Black Hat USA 2019: Key Highlights & Briefings

BlackHat USA 2019

Ever since it was introduced in 1997 by Jeff Moss, Black Hat has emerged to become one of the most promising information security events across the world. Apart from informative discussions and briefings, the Black Hat event also comes up as a promising opportunity for the networking and security vendors to unveil their ground-breaking products and services in front of an audience, which consists of thousands of security professionals, C-Suite executives, and small-business owners.

Black Hat USA 2019 was attended by approximately 20,200 of the most security-savvy professionals ranging from academic experts, researchers and world-leading information security leaders from public and private sector organizations.

The 22nd season of the Black Hat conference held from 3rd to 8th August saw numerous industry leaders come together and discuss the emerging cybersecurity threats ranging from new attack methodologies to critical vulnerabilities across the information security domain.

The event featured numerous insightful and informative sessions led by security professionals who carry out the best research related to the industry.

At the Black Hat USA 2019 event, a review board comprising of 24 of the world’s best data security experts as its members evaluated a record-breaking number of submissions and made way for one of the most successful security-related programs in the history. Held at the Mandalay Bay Convention Centre in Las Vegas, Nevada, this year’s event witnessed around 500 speakers and trainers from different training backgrounds and numerous other research-based briefings.

Black Hat USA 2019 - Major Highlights

Appknox experts attended the ‘Behind the scenes of iOS and Mac Security’ briefing where the head of Apple Security Engineering and Architecture, Ivan Krstić, talked about the continuous efforts Apple is putting forward in order to make UEFI more secured during boot time. Ivan also discussed the research advancements which Apple security professionals are introducing to its security architectures.

During another briefing on Attacking iPhone XS Max, Tielei Wang and Hao Xu (Co-founders of Pangu from the Jailbreak Team) discussed the strategic implementation of Pointer Authentication Code (PAC) in Apple’s A12 SoC. These experts introduced a bug in the XNU that still affects the latest release of the iOS. They also elaborated ways to exploit it to bypass the PAC and later talked about the possible bug fixes.

Must Read: Here’s How Jailbreak Really Works

Apple also organized a major public discussion on iOS and Mac security topics which also included several new technologies to be introduced in the iOS 13 and the macOS. Apple made another interesting move by expanding its bug bounty program for both iOS and macOS and now researchers from all over the world can access and take part in it. The bug bounty prize was also increased from $500,000 to $1 million to make matters even more enticing. Apple also plans to give away iPhones to security enthusiasts and ethical hackers so that they could track vulnerabilities and report to the Apple authorities.

Moving on the lines of Apple, tech giant Microsoft also added prize money of $300,000 to its Azure bug bounty initiative and made it open to researchers so that they could expose any vulnerabilities in one of the most prominent cloud computing platforms. Some researchers also exposed a path-traversal vulnerability in the Remote Desktop Protocol (RDP) of Microsoft Azure, which could expose its users to attacks. Later, Microsoft also accepted the same and mentioned that clipboard redirection could be abused by hackers and they could manipulate the data of users.

Security experts from Eclypsium exposed a manufacturing vulnerability in Windows caused due to a major design flaw in drivers sold by trusted Microsoft vendors which could also affect the Windows kernel. Many significant vendors like BlackBerry, LogicHub, and Gurucul also released their newest products and services related to data security during the event.

Other Highlights:

CISO Summit: Approximately 200 CISOs from the top public and private sector organizations gathered at an exclusive program at the Black Hat 2019 which aimed to provide useful data security insights and discuss the latest cybersecurity trends with the information security executives.

Arsenal: Now in its tenth year, Arsenal still had the same spark as it welcomed researchers and enthusiasts from the open-source community to come up and demonstrate the open-source tools they had developed over the past year. More than 90 tools were showcased during the event.

Dai Zovi’s 20th Black Hat Conference: Keynote speaker and head of security engineering at Square’s Cash App, Dai Zovi presented ‘Every Security Team is a Software Team Now’ where he discussed regarding his experience in the cybersecurity domain in front of more than 5,500 attendees at the Mandalay Bay Events Centre.

EFF Support and Scholarships: Black Hat donated $50,000 to the Electronic Frontier Foundation Support for the sixth year in a row and demonstrated its support to the cause of safeguarding civil liberties of professionals within the InfoSec domain. More than 300 Academic Briefings Scholarships were also awarded to students from around the world. With EWF, Black Hat also offered the Female Leaders Scholarship to promote equal learning opportunities and minimize the gender gap in the industry.

Final Thoughts

Black Hat Briefings and Training have established themselves as one of the most prominent and influential security events over the past 2 decades. Not only do they provide the audience with the newest insights on information security research, trends, and development, but also bring the best minds of the industry under one roof and make ways for several important collaborations.

The event encourages leaders, professionals, and researchers from different industry domains to gain as much as they can from the knowledge and expertise of each other. After the success of Black Hat USA 2019, the event is ready for its new chapter and from December 2nd to 5th, 2019, Black Hat is set to take place in London.

Microsoft Apple iOS iPhone Jailbreak Bug bounty Cybersecurity Vulnerabilities Black Hat USA 2019

Published on Aug 26, 2019
Harshit Agarwal
Written by Harshit Agarwal
Harshit Agarwal is the co-founder and CEO of Appknox, a mobile security suite that helps enterprises automate mobile security. Over the last decade, Harshit has worked with 500+ businesses ranging from top financial institutions to Fortune 100 companies, helping them enhance their security measures.
Beyond the tech world, Harshit loves adventure. When he's not busy making sure the digital realm is safe, he's out trekking and exploring new destinations.
Author Website

Similar Blogs

How Secure is your Password in the Midst of 300 Billion
Mar 21, 2019

How Secure is your Password in the Midst of 300 Billion

Passwords may look like they’re fading into the past, soon to be replaced by new technology. But on the contrary, ...

View Blog
What is the Vulnerability Testing Process?
Dec 4, 2019

What is the Vulnerability Testing Process that Companies Should Follow

As the threat landscape expands, businesses are becoming the primary targets and are constantly on the radar of ...

View Blog
DEF CON 27
Aug 29, 2019

DEF CON 27: A Quick Recap from the “Mecca of Hackers”

At the 27th annual edition of DEF CON, the oldest running hacker convention in the world, thousands of cybersecurity ...

View Blog

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now

Appknox is the worlds most powerful plug and play security platform which helps Developers, Security Researchers and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart smartest hackers.

Subscribe to our newsletter
Get Started
Product
Vulnerability Assessment Tools
Penetration Testing Tools
Resources
Compare
We are loved! Our reviews say it all!

Copyright © 2024 Appknox, Xysec Labs