LEARN

Black Hat & Def Con: 2022 Review & 2023 Preview

The 25th edition of the Black Hat USA conference, and the 30th edition of Def Con, are in the books. This double-header conference, often referred to as “hacker summer camp”, was better than ever with the first return since the beginning of the COVID pandemic.

Black Hat USA 2022 was held from August 6-11 2022 at the Mandalay Bay and virtually. Def Con 2022 was held from August 10-13 at Caesars Forum along with other Las Vegas locations.

This blog post will look back at some of the biggest stories, news, announcements, and talks from these two events along with a preview of what to expect for 2023.


For a recap, recorded live by Splunkers Mick and Ryan, be sure to watch this episode of Coffee Talk with SURGe

For more information on conferences to attend, be sure to check out our series of posts covering:

Without further ado, here are some of the more notable topics and events from the conferences.

Chris Krebs: Black Hat Keynote

Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), was the keynote speaker at Black Hat on Wednesday morning.  Krebs was famously fired by Donald Trump, via Twitter no less, in November 2020 for claiming that the 2020 election was without fraud and was “the most secure [election] in American history”.  Krebs was optimistic about the US approach to information security, but cautioned against the US cyber-defense focus on nation states while neglecting some more mundane and widespread issues like ransomware.

Krebs ended his talk with 5 points of advice for security and tech professionals to live by:

1.      Define your principles. You have to know what’s important to you and live by that.

2.      Find your people, find your support networks.

3.      Life is too short to work for assholes, so don’t.

4.      Life is too short to eat bad food. In other words, find something you enjoy that gives you meaning outside of your day job, something that makes you feel rewarded.

5.      Do not read the comments. It’s not good for your mental health.

Ukraine War & Security Issues

There were several presentations at Black Hat covering the Russian invasion and ongoing war in Ukraine. Victor Zhora, head of Ukraine’s defensive cybersecurity agency, along with researchers from ESET (a leading security company in neighboring Slovakia) spoke about the state of cybersecurity in Ukraine particularly in light of the conflict. Zhora discussed the discovery of the “Industroyer2” malware which has the capacity to manipulate equipment in electrical utilities,  and noted that his country had experienced a tripling of cybersecurity incidents compared with the prior year.

Log4J a Continued Concern

While it might seem like a distant memory, the Log4Jvunerability remains a top concern for security teams according to firms like CyCognito.  Robert Silvers, from the US Department of Homeland Security, made it clear that “Log4J is not over…It is most likely that organizations are going to deal with Log4j issues for at least a decade and maybe longer.”

A Flash Flooding Event in Las Vegas

On the night of Thursday August 11th, just two weeks after a rare torrential rainfall in the region, Las Vegas experienced a historic flash flood event. With more than half an inch of rainfall (per the National Weather Service), casinos had water pouring in with reports of some blackjack tables catching a shower.

In this video, a parking garage has been transformed into a raging river for the evening!

 

Black Hat and Def Con2023

At this point, details are limited on 2023 events but be sure to check back soon for more information.

Black Hat Asia 2023

  • Date: May 9-11
  • Location: Marina Bay Sands, Singapore + Virtual

Black Hat USA 2023

Def Con 31 (2023)

  • Date: August 10-13
  • Location: Las Vegas

What is Splunk?

This posting is my own and does not necessarily represent Splunk's position, strategies, or opinion.

Stephen Watts
Posted by

Stephen Watts

Stephen Watts works in growth marketing at Splunk. Stephen holds a degree in Philosophy from Auburn University and is an MSIS candidate at UC Denver. He contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.