What happens in Vegas, comes in a series of blogposts

If you’ve ever been to Vegas, you’ll surely know The Strip. Haven’t been, but are dying to visit the city of sin? Than we can definitely recommend going to The Strip. It has a lot to offer: amazing shops, incredible games, good food, amazing people, beautiful surrounding nature… It’s a really quiet and peaceful place for people who completely want to relax (read: definitely NOT).

Vegas is one big rollercoaster casino lightshow – literally we had a rollercoaster in our hotel. All this glitz and glam was nice, but of course not the reason we were there. We had the great opportunity to experience BlackHat 2024 and Defcon32 and will share our cybersecurity experiences with you.

You can follow our Las Vegas journey in five different articles, because as you can imagine, four days of talks, briefings, demo’s, keynotes and conversations would be A LOT to capture in one article.

AI

What better way to start than with AI. Or in this case, Microsoft Copilot. While we got to know a lot of cool topics, we believe that AI will have the most impact. After all, almost every company is playing around with these types of tools. The quote that  Michael Bargury used to end his presentation says it all: “Treat AI apps like experimental drugs”. Don’t do drugs, but do try AI!

The risk of exposing data to the wrong audience has never been this high – perhaps only rivaled by the risks of unsecured cloud buckets. Next to data exposure, Copilot introduces a completely new attack vector. As we have witnessed, it can even enable remote code execution.

Endpoint Security

Endpoint security remains a hot topic of research and attacked frequently. At nearly every cybersecurity event we’ve attended in the past years, including now at BlackHat and Defcon, new attack techniques targeting endpoint systems — primarily Windows — are always being showcased.

The first talk we attended set the tone for the conference: a downgrade attack using Windows Update to vulnerable software versions. It was straightforward, clever, and effective.

Most of the other talks continue to build on existing research into the inner workings of Microsoft Windows, focusing on techniques to evade EDR solutions, such as API unhooking, Hell’s Gate, Halo’s Gate, and HookChain.

It was interesting to see the community collaborate with major EDR vendors to ensure their findings are patched and detectable. While not all vendors responded well, those truly committed to cybersecurity did, and they deserve a big thumbs up for their efforts.

OT Security

OT security is often called the “next big thing,” and while we hear this claim every year, it’s steadily becoming a reality. We attended various talks not only about the importance and methods of securing OT environments, but also about the transformation brought by Industry 4.0, which will connect millions of devices to the internet for the first time. As global power demand skyrockets — thanks in part to AI systems like ChatGPT — the need for an interconnected grid is no longer optional. Our critical infrastructure will inevitably face cyber threats, making OT security more crucial than ever.

Cloud Provider Attack Paths

No good hacking conference is complete without sessions on cloud provider attack paths. Surprisingly, there wasn’t much focus on Microsoft’s Midnight Blizzard incident from earlier this year. However, Microsoft still received plenty of attention, with impressive research presented on privilege escalation in Entra ID, particularly through Microsoft applications.

AWS was also in the spotlight. When you open your talk by saying “Traditional methods to gain access to AWS environments are real, but remarkably boring,” you immediately know that something exciting is coming. We saw different techniques for gaining initial access to AWS by exploiting some AWS services, which turned out to be a clever find.

Secure Web Gateways 

SASE is a growing architecture, and with its rise, attacks have inevitably followed. The security research team at SquareX presented their findings on ‘Last Mile Reassembly Attacks,’ which revealed how attackers could completely evade Secure Web Gateways (SWGs). This research has significantly impacted both SWG vendors and the enterprises that rely on them for employee security.

What else?

If we’re being honest, not all talks were on the same level. We selected talks based on the title, brief description, and speaker’s background, … but occasionally, we entered a session without knowing what to expect and sometimes, we were pleasantly surprised.

Three talks stood out by approaching security in a unique way. We’ll highlight two of them, as they surprised us in a good way.

How immutable are immutable backups? That question caught our attention, because in theory hackers can’t compromise backed up data. However, we saw researchers demonstrate a way to prevent sysadmins from restoring that data. They really thought outside the box to achieve this.

The second talk focused on using big data to find vulnerable environments. Instead of doing a pentest on a specific target, the speaker flipped the approach. Collecting

massive amounts of data, including forgotten DNS entries, and uncovering vulnerabilities. The results were mind blowing…

What’s to come

In our upcoming blog series, we’ll be sharing deeper insights on the topics we’ve briefly touched on here. Rather than simply discussing — since there’s already plenty of information online — we want to explore how they impact the world we live in today. We’ll look at what this means for our partners and their customers: should they be concerned, how should they prepare, and what steps can be taken?