We are a few weeks away from Black Hat and DEF CON. As everyone prepares their travel for the annual trek out to the desert, we wanted to let you know about a few presentations and events our team is participating in across both these two cool cybersecurity venues. We are bringing our expertise in multiple disciplines, including AI security, privacy, and cryptography, and sharing what we’ve learned with you. So, mark your calendars and join us.
AI, Quantum, and Emerging Technology Meet and Greet
Event: Black Hat
Date: Wednesday, August 9th. 11:00am – 1:00pm
Location: Beach Bungalow at the Moorea Beach Club Deck (Mandalay Bay)
We kick off the week with a discussion around some of the hottest technology topics. This is a meet and greet with Senior Cryptography and Quantum Security Expert Tommaso Gagliardoni and Senior Director of Research and Black Hat’s AI, ML, and Data Science track lead Nathan Hamiel. Join us for some food and drinks as well as a casual conversation about security and emerging technology. These are rapidly advancing fields, and we can help by sharing our perspectives and answering your questions.
AI Security Challenges, Solutions, and Open Problems
Event: Black Hat
Date: Wednesday, August 9th. 3:20pm – 4:00pm
Location: South Pacific I, Level 0
AI Security has become an incredibly hot topic with no shortage of challenges and open problems, leaving security professionals scrambling to catch up with emerging techniques and very little to go on. While the slow-moving machinery of industry does its best to catch up, that doesn’t help the many who face these challenges today. Where do you start? What can you do? What have you seen work?
Join Senior Director of Research and Black Hat Review Board member Nathan Hamiel along with Senior Researcher Vishruta Rudresh, for a community conversation on the hottest topic in tech and the resulting challenges. We’ll discuss challenges, solutions, and open problems in this evolving space. This is a community meetup event, so meet your peers, share your perspective, and be part of the conversation. I hope we can have a discussion on how we as a community can tackle these challenges, and all perspectives are welcome. Looking forward to the conversation.
More information is available here.
Forward Focus: Perspectives on AI, Hype, and Security
Event: Black Hat
Date: Thursday, August 10th. 1:30pm – 2:10pm
Location: Oceanside A, Level 2
This year witnessed AI hype hitting unprecedented levels, and if you believe the press, no industry is safe, including the security industry. It may be obvious that hype-fueled, rapid adoption has negative side effects, but when article after article claims if you don’t use AI, you’ll be replaced, the allure can be hard to ignore. Adding to this, there are privacy concerns, proposed regulations, legal issues, and a whole pile of other challenges. So, what does all of this mean for security?
Join Nathan Hamiel along with other industry experts for a grounded conversation where we puncture the hype and focus on the realities of AI affecting security professionals. We discuss the impact of generative AI on the security industry, its risks, the realities, and what you need to know to travel the road ahead.
More information is available here.
Shufflecake, AKA Truecrypt on Steroids for Linux
Event: DEF CON Demo Labs
Date: Friday, August 11th. 12:00pm – 1:55pm
Location: Unity Boardroom, Caesar’s Forum
Shufflecake is a FOSS tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes without the right password(s). You can consider Shufflecake a “spiritual successor” of tools such as TrueCrypt and VeraCrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple nested volumes per device, so to make deniability of the existence of these partitions really plausible.
Join Senior Cryptography Expert Tommaso Gagliardoni and former Master’s student on the Kudelski Security Research Team Elia Anzuoni as they push the envelope forward, bringing stronger privacy to vulnerable groups.
Polynonce: An ECDSA Attack and Polynomial Dance
Event: DEF CON
Date: Saturday, August 12th. 5pm
Location: Track 2
ECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.
Although we didn’t recover Satoshi’s private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We’ve only scratched the surface, there’s still plenty of room for exploration.
Join Lead Prototyping Engineer Nils Amiet and Principal Cryptographer Marco Macchetti for an exploration into this attack and how you can ensure these issues don’t surface in your products.
See You There
We have lots going on and will be out in Vegas for the week attending multiple events scattered across Both Black Hat and DEF CON. We’d love to meet you. Please don’t hesitate to reach out. Enjoy Vegas and we’ll see you there!
Kudelski Security Research 