AI, ML & DATA SCIENCE
AI, ML & DATA SCIENCE
The AI, ML, and Data Science track covers the curriculum in a way that provides value for security professionals. Topics in this track range from implementing and applying AI for better defenses, detection and attacking systems. Submissions for the track should show, educate and inform attendees on the functionality and key role AI/ML plays in everyday application. Regardless of the topic, the content for the track should have a heavy focus on applied concepts that attendees can use after the conference is over.
Anywhere developers are creating or shipping code, Security should come first. Everything from web application security to the Security Development Lifecycle (SDLC) to Web3 decentralized applications lives in this track. Good topics include broad-based, novel attacks against web technologies, programming languages, or ecosystems, especially when accompanied by offensive and/or defensive tooling. We are also interested in objective, data-driven research or case studies around secure development practices (train, develop, deploy, run, scale, respond) with actionable recommendations attendees can apply to improve their product security.
CLOUD AND PLATFORM SECURITY
CLOUD & PLATFORM SECURITY
Focuses on security issues affecting the full system platform stack from (firmware, hypervisor, and operating system) of computing platforms powering everything from embedded systems to modern desktops to the cloud. The track focuses on topics such as: software attacks against modern client and server operating systems; hypervisor and firmware vulnerabilities; security co-processor and secure enclave weaknesses in modern CPU and System-on-Chip architectures; microarchitectural and hardware-enabled attacks against CPU, memory, or other subsystems; and at-scale supply chain security issues such as build system compromises or exploitation of pervasive open source vulnerabilities.
CRYPTOGRAPHY & BLOCKCHAIN
CRYPTOGRAPHY & BLOCKCHAIN
This track focuses on cryptography and Block Chain lets discuss practical, real-world advances in cryptography informed by an attacker’s sensibility. A Black Hat Cryptography Track talk will almost always be backed up with running code. We prize offensive cryptography and cryptanalysis but will host defensive and research cryptography when rooted in a context of real-world attacks. We’re an especially good place to send new vulnerabilities in cryptographic protocols like TLS, cryptographic hardware like HSMs and smart cards, and cryptographic primitives like SHA-1.
DATA FORENSICS & INCIDENT RESPONSE
DATA FORENSICS AND INCIDENT RESPONSE
The DFIR track will consist of techniques and capabilities used to assist defenders in responding to a variety of security incidents, this includes on-premise, hybrid, and cloud environments. These topics may include, but aren’t limited to, identification of compromised systems, digital evidence collection, network, host, malware analysis, threat intelligence, and threat hunting. Focus should be on techniques and procedures that can help defenders understand how an attack unfolded, if and when a breach occurred, and how it can be prevented in the future.
DEFENSE | BLUE TEAM
DEFENSES | BLUE TEAM
As cybersecurity encompasses everything in our daily lives, in the new world of a remote workforce sharing systems with their young distance learners, across perimeter-less and zero trust networks. How can we tip the balance to favor the Blue Team in their daily battle against chaos, data loss, or even lives lost? What new technologies should we look at, before attackers do? What are new approaches to consider, while keeping up with this ever-changing perimeter and the rapid introduction of new attack surfaces?
This track welcomes talks on practical, effective, and scalable security isolation technologies and exploit mitigations, at the compiler or platform level, as well as tools and techniques offering enhanced visibility, management, visualization, and data processing of any part of the kill chain, with the goal of disrupting and diminishing attacker capabilities and toolsets.
ENTERPRISE AND AGENCY SECURITY
AGENCY AND ENTERPRISE SECURITY
Enterprise and Agency Security track covers research into the security of IT infrastructure and endpoint fleets, and includes device management and MDMs, directory and SSO identity services, orchestration and patch management, email, and storage networks. If it’s new research targeting systems companies run to support team members, rather than the applications they provide or the operating systems themselves, the Enterprise Security track is probably a natural home for it.
EXPLOIT DEVELOPMENT | DARK ARTS
Exploit Development submissions are welcome across a wide array of technologies and targets from cloud to mobile devices. We are particularly interested in innovative and novel approaches that cover new exploit delivery mechanisms, code execution techniques, focus on new targets, or defeat existing exploit mitigations such as CET or XFG. Submissions shouldn’t be constrained to memory safety issues, but these often resonate well with our audience. Bypasses for next generation hardware architectures such as CHERI, or virtualization-based security mechanisms, are highly regarded.
MALWARE | RANSOMWARE
The Malware and RANSOMWARE track focuses on both the defensive and offensive aspects of malware development. The defensive malware talks are centered around current malware; analysis, anti-analysis techniques, detection, remediation, and technical discussions on bypasses or broken functionality within anti-malware tools. The offensive malware talks are centered around; malware development, novel execution techniques, and obfuscation. We are most interested in talks that detail prevailing malicious attacks, recent attacks with high impact, malware targeting newer platforms.
The mobile track encompasses everything mobile, including all layers of phones (OS, baseband, hardware, software, apps), tablets, mobile infrastructure, mobile device management, telecommunications protocols, GPS, etc. Talks in this track should cover a security feature, novel technique, new concept or research unique to the mobile space. Submissions where mobile is only one of many use cases, are generally not suitable for this track
Focused on network defense issues related to protecting users or assets. Traditionally, this includes the vast array of NIDS, HIDS, IPS, SEIM, Firewalls, VPNs, etc., as well as the hardware components, like routers, switches, Wi-Fi and so on. Cloud computing networks and more exotic networks, like CAN Bus, ad-hoc networking and so on are included. We are looking specifically for novel means of deployment, detection, correlation, or protection of attacks that is both unique and ideally practical for use in protecting networks. Attendees of Network track talks should walk away with ideas on how to defend themselves and a better understanding of the threat landscape with ideas on areas to research.
Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made and reproducing it or reproducing anything based on the extracted information briefings in the Reverse Engineering Track may include subjects such as vulnerability discovery, data visualization, advanced exploitation techniques, bypassing security and software protections, and reverse engineering of hardware, software, and protocols.
RED TEAM | OFFENSIVE
RED TEAM & OFFENSIVE
Briefings range from introductory topics of Red Teaming to very advanced techniques and tactics. emulating the adversary. Creating their own tools and exploits to compromise and access sensitive systems and information in any way possible, as quietly as possible.
OT | ICS | SCADA
Industrial Control Systems, PLC’s, Operational Technology Networks, Building Management, Refineries, Power Plants, and Terminals all use OT/ICS Scada Networks and devices.