Every August, 1000s of people from all over the world consciously decide to brave the balmy 40C/100F+ desert to learn, share, and socialize at the trifecta of Hacker conferences. Whereas Black Hat and DEF CON attendees have been making the sojourn for decades, 2024 marks the 13th year since BSides Las Vegas was added to the mix, lovingly referred to as the “Hacker Summer Camp”.
With such a overwhelming buffet of content, we thought it might help to share the talks that the ThinkstScapes team is most keen to watch and review for the Q3 issue. We’ve sorted them by conference, and marked the few that are making a cross-con appearance.
Black Hat USA
- Listen to the Whispers: Web Timing Attacks that Actually Work by James Kettle (also at DEF CON) – James is a frequently featured speaker in ThinkstScapes, and we at Thinkst love timing attacks. Presenting how to make a fickle timing attack that sort of works in a lab into a real-world capability should be educational–and entertaining.
- Breaching AWS Accounts Through Shadow Resources by Yakir Kadkoda, Michael Katchinskiy, and Ofek Itach – The complexity of cloud infrastructure is really coming into the limelight of late. Providers have matured from simply offering elastic storage and compute to complex cloud services relying (internally) on other services. There is more places for composition of these systems and components to go awry, this talk promises to dish the deets on those exact occurrences.
- Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control Protocols by Xin’an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth Krishnamurthy, and Keyu Man – Wi-Fi extenders were always janky and never worked as well as hoped, meshes were the solution for those who needed more coverage than a single access point. These meshes evolved out of a few vendors’ existing product line without as much scrutiny as core Wi-Fi standards–until now. This talk promises to expose how the control plane back haul works, and issues discovered.
- Project Zero: Ten Years of ‘Make 0-Day Hard’ by Natalie Silvanovich – P0 has certainly had an impact that reverberates across the entire software ecosystem. It will be interesting to see how a decade of pwnage has changed the internet, from driving towards faster patching to driving up the difficulty of finding 0-days. It’ll also be interesting to see what the future holds for this important organization.
- Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls by Gareth Heyes (also at DEF CON) – Another frequent flyer on ThinkstScapes Air, Gareth’s talk looking at how complex email parsing is and how that leads to security issues should prove interesting. While the vast majority of emails follow the common format, edge cases can result in parser differentials–this talk promises examples of signing up for private pages, maliciously rerouting emails, and other nifty tricks.
- Secure Shells in Shambles by HD Moore and Rob King (also at DEF CON) – It’s always worth listening to HD, this time should be no different. This talk with Rob King explores the SSH protocol, in use all over the place, some vulnerabilities in the protocol and places to look deeper. The combination of a massively-deployed service and deeply-technical speakers should put this one on your agenda for sure.
- SnailLoad: Anyone on the Internet Can Learn What You’re Doing by Daniel Gruss and Stefan Gast – We’ve seen a major trend over the last few years on how ML can boost side-channel sensitivity, especially to violate privacy expectations. From the 2017 paper Website Detection Using Remote Traffic Analysis by Gong et al, to the work on determining videos being played over LTE networks in Watching the Watchers: Practical Video Identification Attack in LTE Networks by Kim et al, there has been a lot of interesting work in this vein. Daniel Gruss came to fame with his mirco-architectural side-channel work, it will be interesting to see how he applies that knowledge to web-scale attacks.
- Isolation or Hallucination? Hacking AI Infrastructure Providers for Fun and Weights by Hillai Ben-Sasson and Sagi Tzadik – Generative AI is being stuck in all sorts of interesting places, considering how unreliable LLMs can be. This talk promises to show attacks that hit the seams between LLM attacks and more conventional exploitation–soon this will be a must-have skill for red teams.
- Gotta Cache Em All: Bending the Rules of Web Cache Exploitation by Martin Doyhenard – CPU cache attacks have stolen the limelight for the last few years, but this talk on how web caches and CDNs offer ripe attack surface could change that. Attacks against common and defaultly-configured web servers and CDNs should offer a view into how scaling on the web isn’t as easy as it’s claimed to be.
- Crashing the Party: Vulnerabilities in RPKI Validation by Niklas Vogel, Donika Mirdita, Haya Schulmann, and Michael Waidner – BGP has been a known weakness for decades, allowing rogue ISPs from hijacking traffic flowing across the pipes. RPKI is a layer on top of BGP to add cryptographic verification on route announcements to try and minimize the threats of traffic hijacking, but this talk is going to show how it’s not all sunshine and puppies–that the RPKI infrastructure (and the BGP routes it protects) is vulnerable.
DEF CON
- Abusing Windows Hello Without a Severed Hand by Ceri Coburn and Dirk-jan Mollema – OS platforms have made biometric data more seamless for end-users, though this talk aims to shed light on some of the risks of the Windows Hello authentication framework. This talk will show how credentials that are supposed to be protected by biometrics can be extracted without stealing someone’s fingers, eyes, or face.
- Leveraging private APNs for mobile network traffic analysis by Aapo Oksman – We’ve featured Aapo’s work previously, and are excited to see this work on how creating a private cell modem APN can allow for broad network monitoring and even tampering. A cellular equivalent of a mirror port for IoT and mobile devices sounds useful to us, and it’ll be worthwhile seeing what Aapo has to say.
- OH-MY-DC: Abusing OIDC all the way to your cloud by Aviad Hahami – OIDC has become one of the most-used authentication protocol that few people have heard of, let alone dove deeply into. Hopefully this talk will shed some light on the complex federated identity and authentication schemes that power most enterprise authentication and help us avoid any common traps.
- Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth’s Surface by Vincent Lenders, Johannes Willbold, and Robin Bisping – The Viasat hack in the early days of the Ukraine invasion by Russia captured the communities (and world’s) attention as a pivot from terrestrial IP to critical space-based networks. This talk may up the ante on that attack by showing how vulnerabilities in space can be exploited from the ground.
BSidesLV
- What Do We Learn When We Scan the Internet every hour? by Ariana Mirian – Internet-wide scanning has been around for a while now, in the aftermath of Heartbleed, there were monthly scans tracking patching. It should prove interesting to see how the scan period has dropped to hourly (and what type of system is needed to do that), as well as the patterns that emerge. This talk should lay out a “map” of the internet and break it into neighborhoods of mostly-static and oft-changing.
If you’ll be at Black Hat, stop by and visit us at booth 874, we’ll be glad to chat and give out swag and print copies of our latest ThinkstScapes!
