Ever since it was introduced in 1997 by Jeff Moss, Black Hat has emerged to become one of the most promising information security events across the world. Apart from informative discussions and briefings, the Black Hat event also comes up as a promising opportunity for the networking and security vendors to unveil their ground-breaking products and services in front of an audience, which consists of thousands of security professionals, C-Suite executives, and small-business owners.
Black Hat USA 2019 was attended by approximately 20,200 of the most security-savvy professionals ranging from academic experts, researchers and world-leading information security leaders from public and private sector organizations.
The 22nd season of the Black Hat conference held from 3rd to 8th August saw numerous industry leaders come together and discuss the emerging cybersecurity threats ranging from new attack methodologies to critical vulnerabilities across the information security domain.
The event featured numerous insightful and informative sessions led by security professionals who carry out the best research related to the industry.
At the Black Hat USA 2019 event, a review board comprising of 24 of the world’s best data security experts as its members evaluated a record-breaking number of submissions and made way for one of the most successful security-related programs in the history. Held at the Mandalay Bay Convention Centre in Las Vegas, Nevada, this year’s event witnessed around 500 speakers and trainers from different training backgrounds and numerous other research-based briefings.
Black Hat USA 2019 - Major Highlights
Appknox experts attended the ‘Behind the scenes of iOS and Mac Security’ briefing where the head of Apple Security Engineering and Architecture, Ivan Krstić, talked about the continuous efforts Apple is putting forward in order to make UEFI more secured during boot time. Ivan also discussed the research advancements which Apple security professionals are introducing to its security architectures.
During another briefing on Attacking iPhone XS Max, Tielei Wang and Hao Xu (Co-founders of Pangu from the Jailbreak Team) discussed the strategic implementation of Pointer Authentication Code (PAC) in Apple’s A12 SoC. These experts introduced a bug in the XNU that still affects the latest release of the iOS. They also elaborated ways to exploit it to bypass the PAC and later talked about the possible bug fixes.
Must Read: Here’s How Jailbreak Really Works
Apple also organized a major public discussion on iOS and Mac security topics which also included several new technologies to be introduced in the iOS 13 and the macOS. Apple made another interesting move by expanding its bug bounty program for both iOS and macOS and now researchers from all over the world can access and take part in it. The bug bounty prize was also increased from $500,000 to $1 million to make matters even more enticing. Apple also plans to give away iPhones to security enthusiasts and ethical hackers so that they could track vulnerabilities and report to the Apple authorities.
Moving on the lines of Apple, tech giant Microsoft also added prize money of $300,000 to its Azure bug bounty initiative and made it open to researchers so that they could expose any vulnerabilities in one of the most prominent cloud computing platforms. Some researchers also exposed a path-traversal vulnerability in the Remote Desktop Protocol (RDP) of Microsoft Azure, which could expose its users to attacks. Later, Microsoft also accepted the same and mentioned that clipboard redirection could be abused by hackers and they could manipulate the data of users.
Security experts from Eclypsium exposed a manufacturing vulnerability in Windows caused due to a major design flaw in drivers sold by trusted Microsoft vendors which could also affect the Windows kernel. Many significant vendors like BlackBerry, LogicHub, and Gurucul also released their newest products and services related to data security during the event.
CISO Summit: Approximately 200 CISOs from the top public and private sector organizations gathered at an exclusive program at the Black Hat 2019 which aimed to provide useful data security insights and discuss the latest cybersecurity trends with the information security executives.
Arsenal: Now in its tenth year, Arsenal still had the same spark as it welcomed researchers and enthusiasts from the open-source community to come up and demonstrate the open-source tools they had developed over the past year. More than 90 tools were showcased during the event.
Dai Zovi’s 20th Black Hat Conference: Keynote speaker and head of security engineering at Square’s Cash App, Dai Zovi presented ‘Every Security Team is a Software Team Now’ where he discussed regarding his experience in the cybersecurity domain in front of more than 5,500 attendees at the Mandalay Bay Events Centre.
EFF Support and Scholarships: Black Hat donated $50,000 to the Electronic Frontier Foundation Support for the sixth year in a row and demonstrated its support to the cause of safeguarding civil liberties of professionals within the InfoSec domain. More than 300 Academic Briefings Scholarships were also awarded to students from around the world. With EWF, Black Hat also offered the Female Leaders Scholarship to promote equal learning opportunities and minimize the gender gap in the industry.
Black Hat Briefings and Training have established themselves as one of the most prominent and influential security events over the past 2 decades. Not only do they provide the audience with the newest insights on information security research, trends, and development, but also bring the best minds of the industry under one roof and make ways for several important collaborations.
The event encourages leaders, professionals, and researchers from different industry domains to gain as much as they can from the knowledge and expertise of each other. After the success of Black Hat USA 2019, the event is ready for its new chapter and from December 2nd to 5th, 2019, Black Hat is set to take place in London.