Skip to main content
10 Dec 2024

Attending BlackHat Europe 2024

Infoserv Systems Stand: S45
Attending BlackHat Europe 2024
Ready for the second day of briefings

After work on the 10th of December 2024, I parked my trusty Toyota Prius in the Cheltenham Spa train station and departed from platform one, for my final destination being Custom House via the Elizabeth Line, in London. I was attending the two days of briefing hosted by BlackHat Europe on the 11th and 12th of December.

Why am I talking about this here? Well at this point, I’d been at Infoserv for two and a half months and was still on my probation period. Yet, Infoserv had agreed for me to use my training budget to attend the conference, on the basis that I’d return to share my experience.

This blog post is a transposition of a Powerpoint presentation I rendered and presented to our company in the new year. I hope you enjoy.

What is the BlackHat Conference?

For those who haven’t heard about BlackHat, I’ll give a brief summary.

BlackHat is one of the premier and global cybersecurity conferences. It offers cutting-edge presentations on the latest research into Cyber Security and Information Systems, demonstrations of cutting edge tools and recommendations and strategies presented by leading figures in the industry. It’s a prime opportunity to remain at the forefront of the ever, rapidly-evolving field of Cyber and Information Systems. The event attracts Cybersecurity professionals, Security Researchers, Ethical Hackers, Engineers, and Security leaders from top organisations worldwide, so it’s an ideal environment to network and learn.

Sessions tend to include:

  • (Briefings) Research presentations on new vulnerabilities and exploits, new technological innovations, as well as keynotes given by major Government Organisations and renowned public figures in the field.

  • (Training) Hands-on training in security tools and techniques

  • (Social) Networking with top security professionals and experts and companies

I managed to get a picture of the Founder and CEO of BlackHat and DEF CON, Jeff Moss, during the opening ceremony of the briefings. 

 

The Business Hall

This is where a wide range of security-focused companies congregate with stands for you to check out. The Business Hall is open to all attendees throughout the course of the briefings, so there’s ample opportunity to approach companies in person, learn about their latest offerings and even take part in some engaging competitions while you’re at it.

During lunch on the first day, I was joined at a round table by a core Cyber Security team coming from one of the main Airports in the Netherlands. They were a friendly bunch and we discussed all kinds of things from what they thought of the conference and what talks piqued their interest, to retro games and game consoles. It was a fantastic experience!

Companies at the Conference

Inside the Business Hall, you are welcomed by a plethora of stands that are distributed in a grid-like fashion to promote high human-traffic throughput during the event. The companies that I most enjoyed speaking with are the following.

 

GitHub

I had a good discussion with a Danish GitHub engineer about the company culture, some of the innovations currently taking place with GitHub Copilot and how their office-less approach works for them as a company. Infoserv don’t have an office, nevertheless, we meet up on a regular basis and see each other for socials, so we don’t miss out of a rich company culture. GitHub do something very similar and it’s worked out very well for them as it has for us.

Snyk

Snyk had a fantastic setup. They had a smoothie station which drew me in like a magnet. 🧲

I ended up speaking with a Sales Engineer and one of the lead Senior Software Engineers about their main offering, which is an end-to-end security platform, supporting developers and teams across the industry, to minimise the security vulnerabilities and maximise the code quality of their products and services. They took the time to give me a fully comprehensive demo of their services and I got to ask them lots of questions in the process.

Snyk provide platform integration, continuous scanning and inline suggestions in your IDE on vulnerabilities that are present in your code. This includes transient dependencies that you might pull into your software. They have the world’s largest database for open source vulnerabilities and cloud misconfigurations and are well worth utilising if it suits your project needs.

Reversing Labs

This is an interesting company. They described themselves as a competitor to Snyk when I mentioned I had spoken with them. Reversing Labs harbour a product called Spectra Analyze, which focuses on the static decomposition and analysis of binary files.

The representatives at Reversing Labs were amicable and shared some cool insights about their company and products.

NATO

NATO had a lock-picking competition on the go, so I had some fun picking a couple of padlocks. I also met a guy there who works for the MOD and we had a good laugh during the lock-picking competition, so that was a cool encounter.

The Briefings

The remainder of my time at BlackHat Europe was spent attending 30-45 minute briefings that ranged from the nitty gritty details of side-channel attacks in Intel processors and vulnerabilities in eSIMs to high-level and big-picture discussions around Geo-political changes and challenges across Europe with respect to FAANG (Meta (formerly known as Facebook), Amazon, Apple, Netflix, and Alphabet (formerly known as Google)) who are progressively acquiring more ownership and control over critical networking infrastructure that comprises the world-wide-web. I had a bet with Paul, one of our directors , about how many briefings I’d be able to attend, accounting for travel, and he nailed it with 11 briefings in the end. 😎

Here’s a list of the briefings I attended.

Wednesday

  1. Keynote: Frédérick Douzet

  2. How the Internet Dodged a Bullet: The KeyTrap Denial-of-Service Attacks against DNSSEC

  3. Improving Side-Channel Protections for Intel TDX

  4. LLMbotomy: Shutting the Trojan Backdoors

  5. Vulnerabilities in the eSIM download protocol

  6. When (Remote) Shells Fall Into The Same Hole: Rooting DrayTek Routers Before Attackers Can Do It Again

  7. The Bugs in Your Bootloaders: Embedded Device Secure Boot Fails and How to Fix Them

Thursday

  1. Keynote: Eric Freyssinet Fighting Cybercrime in 2024

  2. My other ClassLoader is your ClassLoader: Creating evil twin instances of a class

  3. The Devil is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces in DNN Executables

  4. Guest Revolution: Chaining 3-bugs to compromise the Windows kernel from the VMware guest

Loading