Fresh eyes at Black Hat

This year will be my very first time attending Black Hat Conference, so I was excited to receive the final schedule of the presentations (briefings).  The show offers several briefings in each time slot, up to six or eight! I was disappointed to find some conflicts, but fewer than I’d expected with so much overlapping.

Insiders

General Keith B. Alexander’s keynote speech could be very interesting, especially in light of the Snowden situation.  I will be interested to sense the tone of the attendees attitude during this briefing.  That might be more interesting than the contents of his speech.

In light of the Snowden and Manning situations, I must see Patrick Reidy’s presentation titled “Combating the Insider Threat at the FBI: Real World Lessons Learned“.  Insiders present a threat easily as substantial as outsiders, in quality if not quantity.

Advanced Persistent Threats (APTs) present similar difficulties to insiders.  Yarochkin, Kan, chiu, and Wu use their briefing “Hunting the Shadows: In Depth Analysis of APT Attacks” to dig deeper into the methods of APTs and the methods of discovering, countering, and investigating them.
SSL and TLS

With the importance of SSL and TLS in providing privacy on the Internet today, Florent Daigniere’s “TLS ‘Secrets’” presentation appeared to be a “must see”.  Implementation problems in the stacks present one sort of difficulty, but this presentation promises to discuss design level problems as well.

Following up, Ben Smyth and Alfredo Pironit present “Truncating TLS Connections to Violate Beliefs in Web Applications.” This offering describes web application implementation problems that can undermine the goals of TLS and SSL.

Threatening the entire underpinnings of current practical cryptography, Stamos, Ritter, Ptacec, and Samuel present “The Factoring Dead: Preparing for the Cryptocapalypse.”  This briefing takes a look at practical attacks on the cryptography underlying protocols like SSL and TLS.

Practitioners

Luca Allodi and Fabio Massacci offer the provocatively titled “How CVSS is DoSsing Your Patching Policy.” The CVSS score of a vulnerability guides a lot of the industry processing of new discoveries and disclosures.  There’s an old saying in process management:  make sure you measure the right thing, because you will end up optimizing for what you measure.  The CVSS score guides the level of investment in a vulnerability by the security industry.  If it is not properly aligned, we practitioners will end up focusing on the wrong threats.
Wrapup

As a newbie, I’m very excited to be attending Black Hat.  I’ve covered here only some of the briefings I’ll attend to limit your boredom.  It will be a busy couple of days, but at least I don’t have to “work the booth”.  It will be busier when I get home and ingest all of the other briefings that I couldn’t attend.  I hope to see you there!