HACKER SUMMER CAMP 2018 GUIDE — Part Three: Black Hat USA 2018

Image for post
Image for post

Welcome to part three of our guide to Hacker Summer Camp! Today we are going to cover Black Hat USA 2018. If you missed part one or want to skip ahead to other sections use our Table of Contents below:

HACKER SUMMER CAMP 2018 GUIDE — Part One: Surviving Vegas

HACKER SUMMER CAMP 2018 GUIDE — Part Two: BSide Las Vegas 2018

HACKER SUMMER CAMP 2018 GUIDE — Part Four: DEFCON 26

HACKER SUMMER CAMP 2018 Guide — Part Five: SIGS, EVENTS AND PARTIES

Image for post
Image for post

WHAT IS BLACK HAT USA?

Dates: August 4th — August 9th

Location: Mandalay Bay Convention Center (3950 Las Vegas Blvd. South Las Vegas, Nevada 89119)

Code of Conduct: https://www.blackhat.com/code-of-conduct.html

Black Hat USA Andorid App: https://play.google.com/store/apps/details?id=com.coreapps.android.followme.blackhat

Black Hat is the world’s leading producer of information security events. The flagship conference, Black Hat USA, returns to Las Vegas for its 21st year, with a 6-day program. Beginning with 4 days of Trainings (August 4–7) students can choose from 70+ hands-on skill-building courses for both offensive and defensive hackers. Then, at the main conference (August 8–9), attendees will hear from security experts sharing ground breaking research at the Briefings, view demos of open-source tools at Arsenal, meet sponsors displaying a range of products and solutions in the Business Hall, and network with more than 17,000 security professionals.

This is the BIG coprorate convention of the Information Security world. Very suit and tie, bring your resume, talking about numbers and projections type of convention. Get use to hearing the words “cyber”, “mitigation”, “”deployment” “corporate”, “blockchain” and “pipeline” being thrown around like candy on Halloween without eye roll. Attendees will also introduce them selves with their job title and workplace as if they are their last names.

While the flat out prices are expensive, there are many avenues to get in including the Student Program and there are talks and workshops that are exclusive to Black Hat USA that you will not find anywhere else. If you want to network and rub shoulders with the big leagues, this is the convention that will be on your priority list!

SHUTTLE BUS INFORMATION & SCHEDUEL

You can catch the shuttle from LAS starting at noon on Monday, and you can use it to also attend Black Hat USA 2018 and DEFCON 26. BSides Las Vegas’ friendly, complimentary shuttle will be available at LAS airport terminals 1 & 3, Tuscany, Flamingo, and Mandalay Bay through DEFCON 26.

Monday: Start at McCarran International Airport (LAS) at 12:00 and run a continual loop to Tuscany Hotel until 23:59.

Tuesday: Start at LAS at 06:00, drop-off at Tuscany Hotel, continue to Mandalay Bay for pick-up, continue to LAS for pick-up, return to Tuscany. Repeat loop until 01:00 Wednesday morning.

Wednesday: Start at LAS at 06:00, drop-off at Tuscany Hotel, continue to Mandalay Bay for pick-up, continue to LAS for pick-up, return to Tuscany. Repeat loop until 14:00, then cut LAS from the route, and change the run to Mandalay Bay/The Flamingo/Tuscany from 14:00 to 04:00.

Thursday–Sunday: Run a continual, 24-hr loop between The Flamingo and Tuscany, starting at Tuscany at 06:00 on Thursday, ending at Tuscany at 18:00 on Sunday.

The Shuttle stop is at the Tuscany Hotel entrance (NOT the Casino). Wait on far side of Valet, under the carport.

Airport Shuttle Information

Need a ride from the Las Vegas airport to your hotel? Black Hat USA 2018 has partnered with LASxpress to offer one-way airport transfers for as low as $11.00. Book now to receive this special rate!

Image for post
Image for post

CHECK-IN INFORMATION

Black Hat USA will take place at the Mandalay Bay Resort and Casino in Las Vegas.

Check in at the Registration Counters on Level 2 of the Mandalay Bay Convention Center (using the email address you registered with) If you have any questions about your registration, please email their Registration Team at blackhatregistration@ubm.com.

Registration Desk Hours

  • Friday, August 3: 2:00–7:00 PM
  • Saturday, August 4: 07:00 AM — 4:00 PM
  • Sunday, August 5: 08:00 AM — 6:30 PM
  • Monday, August 6: 07:00 AM — 5:00 PM
  • Tuesday, August 7: 08:00 AM — 6:00 PM
  • Wednesday, August 8: 06:30 AM — 7:00 PM
  • Thursday, August 9: 08:30 AM — 5:00 PM

Black Hat USA will also offer a satellite registration desk near the Mandalay Bay Hotel front desk in the Orchid Lounge. You may choose to pick up your badge there, during the days/times listed below.

Satellite Registration Desk Hours
Monday, August 6: 1:00 PM — 5:00 PM
Tuesday, August 7: 8:00 AM — 8:00 PM

Image for post
Image for post

EARLY DEFCON 26 BADGE REGISTRATION

Upon purchase of Black Hat Briefings and/or Trainings passes, each registrant will also have the option to purchase a single (1) advance ticket to DEF CON 2018, at a rate of $280 per ticket, one ticket purchase per person, up until the close of “Late” registration on August 3, 2018 at 11:59 PT.

DEF CON tickets will not be sold on-site at Black Hat USA. After August 3, 2018, DEF CON tickets are only available for purchase at DEF CON during their ticket sales window.

Please note, you must first register and pay for your Black Hat Training/Briefings registration in order to purchase a DEF CON ticket. The option to purchase a DEF CON ticket is not available to individuals who purchase a Black Hat Business Pass only.

DEF CON tickets are non-refundable, once purchased. When you check in to Black Hat, you will receive a DEF CON badge voucher, and after DEF CON staff provide badges to Black Hat, you may then redeem your voucher for a DEF CON badge, generally on the Thursday of the event.

Image for post
Image for post

QUALITY OF LIFE RESOURCES

Day Care

Black Hat is excited to partner with leading childcare provider Kiddie Corp to offer Black Hat attendees access to an on-site children’s program. Full details will be posted shortly.

For more information and to sign up visit www.blackhat.com/us-18/child-care.html

Mothers Room

A private facility for nursing mothers will be available within the Child Care room (South Pacific A) on Wednesday, August 8 and Thursday, August 9.

Prayer Room

Located in Jasmine Registration 2 during Briefings days.

Revive Lounge
Wednesday, August 8 | 10:00 AM — 5:00 PM
Thursday, August 9 | 10:00 AM – 5:00 PM
Take time for self-care between the non-stop content and networking at Black Hat USA. The Revive Lounge provides a quiet and relaxing space with soft music and ambient lighting. Participants are encouraged to un-plug and unwind. We ask you to please refrain from conversations so fellow attendees have a space for meditation.

Yoga
Wednesday, August 8 | 6:00 PM — 7:00 PM
Thursday, August 9 | 1:15 PM – 2:15 PM
Black Hat will offer a unique, 60-minute yoga experience August 8 & 9 on-site at Black Hat USA. Celebrate health and community with group practice led by a trained instructor and musical contributions from Jonathan Brossard. All pass types welcome. First-come, first-served. Yoga mats and towels will be provided.

Briefings Recordings

The Source of Knowledge will be onsite to sell audio and video recordings of the Briefings sessions. Make sure to purchase the media on-site at a substantial discount. For more information visit www.blackhatbriefingsonline.com or contact sales@sok-media.com.

Bookstore

Come by the official bookstore and browse the latest titles in security. Several Black Hat Speakers and Trainers will be signing copies of their authored books. Brought to you by BreakPoint.

Image for post
Image for post

BUSINESS HALL FEATURES & ACTIVITIES

The Business Hall (Oceanside, Shoreline and Mandalay Bay Ballrooms) will feature open-source tool demonstrations at Arsenal, the hottest security startups at Innovation City, recruiting companies and institutions in the Career Zone, a number of networking lounges for relaxing and enjoying refreshments and more. All Black Hat pass types have access to the Business Hall and programs wherein, plus the additional programs on the Features Schedule.

Business Hall Hours
Wednesday, August 8: 10:00 AM — 7:00 PM (Reception 5:30 PM — 7:00 PM)
Thursday, August 9: 10:00 AM — 5:00 PM

Join us for the Business Hall Welcome Reception on Wednesday evening in the Business Hall (Oceanside, Shoreline & Mandalay Bay Ballrooms). Hosted by Diamond Sponsors Cylance, ForcePoint, LogRhythm, McAfee, and Rapid7.

Arsenal (Business Hall, Oceanside Ballroom, Level 2)
Black Hat Arsenal will feature more than 90 open-source tool demos over the course of two days, located in the Business Hall (Oceanside). Independent researchers will showcase their work while answering questions in a dynamic, interactive setting. View the full lineup of Arsenal tools here.

Please join Black Hat USA for the Arsenal Happy Hour on Thursday, August 9 from 3:50–5:00 PM as they thank the Arsenal presenters for their contributions to the open-source community.

Lounges
Kick back and recharge while building your network, conducting informal meetings and enjoying food and beverages in one of the Networking Lounges. Find the schedule here.

Image for post
Image for post

KALI LINUX DOJO

August 9 | 09:00 AM — 4:00 PM | South Seas IJ
Join the Kali Linux team for this special opportunity to strengthen your Kali skills and knowledge in a hands-on environment. Attendees can drop by all day Thursday where they’ll be able to build and customize their own version of Kali. Seating will be based on a first come, first-served, drop-in basis and is open to all pass types.

WHAT TO BRING

Powerful 64bit laptop with updated Kali Rolling installed (or in a Virtual Machine).
At least 50 GB free hard disk space.
Wired networking! Please make sure your laptop has an ethernet connection available or bring a USB ethernet dongle with you.

Image for post
Image for post

THE PWNIE AWARDS

Black Hat USA will once again provide the venue for the Pwnie Awards, InfoSec’s premier award show celebrating the achievements and failures of the security community over the past year.

The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.

The awards are given out once an year. The annual ceremony will take place on August 8th, 2018 in Las Vegas at the BlackHat USA security conference.

Award categories

In 2018, there will be 16 award categories:

  • Pwnie for Best Server-Side Bug
  • Pwnie for Best Client-Side Bug
  • Pwnie for Best Privilege Escalation Bug
  • Pwnie for Best Cryptographic Attack
  • Pwnie for Best Backdoor
  • Pwnie for Best Junk Hack
  • Pwnie for Best Stunt Hack
  • Pwnie for Best Bug Branding
  • Pwnie for Epic Achievement
  • Pwnie for Most Innovative Research
  • Pwnie for Lamest Vendor Response
  • Pwnie for Most Overhyped Bug
  • Pwnie for Best Song
Image for post
Image for post

DEFCON 201 TALK HILIGHTS FOR BLACK HAT USA 2018

This is the section where we have comb through the entire list of talks on both days and list our hilights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention scheduel beforehand and make up your own talk hilight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizzare. (Sometimes, all three!)

Black Hat Day Zero — A Road Map for #BHUSA 2018

Date: Tuesday, August 7, 2018
Time: 4:00 PM — 6:00 PM
Location: Islander CDEHI

Overview

Before diving into a jam-packed two days of research, networking, and hands-on hacking, hear from Black Hat experts on a broad range of topics; from advice on how to build a network, to expert insight into this year’s most anticipated content, Black Hat insiders will share recommendations, past-experiences, and intel.

Join us on Tuesday, August 7 for ‘Day Zero’ — an afternoon designed for attendees seeking a well-rounded synopsis of Black Hat USA and an understanding of the tools and resources available to make the most of the event.

Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools

Joshua Saxe | Chief Data Scientist, Sophos

Location: South Seas ABE

Date: Wednesday, August 8 | 11:15am-12:05pm

Format: 50-Minute Briefings

Tracks:

Enterprise,

Malware

Anyone who keeps up with technology news has read about deep neural networks beating human champions at Go, achieving breakthrough accuracy at voice recognition, and generally driving today’s major advances in artificial intelligence. Little has been said, however, about the ways deep neural network approaches are quietly achieving analogous breakthroughs in intrusion detection. My goal with this presentation is to change this, by demystifying deep neural network (deep learning) concepts, presenting research that shows that we can use deep learning methods to achieve breakthrough cyber-attack detection, and by introducing open source deep learning tools, so that attendees can leave equipped to start their own security deep neural network research.

The presentation will start with an intuitive overview of deep neural networks, introducing the ideas that allow neural networks to learn from data and make accurate decisions about whether, for example, files are good or bad, or a given URL or domain name is malicious. After introducing deep neural networks, I’ll go on to describe a case study: a deep neural network that uses a convolutional neural network approach to detect previously malicious URLs at higher accuracy than any previously reported techniques, which we have evaluated on live, real world data. Finally, I’ll introduce the open source tools available for doing security deep learning research, giving attendees a starting place for incorporating deep neural networks into their own security practice.

Open Sesame: Picking Locks with Cortana

Amichai Shulman | Cyber Security Researcher
Ron Marcovich | Student, Technion, Israel Institute of Technology
Tal Be’ery | Independent Researcher, Independent
Yuval Ron | Student, Technion, Israel Institute of Technology

Location: Islander EI

Date: Wednesday, August 8 | 4:00pm-4:50pm

Format: 50-Minute Briefings

Tracks:

Enterprise,

Network Defense

Many new devices are trying to fit into our life seamlessly. As a result, there’s a quest for a “universal access methods” for all devices. Voice activation seems to be a natural candidate for the task and many implementations for it surfaced in recent years. A few notable examples are Amazon’s Alexa, Google’s Assistant and Microsoft’s Cortana.

The problem starts when these “Universal” access methods, aimed for maximal comfort, meet the very “specific” use-case of the enterprise environment which requires comfort to be balanced with other aspects, such as security. Microsoft Cortana is used on Mobile and IoT devices, but also in the enterprise computers as it comes enabled by default with Windows10 and always ready to respond to users’ commands even when the machine is locked.

Allowing interaction with a locked machine is a dangerous architectural decision, and earlier this year, we exposed the Voice of Esau (VoE) exploit for a Cortana vulnerability. The VoE exploit allowed attackers to take over a locked Windows10 machine by combining voice commands and network fiddling to deliver a malicious payload to the victim machine.

In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges. To make matters even worse, exploiting the vulnerability does not involve ANY external code, nor shady system calls, hence making code focused defenses such as Antivirus, Anti-malware and IPS blind to the attack.

We would conclude by suggesting some defense mechanisms and compensating controls to detect and defend against such attacks.

How can Communities Move Forward After Incidents of Sexual Harassment or Assault?

Makenzie Peterson | Coordinator for Wellness Programs, Hampshire College

Location: Tradewinds EF

Date: Wednesday, August 8 | 5:05pm-5:30pm

Format: 25-Minute Briefings

Track:

Community

ALSO AT: The Diana Initiative — 4:00 PM

When incidents of sexual harassment or sexual assault occur within communities, as we’ve recently seen in InfoSec, how can a community respond in ways that support survivors and also hold problematic members accountable? How does a community move forward together stronger after these incidents? How do I support a friend who has been assaulted or harassed? How do I respond when a friend is accused?

Moving Forward After Incidents of Sexual Harassment
hosted by Makenzie Peterson
Thursday, August 9 | 11:00–12:00
If you attended the 25-minute Briefing (or were unable to) and would like an opportunity to hear more around the topic of how communities can move forward after incidents of sexual assault or harassment, an hour-long discussion will be held at 11:00 on Thursday, August 9 in Coral C (North Hall). During this discussion the speaker will dive more in-depth on how a community can respond in ways that support survivors and also hold problematic members accountable.

Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key

Gianpaolo Russo | Applied Researcher, MITRE Corporation
L Jean Camp | Professor, Indiana University
Sanchari Das | PhD Student, Indiana University Bloomington

Location: South Pacific F

Date: Thursday, August 9 | 9:00am-9:25am

Format: 25-Minute Briefings

Track:

Human Factors

Why do people choose to use (or not use) Two Factor Authentication (2FA)? We report on some surprising results from a two-phase study on the Yubico Security Key working with Yubico. Despite the Yubico Security Key being among the best in class for usability among hardware tokens, participants in a think-aloud protocol encountered surprising difficulties, with none in the first round able to complete enrollment without guidance. For example, a website demo, built to make adoption simple, instead resulted in profound confusion when participants fell into an infinite loop of inadvertently only playacting the installation. We report on this and other findings of a two phase experiment that analyzed acceptability and usability of the Yubico Security Key, a 2FA hardware token implementing Fast Identity Online (FIDO). We made recommendations, and then tested the new interaction. A repeat of the experiment showed that these recommendations enhanced ease of use but not necessarily acceptability. The second stage identified the remaining primary reasons for rejecting 2FA: fear of losing the device, illusions of personal immunity to risk on the internet, and confidence in personal risk perceptions. Being locked out of an account was something every participant had suffered while losing control of their account was a distant, remote, and heavily discounted risk. The presentation will surprise and inform the practitioners, showing them that usability is not just common sense, in fact, sometimes you need to think sideways to align yourself with your potential users.

Snooping on Cellular Gateways and Their Critical Role in ICS

Justin Shattuck | Principal Threat Researcher, F5 Networks, Inc.

Location: Lagoon JKL

Date: Thursday, August 9 | 9:45am-10:35am

Format: 50-Minute Briefings

Tracks:

Smart Grid/Industrial Security,

Internet of Things

To keep up with the growing demand of always-on and available-anywhere connectivity, the use of cellular, in comparison to its wireless mobile connectivity counterpart in the electromagnetic spectrum, is rapidly expanding. My research in the IoT space led me down the path of discovering a variety of vulnerabilities related to cellular devices manufactured by Sierra Wireless and many others. Proper disclosures have occurred; however, many manufactures have been slow to respond. This led into examining numerous publicly disclosed vulnerabilities that were considered “low-hanging-fruit” against cellular devices and other cellular-based network modems that are often deployed as out of band management interfaces. The research expanded through the details provided in configuration templates available by each device including the following:

— Wireless Network Information
— IPSec Tunnel Authentication Details
— Connected devices and services

Focusing on an obfuscated series of examples to protect the organizations, people, and companies identified; this presentation focuses on the services and systems information of the following, commonly deployed cellular-connected devices to provide an in-depth look at what is easily possible:

— Emergency Response systems
— Resource collection systems
— Transportation Safety
— Out of band management

Your Voice is My Passport

Azeem Aqil | Software Engineering SMTS, Salesforce
John Seymour | Senior Data Scientist, Salesforce

Location: Lagoon GHI

Date: Thursday, August 9 | 9:45am-10:35am

Format: 50-Minute Briefings

Tracks:

Human Factors,

Internet of Things

ALSO AT: DEFCON 26–4:00 PM to 6:00 PM — Track Three

Financial institutions, home automation products, and hi-tech offices have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning have shown that text-to-speech systems can generate synthetic, high-quality audio of subjects using audio recordings of their speech. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning models and limited budget, that standard speaker recognition and voice authentication systems are indeed fooled by targeted text-to-speech attacks. We further show a method which reduces data required to perform such an attack, demonstrating that more people are at risk for voice impersonation than previously thought.

GOD MODE UNLOCKED — Hardware Backdoors in x86 CPUs

Christopher Domas | Director of Research, Finite State

Location: South Pacific F

Date: Thursday, August 9 | 11:00am-11:50am

Format: 50-Minute Briefings

Tracks:

Platform Security,

Hardware/Embedded

ALSO AT: DEFCON 26–2:00 PM — 3:00 PM — Track One

Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in x86 processors, and they’re buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Catch me, Yes we can! — Pwning Social Engineers using Natural Language Processing Techniques in Real-Time

Ian Harris | Professor, University of California, Irvine
Marcel Carlsson | Principal Consultant, Lootcore

Location: South Pacific F

Date: Thursday, August 9 | 2:30pm-3:20pm

Format: 50-Minute Briefings

Track:

Human Factors

ALSO AT: Bsides LV Ground Truth 6:00 PM — 7:00 PM

Social engineering is a big problem but very little progress has been made in stopping it, aside from the detection of email phishing. Social engineering attacks are launched via many vectors in addition to email, including phone, in-person, and via messaging. Detecting these non-email attacks requires a content-based approach that analyzes the meaning of the attack message.

We observe that any social engineering attack must either ask a question whose answer is private, or command the victim to perform a forbidden action. Our approach uses natural language processing (NLP) techniques to detect questions and commands in the messages and determine whether or not they are malicious.

Question answering approaches, a hot topic in information extraction, attempt to provide answers to factoid questions. Although the current state-of-the-art in question answering is imperfect, we have found that even approximate answers are sufficient to determine the privacy of an answer. Commands are evaluated by summarizing their meaning as a combination of the main verb and its direct object in the sentence. The verb-object pairs are compared against a blacklist to see if they are malicious.

We have tested this approach with over 187,000 phishing and non-phishing emails. We discuss the false positives and false negatives and why this is not an issue in a system deployed for detecting non-email attacks. In the talk, demos will be shown and tools will be released so that attendees can explore our approach for themselves.

DeepLocker — Concealing Targeted Attacks with AI Locksmithing

Dhilung Kirat | Research Scientist — Security, IBM Research
Jiyong Jang | Research Scientist — Security, IBM Research
Marc Ph. Stoecklin | Principal Research Scientist — Security, IBM Research

Location: South Seas ABE

Date: Thursday, August 9 | 5:00pm-6:00pm

Format: 50-Minute Briefings

Tracks:

Malware,

Exploit Development

In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.

DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if — and only if — the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target.

We will perform a live demonstration of a proof-of-concept implementation of a DeepLocker malware, in which we camouflage well-known ransomware in a benign application such that it remains undetected by malware analysis tools, including anti-virus engines and malware sandboxes. We will discuss technical details, implications, and use cases of DeepLocker. More importantly, we will share countermeasures that could help defend against this type of attack in the wild.

::WORKSHOPS::

5 Things Security Researchers Need to Know About Computer Crime Law

Nate Cardozo | Senior Staff Attorney, Electronic Frontier Foundation

Location: South Pacific IJ, North Hall

Date: Wednesday, August 8 | 1:00pm-1:25pm

Track: Community Workshops

In this workshop, EFF staff attorneys will discuss a handful of simple measures researchers can take to protect themselves in their work. Our tips will apply to both independent and professional research, both hardware and software. While we won’t be able to give you legal advice, we’ll do our best to answer all your questions.

OWASP Top 10

Owen Pendlebury | OWASP Global Board of Director

Location: South Pacific IJ, North Hall

Date: Wednesday, August 8 | 1:40pm-2:30pm

Track: Community Workshops

Threats to the application layer is not a new thing, but they have become more and more prevalent over the past number of years. The rise in attacks stems from the increase in high-value data being stored in constantly changing environments. The OWASP top 10 is based on data submissions from firms that specialize in application security and an industry survey and provides basic techniques to protect against these high-risk problem areas. The aim is to provide guidance on where to go from here.

In this workshop I will provide an overview of the OWASP Top 10. I will discuss what the issues are, why they are so important to organizations and how developers can become more proactive in preventing these risks in their code.

What’s Going on in DC and What Does it Mean for InfoSec?

Nate Cardozo | Senior Staff Attorney, Electronic Frontier Foundation

Location: South Pacific IJ, North Hall

Date: Wednesday, August 8 | 2:45pm-3:10pm

Track: Community Workshops

Hack back, anti-botnet, election security, data breach, crypto: all these are buzzwords on Capitol Hill. But what’s actually moving, and what will the consequences be for the InfoSec community? EFF staff attorneys will discuss the bills that we think have legs and what’s on the horizon. We’ll even give you tips on how you can influence the legislative process.

Image for post
Image for post

CONTINUE TO :: HACKER SUMMER CAMP 2018 GUIDE — Part Three: DEFCON 26

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store