10 Must-See Talks at Black Hat and DEF CON

A Bishop Fox Guide

Infosec always waits for that once-a-year opportunity to check out the latest and greatest security research (as well as rub elbows with some of the industry’s best, and maybe even Vegas it up if that’s your thing). Bishop Fox has been a consistent presence at both Black Hat USA and DEF CON for the past decade. This year, we happen to have a bevy of exciting talks scheduled – Ben Morris on AWS security, Dan Petro and Gavin Stroy unveiling their perimeter intelligence tool Eyeballer, and Francis Brown and Matt Gleason on smarter home invasion with ZigDiggity.

The only downside of “hacker summer camp” is that there is almost too much going on; every year, it can feel like it gets more difficult to decide where to spend your time. Check out a village? Stop by the keynote? Pick some locks?! But wait, there’s badass-looking training then, too! If this is your predicament, fear not! After our own sessions, here’s the talks that we’re most excited about at this year’s events. See you there!

*First, a shameless plug for our Bishop Fox speakers:

A Picture is Worth a Thousand Vulns - Weaponized Machine Learning to Target Website Screenshots
Dan Petro + Gavin Stroy @ Black Hat Arsenal, speaking on weaponized machine learning.
Thursday, August 8 at 11:30 - Location: Business Hall (Oceanside), Arsenal Station 1, Track Web AppSec

More Keys Than a Piano: Finding Secrets in Publicly Exposed EBS Volumes
Ben Morris @ DEF CON discussing AWS cloud security – specifically, how the public mode of Amazon EBS could be putting organizations at risk
Friday, August 9 at 13:00 - Track 4

ZigBee Hacking: Smarter Home Invasion With ZigDiggity
Francis Brown + Matt Gleason @ DEF CON + Black Hat Arsenal, bringing back ZigBee hacking w/ ZigDiggity. Read more
Arsenal: Wednesday, August 7 at 1:50 + August 8 at 11:55 - Location: Business Hall (Oceanside)
DEF CON: Sunday, August 11 at 10:00 - Location: Sunset 2 at Planet Hollywood

Must-see talks:

New Vulnerabilities in 5G Networks
Wednesday, 8/7 @ 1:30pm-2:20pm at Mandalay Bay
Altaf Shaik | M.Sc., Technical University of Berlin and Kaitiaki Labs
Ravishankar Borgaonkar | Dr., SINTEF Digital

Planning a Bug Bounty: The Nuts and Bolts from Concept to Launch
Thursday, 8/8 @ 9:45am-10:35am at Mandalay Bay
Adam Ruddermann | Director, NCC Group

Hacking Congress: The Enemy Of My Enemy Is My Friend
Friday, 8/9 @ 10:00 in Track 2
Former Rep. Jane Harman, President, The Wilson Center. Former Rep. (D-CA), aka Surfer Jane

Can You Track Me Now? Why the Phone Companies are Such a Privacy Disaster
Fri, 8/9 @ 16:30 in Track 2
U.S. Senator Ron Wyden

How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market
Saturday, 8/10 @ 12:00 in Track 1
Joseph Cox, Senior Staff Writer, Motherboard

Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
Saturday, 8/10 @ 12:00 in Track 2
Damien Cauquil (virtualabs), Senior Security Researcher @ Econocom Digital.Security

Zero bugs found? Hold my beer AFL! How to improve coverage-guided fuzzing and find new 0days in tough targets
Sat, 8/10 @ 14:00 in Track 3
Maksim Shudrak, Security Researcher

Confessions of an Nespresso Money Mule: Free stuff & triangulation fraud
Sat, 8/10 @ 16:00 in Track 3
Nina Kollars, Associate Professor Naval War College Strategic and Operational Research Department and Kitty Hegmon

Malproxying: Leave Your Malware at Home
Sunday 8/11 @ 12:00 in Track 2
Hila Cohen, Security Researcher, XM Cyber
Amit Waisel, Senior Technical Leader, XM Cyber

HTTP Desync Attacks: Smashing into the Cell Next Door
Sunday, 8/11 @ 12:00 in Track 3
James Kettle (albinowax), Head of Research, PortSwigger