Ravishankar Borgaonkar | Dr., SINTEF Digital
Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch
Thursday, 8/8 @ 9:45am-10:35am at Mandalay Bay
Adam Ruddermann | Director, NCC Group
Hacking Congress: The Enemy Of My Enemy Is My Friend
Friday, 8/9 @ 10:00 in Track 2
Former Rep. Jane Harman, President, The Wilson Center. Former Rep. (D-CA), aka Surfer Jane
Can You Track Me Now? Why the Phone Companies are Such a Privacy Disaster
Fri, 8/9 @ 16:30 in Track 2
U.S. Senator Ron Wyden
How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market
Saturday, 8/10 @ 12:00 in Track 1
Joseph Cox, Senior Staff Writer, Motherboard
Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
Saturday, 8/10 @ 12:00 in Track 2
Damien Cauquil (virtualabs), Senior Security Researcher @ Econocom Digital.Security
Zero bugs found? Hold my beer AFL! How to improve coverage-guided fuzzing and find new 0days in tough targets
Sat, 8/10 @ 14:00 in Track 3
Maksim Shudrak, Security Researcher
Confessions of an Nespresso Money Mule: Free stuff & triangulation fraud
Sat, 8/10 @ 16:00 in Track 3
Nina Kollars, Associate Professor Naval War College Strategic and Operational Research Department and Kitty Hegmon
Malproxying: Leave Your Malware at Home
Sunday 8/11 @ 12:00 in Track 2
Hila Cohen, Security Researcher, XM Cyber
Amit Waisel, Senior Technical Leader, XM Cyber
HTTP Desync Attacks: Smashing into the Cell Next Door
Sunday, 8/11 @ 12:00 in Track 3
James Kettle (albinowax), Head of Research, PortSwigger
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Dec 12, 2024
Our Favorite Pen Testing Tools: 2024 Edition
Oct 15, 2024
Off the Fox Den Bookshelf: Security and Tech Books We Love
Sep 17, 2024
Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing
Aug 28, 2024
Offensive Security Under the EU Digital Operational Resilience Act (DORA)