Blackhat USA - The Virtual Edition

2020 is an odd year, a year that's testing us all in so many ways. From issuing a halt on our lives to working out how to restart all the services and get back to normal, it has forced us to rethink a lot of what we took for granted, attending conferences is one of them.

There are 864000 seconds until Blackhat USA 2020 starts. This normally would mean thousands descending into Las Vegas for Hacker Summer Camp, but COVID-19 had other ideas and as such, the events team had the onerous task of making 180 sessions all ready to be streamed virtually, with editing and sound rooms and green rooms and...The tasks of making 180 sessions all ready to be streamed virtually, with editing and sound rooms and green rooms and oh my hat everything else is just awe-inspiring.

We, the Review Board, spent many months during the lockdown reviewing the many submissions. I've said it countless times in the past but I cannot stress how I enjoy seeing the itches people scratch when it comes to research.

There are too many to list, so here are my personal favourites and why I feel they are important

First up is the keynote from Matt Blaze on a really important subject that we are all rather concerned about, especially now that the UK's Russia Report was released and the US is about to have an election. Matt is one who has immense experience in this and I think this will be one to really get people thinking.

Supply chain attacks aren't going away, in fact, they are increasing. What I liked about Shlomi, Moshe and Ariel's talk was the flaw they discovered in a TCP/IP software library used by millions and undetected for over a decade. This isn't unique at all and I'd hedge a bet and say that there are many more lurking in products that we rely on heavily and have never been assessed.

I'm partial to a good appsec bug and yes we've had a few dry years when it comes to research but Amit has revisited HTTP Request Smuggling and found more ways this could be abused. It will appeal to bug-bounty hunters, pentesters, appsec people and those shifting left.

James Kettle is a name that most in appsec know. The man is a machine when it comes to finding flaws and issues and I've really enjoyed seeing what he gets up to. Yup, here he is causing havoc with web cache mechanisms and how they are easily abused. This will be yet another Kettle masterpiece.

Node all teh things!!

Node.js is used widely, so when Feng & Co decided to look at the framework, they opened up a can of worms with regards to hidden properties and found ways to abuse this functionality. The result is rather shocking, 13 ohdays and 12 CVE's later, this is a talk you need to attend if you use Node.js anywhere. Solid solid research.

SAP. I mean not that widely used huh?

Onapsis is a firm I respect a lot, they know SAP really well and Pablo and Yvan found an amazing flaw in SolMan (AD for SAP) that allows some pretty bad ways to abuse SAP systems. They recently released this research and this talk will delve deeper into the flaw. This is one to watch.

Do you even shift left bro/broette??

So many use this term today and it's all gotten so muddy as to what they actually mean. What I really liked about Camille and Craig's talk is that they talk about what they've managed to do at Salesforce in this regard and having heard about their efforts, this talk will be really interesting for you if you are indeed shifting left.

Blackhat has a wide range of talks, from those you can use tomorrow at work or those you'll be referencing in years to come. And then it has those talks that blow your mind. This is one of them.

Pwning satellites and sniffing comms using cheap hardware from the earth. Yes please, all damn day long!

There is a huge amount of effort and research going into making secure enclaves a thing we can all rely on for storing our secrets in a safe manner. Cheng-Yu, Hung and Che-Yang turned their attention to the Samsung Knox Secure Boot and discovered ways to bypass such controls. It's impressive research and one that can impact many due to the flaws discovered.

I'm a big fan of Google's Project Zero and what they do for all of us, so when Maddie proposed a talk about how they actually do the voodoo that they do, I was smitten and sold. This talk will be a reference talk for anyone wanting to find bugs as they get to see true masters at work.

Etherwho???

Oh cables, the things you old farts used to use right? Says most yungun's today. I mean surely no vulnerabilities exist in such an old tech right?

Well, Ben and Gregory disagree and found some pretty damn mad bugs that just make you smile. I loved everything about this submission and think you will too

My final talk is brilliant. Björn has looked at Apple's Thunderbolt 3 tech and found some fascinating flaws. It's important as the team behind Thunderbolt are some of the best I know when it comes to hardware security, so this research is pretty solid. I'm really looking forward to this.

There are many other talks I found interesting but cannot list them all. If there are some you are keen about and want to know more, ping me and ill do my best to explain the impact or reasoning why the talk is important.

D.