By Stephen Watts October 21, 2022
The 25th edition of the Black Hat USA conference, and the 30th edition of Def Con, are in the books. This double-header conference, often referred to as “hacker summer camp”, was better than ever with the first return since the beginning of the COVID pandemic.
Black Hat USA 2022 was held from August 6-11 2022 at the Mandalay Bay and virtually. Def Con 2022 was held from August 10-13 at Caesars Forum along with other Las Vegas locations.
This blog post will look back at some of the biggest stories, news, announcements, and talks from these two events along with a preview of what to expect for 2023.
For a recap, recorded live by Splunkers Mick and Ryan, be sure to watch this episode of Coffee Talk with SURGe
For more information on conferences to attend, be sure to check out our series of posts covering:
- Top Security Conferences & Events for 2023
- Top DevOps Conferences & Events for 2023
- Top Blockchain/Web3 Conferences & Events for 2023
- AWS Reinvent: The Complete Guide
- Google Cloud Next: The Complete Guide
Without further ado, here are some of the more notable topics and events from the conferences.
Chris Krebs: Black Hat Keynote
Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), was the keynote speaker at Black Hat on Wednesday morning. Krebs was famously fired by Donald Trump, via Twitter no less, in November 2020 for claiming that the 2020 election was without fraud and was “the most secure [election] in American history”. Krebs was optimistic about the US approach to information security, but cautioned against the US cyber-defense focus on nation states while neglecting some more mundane and widespread issues like ransomware.
Krebs ended his talk with 5 points of advice for security and tech professionals to live by:
1. Define your principles. You have to know what’s important to you and live by that.
2. Find your people, find your support networks.
3. Life is too short to work for assholes, so don’t.
4. Life is too short to eat bad food. In other words, find something you enjoy that gives you meaning outside of your day job, something that makes you feel rewarded.
5. Do not read the comments. It’s not good for your mental health.
Ukraine War & Security Issues
There were several presentations at Black Hat covering the Russian invasion and ongoing war in Ukraine. Victor Zhora, head of Ukraine’s defensive cybersecurity agency, along with researchers from ESET (a leading security company in neighboring Slovakia) spoke about the state of cybersecurity in Ukraine particularly in light of the conflict. Zhora discussed the discovery of the “Industroyer2” malware which has the capacity to manipulate equipment in electrical utilities, and noted that his country had experienced a tripling of cybersecurity incidents compared with the prior year.
ESET researchers @Robert_Lipovsky and @cherepanov74 along with @VZhora, Deputy Director of Ukraine’s SSSCIP, recently presented ESET and CERT-UA's breakthrough research into #Industroyer2 during the #BHUSA 2022.
— ESET (@ESET) August 25, 2022
Read more about their presentation at https://t.co/FIp1dwNlPO. pic.twitter.com/CKFfSxIzl1
Log4J a Continued Concern
While it might seem like a distant memory, the Log4Jvunerability remains a top concern for security teams according to firms like CyCognito. Robert Silvers, from the US Department of Homeland Security, made it clear that “Log4J is not over…It is most likely that organizations are going to deal with Log4j issues for at least a decade and maybe longer.”
A Flash Flooding Event in Las Vegas
On the night of Thursday August 11th, just two weeks after a rare torrential rainfall in the region, Las Vegas experienced a historic flash flood event. With more than half an inch of rainfall (per the National Weather Service), casinos had water pouring in with reports of some blackjack tables catching a shower.
In this video, a parking garage has been transformed into a raging river for the evening!
New flood footage in Las Vegas! Las Vegas Strip flooded today, August 11, 2022
— Chaudhary Parvez (@ChaudharyParvez) August 12, 2022
#LasVegas #USA pic.twitter.com/BCpz1wjUHf
Black Hat and Def Con2023
At this point, details are limited on 2023 events but be sure to check back soon for more information.
Black Hat Asia 2023
- Date: May 9-11
- Location: Marina Bay Sands, Singapore + Virtual
Black Hat USA 2023
- Date: August 5-11
- Location: Mandalay Bay Convention Center, Las Vegas + Virtual
- Hotel Details: https://informa-tech.formstack.com/forms/black_hat_usa_2023_hotel_information_request_copy
Def Con 31 (2023)
- Date: August 10-13
- Location: Las Vegas
What is Splunk?
This posting is my own and does not necessarily represent Splunk's position, strategies, or opinion.