We’re back in almost full force at BlackHat 2022! The crowds were definitely back compared to last year and while not quite what they used to be pre-Covid, it definitely feels like we’re closer to getting back to normal 
. This post is going to be a long one, so get that scrolling finger ready.
Weather at the Mandalay Bay was usual Vegas hot, but as I’m sure many if you saw it took a turn for the worse with flash floods towards the end of the conference heading into DEFCON (heaviest rainfall in 10 years!)
REGISTRATION
Registration was much more organized that previous years and it was as simple as scanning a QR code and then going to a station to collect your backpack. It was definitely busy with lines the day of the opening keynote, but the day before wasn’t bad at all. They really upped their game from last year when they had technical difficulties and the lines wrapped around the pillars, so Kudos to Mandalay Bay + BlackHat.
Another sorely missed item last year was the backpacks with notepads and the usual SWAG, but those returned in full fashion this year and briefings pass holders were grateful to see the comeback. My suggestion to BlackHat is to add a water bottle as I feel I was scrambling to find water throughout the conference and the little paper cup water stations stations really didn’t do much to quench the thirst. 
EXPO HALL
Only one massive expo hall at Mandalay bay and it can be confusing navigating once you get deeper to the smaller booths with all the crowds.
We had a large 20x20 booth fairly close to the entrance. As you would expect - tons of crowd traffic going around for booth presentations and SWAG.
We gave away LEGO Millennium Falcon Replicas every half hour after our talks at our OpenText Booth #2528. This was probably our most popular prize giveaway I’ve ever seen and we had crowds waiting for the chance to win them.
BOOTH PRESENTATIONS
Our booth continues to use the largest screen you can find anywhere in the expo hall. It’s definitely a head turner that can’t be missed. We had presentations every half an hour.
Security Solutions Sr. Product Manager, Roger Brassard talks email cyber resilience in a world rife with phishing, malware, and business email compromise.
Security Intelligence Director, Grayson Milbourne presents our 2022 Threat Report with mid-year updates. This one is always a favorite and we presented it many times.
One of my favorite booth presentations is Ransomware Rising where I dive into the ransomware landscape and criminal ecosystem and constantly evolving tactics that keeps it going as the best business model for bad actors yet. 
Here is the full agenda of all of our Booth presentations. Plenty of experts ready to give the download on how OpenText is a leader in Threat Intelligence and Cyber Resilience.
SPONSORED SESSION
Chief Product Officer, Ryan Allphin, VP of Product Marketing, Yatin Chalke and Product Marketing director, Sam Kumarsamy talk to guests about Evolving from zero trust. Showcasing a gapless data security stack that provides a path to true cyber resilience - no matter the size of your organization.
FOOD
So not everything is great about BlackHat. Not only were the meals absolutely worse than every option at the food court, but you had to WAIT for it in the longest lines of the entire conference.
While you may go to Vegas for the fine dining, you do NOT go to BlackHat for the food.
BRIEFING SESSIONS
At Black Hat, the briefing sessions have been the main attraction for the past 25 years. In fact, the Expo Hall was only recently added when the conference moved to Mandalay Bay in 2014. Some of these summaries were provided by myself, but most are by our Director of Security Intelligence, Grayson Milbourne.
Intro by Jeff Moss, Founder of Black Hat - Rating 8/10
- 25 years later we still don’t know what’s going on
- Blackhat Scholarships reach 130+
- Talks about Blackhat inception, that is was supposed to DEFCON but professional conference and charge a lot of money (think they won here)
- National Security Conference (NSC) was going to be the name, but “BlackHat sounded spookier”
- Super powered individual
- Russian invasion changes a lot of things
- Mongo DB deleting everything Russian
- Domains from Russia getting sniped from them because Russian credit cards no longer accepted
- Outsized amount of influence - recognize and own
- Sanction lists - fill in the gaps the gov can’t
Keynote by Chris Krebs, former Director of CISA - Rating 8/10
- It’s gonna get worse
- Tech
- Software remains vulnerable - benefits of software outweigh the downsides
- Cloud - COVID drove everyone to it but it reduced transparency
- Explosion of software as a service
- Bad actors
- Changed focus
- If you're hosting a service, you're the target
- That's where the money is
- Gov
- Struggled balancing market intervention and regulation that stifles innovation
- Doesn't regulate well, checklists and compliance instead of outcomes based
- Still difficult to work with gov - make front door more visible
- Congress needs to create more oversight for all the agencies
- K-12 doesn't have enough coding or opportunities
- Less investigation and more destruction and disruption on operation of "adversaries"
- People
- We're all apart of national security
- We need to keep hiring
- Problem won't go away
- Industry is durable
- Russia invading Ukraine → China will invade Taiwan (he believes very strongly it will happen)
A Black-Box Security Evaluation of the SpaceX Starlink User Terminal - Rating 9/10
- Detailed overview of the hardware
- Enormous 60cm chip board
- Hard wired logic processor
- Extracted eMMC data
- Overview of how root was achieved using voltage fault injection
- Very slow process as only once per 12s boot
- Overview of how the boot loader was cracked and replaced using timed fault
- Overall very good security in starlink
- PoC works in lab but not viable on the roof
- Overview of portable modchip that can be installed on the board
- Spacex updated firmware to fix, researcher found workaround
- Began exploring starlink network
- Comms over ipv6
- Live demo! It worked!!
The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change - Rating 9/10
Panel discussion, Jeff Moss, CISA, VP security engineering from Google
- Talking about solar winds and log4j
- DHS committee interviewed 80+ companies about impacts of log4j for case study
- Mix of private sector, open source, governments including China
- Many lessons learned
- Complexity of solutions, some couldn't wait for a patch and fixed themselves
- Alibaba discovered and responsibly disclosed to Apache
- Response was the largest and most coordinated to fix impacted software
- Patching fatigue
- Those following GitHub Apache figured it out before the fix was released by tracking what was being pulled and release candidates being posted
- Want to reshape ecosystem so this isn't a problem
- Not easy with open source
- SBoms, software bill of materials, to disclose what open source is used
- Missing version info, not standard
- Importance of asset management
- Fed government could require sboms to help drive this change as they are a massive buyer of technology
- Lack of resources for open source to create secure code
- Incentive program with score cards, quality secure releases increases score which makes decisions easier when deciding which open source code is used
- Log4j is an endemic vulnerability which we can expect to be around for a decade
- Some parallels to heartbleed from 2014, still very prevalent today
- No evidence of log4j being used before disclosure
- China imposed retaliatory punishment to Alibaba because they didn't disclose to them before Apache (Unconfirmed)
- Twitter remains the ecosystem for where early indicators are shared
- CISA created a GitHub repo of all software impacted by log4j to help other cisos identify their risk
- Software community needs to embrace security by default
GPT-3 and Me: How Supercomputer-scale Neural Network Models Apply to Defensive Cybersecurity Problems - Rating 10/10
- How large scale models using self supervised learning are relevant to cybersecurity problems
- In the past 4 years models have drastically grown in size of parameters
- showing the improvement from 350m parameters to 20b
WOW!
- Using GPT-3 to describe complex command lines in human understandable language
- Can train GPT-3 using a tiny amount of data
Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone - Rating 8/10
- 2fa using SMS is broken!
- Primarily attacks targeting crypto exchanges
- Increase in smishing, 7x 2021 vs 2022
- SMS more trusted by older people more them email
- Eternal source of leaked phone numbers
- They got the blackhat 2022 attendee list for less than $10
- Over 1b numbers collected and triaged to emails
- Live demo of elastic search
- With 4.8b email/password and 524m phone numbers so 1 in 10 have all 3
- Crypto.com example, opensea.com NFT attack
- Review of 4 most prevalent SMS 2fa bypass techniques
- History of SMS, never built with security in mind, can be sent to impersonate any brand
- Demo of API based SMS using binance
- SMS blended in with legit binance messages
- Demo of SMS Phish asking for 2fa in alignment with legit account login so if the user replies they get the 2fa to log in
- For scale, Chinese vendors sell hardware that allows very large scale SMS sending capabilities
These were all the in-person briefings that we attended, but there were plenty more presented and available virtually here https://www.blackhat.com/us-22/briefings/schedule/
After all those in booth presentations and in person briefings, I was extremely tired and my peers caught me napping while waiting for some real food at the end of the day.
Thanks for everyone that scrolled this far down - I hope you enjoyed our not so brief rundown of Black Hat 2022!
I have a fun little game below for a small prize
