_Anton_Gvozdikov_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "7 Sessions Worth Attending at Black Hat USA 2024")
Attendees of Black Hat USA 2024 can look forward to a wealth of valuable insights on cybersecurity, with a strong emphasis on vulnerability remediation. Despite the buzz surrounding artificial intelligence, organizations of all sizes are focusing on making security more efficient by addressing vulnerabilities. The conference will feature a range of sessions dedicated to various approaches, case studies, and discussions on this crucial topic.
One session that stands out is led by speakers Yakir Kadkoda, Michael Katchinskiy, and Ofek Itach, scheduled for Wednesday, Aug. 7, from 10:20 a.m. to 11 a.m. The session will delve into the discovery and mitigation of six critical vulnerabilities in Amazon Web Services (AWS) that can potentially lead to severe breaches. The speakers will introduce a new open-source tool for researching service internal API calls, offering essential insights into understanding and mitigating complex cloud vulnerabilities.
Another noteworthy session, taking place on the same day from 1:30 p.m. to 2:10 p.m., features speaker Bill Demirkapi. This session will shed light on how Microsoft harnesses large language models (LLMs) to streamline security response workflows. Attendees will learn about the practical applications of LLMs for enhancing vulnerability management with AI, including deriving vulnerability information, predicting report severity, and generating root causes from crash dumps.
Joining the session with speakers Adnan Khan and John Stawinski will provide attendees with a technical deep dive into the security risks associated with self-hosted CI/CD runners. This insightful discussion will address critical vulnerabilities discovered in platforms like GitHub and offer strategies for defending against pipeline poisoning and privilege escalation attacks, essential for securing the software development life cycle.
Speaker Liv Matan will lead a session exploring how a single faulty command in Google Cloud Platform (GCP) resulted in a critical remote code execution (RCE) vulnerability affecting millions of servers. Attendees will gain insights into cloud service complexity and tools for uncovering hidden APIs used by cloud providers, invaluable for security leaders managing cloud security in their organizations.
Furthermore, speakers Eyal Paz and Liad Cohen will present a session on Thursday, Aug. 8, from 2:30 p.m. to 3 p.m., focusing on the risk of transitive dependencies in software projects. Attendees will learn practical strategies for mitigating these risks and prioritizing vulnerabilities in their threat model, crucial for secure software development.
Another session on the same day, led by speakers Qi Wang, Jianjun Chen, Run Guo, Chao Zhang, and Haixin Duan, will discuss protocol-level evasion vulnerabilities in web application firewalls (WAFs) and introduce WAF Manis, a testing framework that uncovers evasion cases. This session will provide valuable insights for enhancing web application defenses against sophisticated attacks.
Lastly, speakers Ryan Kane and Rushank Shetty will explore the security of immutable backups in a session on Thursday, Aug. 8, from 3:20 p.m. to 4 p.m. Attendees will learn about the risks associated with attackers targeting backup infrastructure and the importance of testing immutable backups for data resilience against ransomware attacks.
These sessions, among others focused on vulnerability remediation, underscore the importance of proactively addressing security challenges in today’s dynamic threat landscape. Building a culture of proactive security and maintaining a robust vulnerability remediation process are crucial steps towards enhancing an organization’s security posture. Black Hat USA 2024 offers a platform for cybersecurity professionals to stay informed, exchange insights, and strengthen their security practices.