Black Hat Europe 2022 Report: Benjamin Bencina

Below we hear from first-year CDT students Benjamin Bencina and Shubham Pawar who attended Black Hat which was held in London in early December. 

At the beginning of December, Shubham Pawar and I had the pleasure of attending Black Hat Europe, the European (including the UK) rendition of the internationally recognised cyber security event Black Hat. The event was hosted in London this year, and I’ve been following the research presented at Black Hat for a few years now, so there was no excuse not to attend. Luckily, our advisor Martin helped us get free student passes, since we were not there to present our own work, but mainly to indulge our curiosities.

The briefings were scheduled over two days, each day beginning with a keynote and ending with a locknote, where various Black Hat veterans and cyber security practitioners tried to capture and discuss the current state of cyber security, and pave the way forward. While we were mostly interested in the briefings themselves, it was still interesting to see how the broader cyber security crowd operates and what problems they face – we are part of the CDT in Cyber Security for the Everyday after all.

The first proper talk we attended was given by our own Dan Jones and Martin Albrecht, Benjamin Dowling from University of Sheffield, and SofĂ­a Celi from Brave Software. They presented their adventures in cryptanalysing the widely used Matrix protocol for secure, decentralised communication, and finding several practically exploitable cryptographic vulnerabilities. After presenting their attacks, ranging from simple impersonation attacks to complete breaches of confidentiality, Martin concluded the talk by highlighting the importance of security proofs in cryptography. Together with Benjamin Dowling’s talk on the inner working of the Matrix protocol at the London-ish Crypto Day in November, we should now have a pretty good idea of how Matrix works and about the many pitfalls of secure messaging.

Since our research interests lie in cryptography, and there were no more cryptographic talks on the first day, the rest of the briefing sessions mainly constituted good fun. While Shubham attended a talk on IoT security, I listened to a talk on the ethics of social engineering. After lunch, we reconvened at a talk on binary exploitation called “Unwinding the Stack for Fun and Profit”, which presented a new technique of bypassing popular stack-based buffer overflow mitigations, that took me back to my CTF days. Finally, there was an entertaining talk about scamming on cyber crime forums.
We spent the majority of the second day in the business hall, talking to various cyber security companies, trying to figure out what they do, inquiring about possible PhD internship positions, and gathering free pairs of socks.

Overall, Black Hat Europe was definitely worth attending. While this event is more company-focused than some other big “hacker” conferences, there was still plenty of engaging research presented. Mingling with the industry leaders was fun as well, and who knows where one might end up after finishing their PhD. Most importantly though, 1 seeing our CDT mate Dan present his work in person was more than inspiring, as we are just starting out our research journeys.



Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more