Black Hat Europe 2022 Report: Benjamin Bencina

Below we hear from first-year CDT students Benjamin Bencina and Shubham Pawar who attended Black Hat which was held in London in early December. 

At the beginning of December, Shubham Pawar and I had the pleasure of attending Black Hat Europe, the European (including the UK) rendition of the internationally recognised cyber security event Black Hat. The event was hosted in London this year, and I’ve been following the research presented at Black Hat for a few years now, so there was no excuse not to attend. Luckily, our advisor Martin helped us get free student passes, since we were not there to present our own work, but mainly to indulge our curiosities.

The briefings were scheduled over two days, each day beginning with a keynote and ending with a locknote, where various Black Hat veterans and cyber security practitioners tried to capture and discuss the current state of cyber security, and pave the way forward. While we were mostly interested in the briefings themselves, it was still interesting to see how the broader cyber security crowd operates and what problems they face – we are part of the CDT in Cyber Security for the Everyday after all.

The first proper talk we attended was given by our own Dan Jones and Martin Albrecht, Benjamin Dowling from University of Sheffield, and SofĂ­a Celi from Brave Software. They presented their adventures in cryptanalysing the widely used Matrix protocol for secure, decentralised communication, and finding several practically exploitable cryptographic vulnerabilities. After presenting their attacks, ranging from simple impersonation attacks to complete breaches of confidentiality, Martin concluded the talk by highlighting the importance of security proofs in cryptography. Together with Benjamin Dowling’s talk on the inner working of the Matrix protocol at the London-ish Crypto Day in November, we should now have a pretty good idea of how Matrix works and about the many pitfalls of secure messaging.

Since our research interests lie in cryptography, and there were no more cryptographic talks on the first day, the rest of the briefing sessions mainly constituted good fun. While Shubham attended a talk on IoT security, I listened to a talk on the ethics of social engineering. After lunch, we reconvened at a talk on binary exploitation called “Unwinding the Stack for Fun and Profit”, which presented a new technique of bypassing popular stack-based buffer overflow mitigations, that took me back to my CTF days. Finally, there was an entertaining talk about scamming on cyber crime forums.
We spent the majority of the second day in the business hall, talking to various cyber security companies, trying to figure out what they do, inquiring about possible PhD internship positions, and gathering free pairs of socks.

Overall, Black Hat Europe was definitely worth attending. While this event is more company-focused than some other big “hacker” conferences, there was still plenty of engaging research presented. Mingling with the industry leaders was fun as well, and who knows where one might end up after finishing their PhD. Most importantly though, 1 seeing our CDT mate Dan present his work in person was more than inspiring, as we are just starting out our research journeys.



Comments

Post a Comment

Popular posts from this blog

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin...
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se...
Read more

The Artificial Intelligence Monster: Nicola Bates

Image
Christopher Booker in 2004 wrote of the seven basic plots to any story, one of these being ‘overcoming the monster’. Within Hollywood, such ‘monsters’ often reflects the zeitgeist balancing commercial requirements with the political and societal preoccupations of the age. The monster evolves over time - from Russia in the Cold War years through to lone actors and terrorists and now to seemingly shadowy figures controlling intelligence. Whilst generally lighter in tone, such monsters also exist within children’s cinema. In recent years this monster has become increasingly defined by their use of highly sophisticated technology, finally becoming the technology in ‘The Mitchells vs. the Machine’*. Lethal technology and subversive machines aren’t new concepts in children’s movies. They can, for example, be found in ‘Short Circuit’ back in 1986. This movie begins with five United States military robots in a training exercise against tanks and focusses upon one of the robots becoming ‘alive’...
Read more