2023 was the LARGEST Black Hat yet! The crowds were very large at every keynote and in the expo hall. Compared to last year - we are definitely back and beating pre-Covid numbers.

I’m just going to say that Artificial Intelligence was the buzzword of the conference and you couldn’t attend a single briefing or visit a booth without hearing it. It’s definitely not going anywhere 🤖

Another long post coming so get that scroll wheel ready 🤠

Weather was typical Vegas HOT at the Mandalay Bay (102f), but not as hot as it had been the week before we all arrived - which was a scorching 113f🔥 Thankfully there was no flash flooding like last year.

REGISTRATION

I’m happy to report that Black Hat finally have registration down and can handle the massive amount of crowds. Even if you don’t have the handy QR code, you can still get a speedy process with just your email. This is a welcome change from previous years and I no longer dread registration - THANK YOU!

While you do get a backpack - that is basically it. Pre-Covid attendees were given at least water bottles and notebooks. This was my main issue with the briefings backpack last year and it looks like this will continue. You can still get all those things at the expo hall for a badge scan 🤓

EXPO HALL

The absolutely massive Expo Hall at Mandalay bay was packed and most of the people traveling to the show are going into this hall.

Our 2528 large booth 20x20 was just left of the entrance and so we had lots of crowds for our presentations and SWAG. 

BOOTH PRESENTATIONS

At this year's Black Hat 2023 conference, our subject matter experts took center stage with engaging booth presentations in front of a massive screen. Drawing on their deep expertise and real-world experience, they unveiled cutting-edge insights, techniques, and tools.

Joshua Hamilton showcases Fortify in his presentation on software supply chain across enterprise applications​.

Raj Rajagopal sheds light on privacy initiatives that thwart security defenses.

Roger Brassard flexes our industry leading email threat protection - powered by Zix.

Here is myself presenting the latest threat trends from our 2023 Threat Report - Take a look!

New this year at our booth was our AI Avatar generator that definitely got the crowd interested 🤓 Here is an example of mine that I wasn’t exactly enthusiastic about 👺

​​​​

The left one looks like a puppet in Thunderbirds

BRIEFING SESSIONS

The briefing sessions have always been a main attraction at Black Hat. The conference became famous from all the cool new proof of concepts and technical presentations that went alongside the rowdier and more hands on DEFCON hacking conference. Overtime Black Hat has become much more of a professional setting by attracting executives and other purchase power individuals with the introduction of the Expo Hall in 2014.  Most of these summaries were provided by myself, but some are by our Director of Security Intelligence, Grayson Milbourne.

Intro by Jeff Moss, Founder of Black Hat - Rating 8/10

• Inclusivity scholarship programs
• 127 different countries attended Black Hat this year
• AI - next battle for rights of the internet
• Authentic problems/information into global problems
  • Would you be willing to pay for human or “real” painted picture
• White house legislation - we can play with training our own models
  • We have a chance to participate in the rule making and accountability
• Lot of problems and opportunities

Keynote: Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow - Rating 8/10

Maria Markstedter - Azeria Labs

• AI has now gone from the 1% to the 99%
• Google was cautious, but...
• Chatgpt ruined this and everyone jumped in to release to public - AI race we can’t stop
• Investment 5x in 3 years
• Worried about ai involvement into elections

• Microsoft only worried about fixing problems later
• Hackers are what motivate security - marketing claims help continue this cycle
• Ai integration and market leaders are making lots of money

• ML as a service is now booming
• Real time date streams - protect internal data process but also protect from external attacks
• Autogpt app
• Malicious action doesn't need to be text pulled from websites but also images and audio files when pulled for AI

• AI might auto process malicious attachments
• AI will replace jobs but create new ones
• Those who understand how to leverage ai will replace people who don't
• Study it - break it - fix it
• We have no manuals - there is none for AI
• Reinvent security posture

Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails) - Rating 8.5/10

AI programs, built using large language models, make it possible to automatically create realistic phishing emails based on a few data points about a user. They stand in contrast to "traditional" phishing emails that hackers design using a handful of general rules they have gleaned from experience.

The V-Triad is an inductive model that replicates these rules. In this study, we compare users' suspicion towards emails created automatically by GPT-4 and created using the V-triad. We also combine GPT-4 with the V-triad to assess their combined potential. A fourth group, exposed to generic phishing emails created without a specific method, was our control group. We utilized a factorial approach, targeting 200 randomly selected participants recruited for the study. First, we measured the behavioral and cognitive reasons for falling for the phish. Next, the study trained GPT-4 to detect the phishing emails created in the study after having trained it on the extensive cybercrime dataset hosted by Cambridge. We hypothesize that the emails created by GPT-4 will yield a similar click-through rate as those created using V-Triad. We further believe that the combined approach (using the V-triad to feed GPT-4) will significantly increase the success rate of GPT-4, while GPT-4 will be relatively skilled in detecting both our phishing emails and its own.

• Doom and gloom. AI to be used to make people hurt themselves
• Huge good huge bad potential

• Teaching you how to create content that deceive people
• Keep it simple stupid
• Credibility, compatibility and customisability
• Chatgpt 4 -only a few data points are enough for personalization.

• Security mechanisms to prevent are weak and easy to trick
• "I'm a researcher I'm doing to this to help"
• It’s intention to trick chatgpt

• A good phishing and good marketing email are identical - too true
• V triad
• Tried to email all black hat attendees for this but Black Hat said NO 😆

• Semi- automation very powerful. Just helping a little bit
• Small errors
• Starbucks email photos to Harvard students
• Unsubscribe links very powerful

• Can AI save us
• Hacking humans
• How good can we make it
• You can automate
• Detect better at intention and suspicion
• AI is cool but it doesn't replace the necessity of educated humans (yet lol)
• Language models are good for tailoring
• What to train and how to train

Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla's x86-Based Seat Heater - Rating 6.5/10

Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities. More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.

In this talk, we will present an attack against newer AMD-based infotainment systems (MCU-Z) used on all recent models. It gives us two distinct capabilities: First, it enables the first unpatchable AMD-based "Tesla Jailbreak", allowing us to run arbitrary software on the infotainment. Second, it will enable us to extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network.

For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP's early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution.

Our gained root permissions enable arbitrary changes to Linux that survive reboots and updates. They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc. On the other hand, it can also benefit car usage in unsupported regions. Furthermore, the ASP attack opens up the possibility of extracting a TPM-protected attestation key Tesla uses to authenticate the car. This enables migrating a car's identity to another car computer without Tesla's help whatsoever, easing certain repairing efforts.

• Previous hacks use remote
• This focuses on insider, aka someone in the car

• Overview of boot process into Linux
• Chain of trust during boot sequence
• They added a new ssh credentials
• This breaks trusted boot
• Patched Linux kernel to not reboot on insecure boot

• AMD platform secure boot vulnerable
• Tesla overview of security

• Hotwiring the infotainment system, part 2
• Early boot verification effective
• Tried a fault injection attack using laser and voltage spike
• Most faults are useless for an attacker

• Discover where ARK verification time window takes place
• Dynamic voltage control analysis

• Glitch setup, several wires soldered

• Overview of voltage glitch steps
• Voltage drop causes the glitch

• And with their ssh password they gain root
• Unlocked rear seat heater, win!

• Not permanent, reboot clears the modifications
• Tesla has fixed
• Grayson’s thoughts - it was interesting but not that cool, they had to use a voltage fault to break the checksum validation to accept the bootloader with their SSH creds and if you stop and start the car it resets and all they were able to do was turn on a locked feature.

Keynote: Acting National Cyber Director Kemba Walden Discusses the National Cybersecurity Strategy and Workforce Efforts - Rating 7/10

Acting National Cyber Director Kemba Walden will discuss the finer details in the National Cybersecurity Strategy Implementation Plan and the National Cyber Workforce and Education Strategy.

• Not enough people on cyber defense team
• Digital authoritarianism
• Security is a big part of community
• Building resilient ecosystem that aligns with our values
• Pessimistic about free and open internet
• Geopolitics are difficult
• Sustainability - will our grandkids grandkids have the same freedom of Internet that we do
• Good things administration - Democratic values and EOs
• We can get there
• Think about cyber as tech innovation and economic prosperity
• Why should this time be different with cyber strategy?
• We've allowed cyber security to devolve to least capable
• We need to figure out policy solutions
• Invest in resilience not just technology
• We have to set the agenda not just reactive to bad guys - we want bad guys chasing us
• More transparency - 69 action items
• Deadlines and accountability
• Open source secure - oss - 60 days to react and respond
• Developers not trained on security by design
• How do we make policy that's realistic and actionable
• os3i regulations.gov

Risks of AI Risk Policy: Five Lessons - Rating 7/10

It is no surprise that the introduction of AI systems also introduces the risk of bias, inequality, and responsible AI failures, on top of privacy and security concerns. Surprising, though, is the rate of the rapid proliferation of the AI Risk Management ecosystem: twenty-one draft standards and frameworks were published last year from standards organizations last year alone, and already large companies and an emerging group of startups offer tests to measure AI systems against these standards. As these frameworks are finalized, soon, organizations will adopt these standards and eventually compliance officers, ML engineers and security professionals will have to apply them to their AI systems.

In this talk, using qualitative studies and experimental work, we show how two popular AI Risk Management frameworks – NIST AI RMF and the draft EU AI Act – despite their best intentions, have five roadblocks that stakeholders will face when operationalizing these standards, specifically from the vantage point of security. Attendees will learn that these frameworks are too vague, how there is no actionable guidance especially when it comes to securing AI systems and how properties like reducing bias in AI systems and increasing the robustness of AI systems to attacks, are not just intertwined but also in conflict. Moreover, none of these frameworks account for the civil liberties implications of securing AI systems. Attendees will leave with a plan to handle these uncertainties and learn how to extend their traditional security investments to manage realistic security risks to AI systems.

• Users blindly follow instructions from machines
• Even in a fire scenario they all waited for robot to escort even with obvious exit signs
• Problem is Overtrust

• Standards and certifications
  • toaster appliance UL
    • comprehensive
    • concrete
    • constituent testing

• Can we calibrate trust in AI systems with standards and certifications
• Real world have tons of AI & ML models
• Really not clear what we mean when we say AI system

• All about interpretation
• What does calibrate mean
• Image recognition takes 5 lines of code
• What can go wrong
• Traditional security harms

• AI systems change all the time
• Standards language is too vague

• Robustness and bias
• Do not protect all classes equally black vs white

• Defense do not protect all classes equally. Which part of data sets should be prioritized. Who makes those ecisions
• Build untrustworthy classifier
• People pick the manipulated explanations
• You have no clue about the organization classifier.
• We have no trustworthy way

• Whom do standards serve. Corporations. They are building it to serve them. It's not independent.
• Rants on GDPR 👏
• No way to see a sticker of compliance on AI we interact with
• How bad things go wrong with blind trust
• Rants on Tesla autopilot
• Doesn't like language used to describe auto pilot
• If we want change it needs to start with organization
• Culture of empathy

Thanks for everyone that scrolled this far down - I hope you enjoyed our not so brief rundown of our OpenText Cybersecurity team Black Hat 2022!

I have a fun little game below for a small prize 😎