Takeaways and Observations from Black Hat USA 2023, BSides, and DEFCON 31

As happens every year, Netskopers from across different teams attended the Black Hat USA, BSides, and DEFCON conferences, each coming away with their own take on what was new and exciting. With “Summer Camp” now behind us, we checked in with those folks who attended to share some of what they saw on the floor and what exciting topics stuck out most to them. Here’s what they had to say:

“This year felt like a pre-pandemic Black Hat and DEFCON—a coming together of hackers and cybersecurity professionals from throughout the world to exchange ideas. Among the hot topics this year was AI, maybe partially fueled by the hype around LLMs, but more focused on how current AI technology can be used in cybersecurity and cybercrime, and how to find and fix vulnerabilities in AI systems.” – Ray Canzanese, Director of Netskope Threat Labs

“Many of my conversations centered around  the proliferation of security tools and being overwhelmed. It seems like everyone is trying to understand the most critical risk to cover and looking for solutions that are “must have” right now while looking at what they might need in the future. Other conversations were about protecting data, but prioritizing the most important data first because they feel like they can’t protect it all right away. Practitioners were also sharing ideas and expressing a desire to find better ways to piece together multiple security solutions/tools and make sure they work together.” – Damian Chung, BISO

“The biggest topic I heard people talking about was the continuation of AI everywhere. That extended to the BSides talks, which also included some interesting chatter about building your own AI system and attacking newer API systems like graphql.” – James Robinson, Deputy CISO

“My biggest takeaway was, a lot of vendors are either offering AI within their product now or AI enrichment. What I found was many of them use the business offering by OpenAI and just connect your AI query to ChatGPT via the API. However, they claim this keeps your data private and not shared out like regular users of ChatGPT, but when I asked how they overcame the 2021 cutoff for OpenAI content, I did not get any responses.” – Allen Funkhouser, Information Security Analyst

“DEFCON Cloud Village had long queues and packed rooms for presentations covering varied topics, such as abuse of cloud misconfigurations, stealth by avoiding logging, hacking API endpoints to enumerate permissions, and CI/CD abuse. The Cloud Village CTF also drew a lot of interest with more than 400 teams and 400 participants attacking gnome-themed challenges in AWS, Azure, and GCP.” –Jenko Hwong, Principal Engineer

Did you attend any of the “Summer Camp” conferences in Las Vegas this year? What were the big topics or trends you heard about? Connect with us on LinkedIn to continue the conversation and let us know what hot topics are still on your mind!