The Applied Security track is comprised of topics and techniques that should be immediately actionable to attendee environments upon returning from Black Hat. Topics should still be cutting edge, but shouldn't require a PhD and a custom lab environment to plan and deploy. Focus on areas of security and technology that are new, or trending up within the industry, and how someone new to that subject matter might introduce that technology or practice into their organization.
The Community track aims to provide a forum for idea sharing and discussion on relevant issues impacting the InfoSec community. Topics may include but are not limited to careers, legal issues, diversity, inclusion, attribution, substance abuse, mental health, burn out, security awareness, and work-life balance. Talks in this track should provide insights and solutions to help individuals new to InfoSec as well as those with years of experience and the talks do not need to be technical in nature. Community track talks should help affect change for the InfoSec community and session formats for this track are more open and flexible – panels, fireside chats, etc.
The Cryptography track aims to do for cryptography what Black Hat's Exploit Development track does for software security: to be the industry's premiere venue for practical, real-world advances in cryptography informed by an attacker's sensibility. A Black Hat Cryptography Track talk will almost always be backed up with running code. We prize offensive cryptography and cryptanalysis, but will host defensive and research cryptography when rooted in a context of real-world attacks. We're an especially good place to send new vulnerabilities in cryptographic protocols like TLS, cryptographic hardware like HSMs and smart cards, and cryptographic primitives like SHA-1.
The DFIR track will be comprised of topics and techniques used to assist defenders in responding to varied security incidents. These topics may include, but aren't limited to, identification of compromised systems, digital evidence collection, network, host and malware analysis, threat intelligence, and threat hunting. Focus should be on techniques and procedures that can help defenders understand how an attack unfolded, if and when a breach occurred, and how it can be prevented in the future.
Enterprise track submissions should be attractive to security practitioners and leaders operating corporate security at a large scale; thousands of hosts, users, and applications. Topic areas include securely managing the platforms and environments found in enterprises such as large data centers, Active Directory, and SANs as well as enterprise scale processes such as patching, security orchestration and bug bounty programs.
Exploit Development submissions are welcome across a wide array of technologies and targets from servers to mobile devices. We are particularly interested in innovative and novel approaches that cover new exploit delivery mechanisms, code execution techniques, focus on new targets, or defeat existing exploit mitigations such as ACG or CFG. Submissions shouldn't be constrained to memory safety issues but these often resonate well with our audience.
The Hardware / Embedded track is centered around attacks on hardware, firmware, and embedded devices. We're also interested in the security (and insecurity) of things like exotic hardware, autonomous vehicles, IoT, robotics, medical devices, voting machines, and other unique hardware-centric targets. Purpose-built, modded, or otherwise hacked hardware that solves (or creates) new security problems is pretty cool, too.
The Human Factors track focuses on people in security: how their decisions can affect the security of the organization, and how engineering and technology can help. This includes the way people make decisions and how to influence those decisions as an attacker or defender. It also includes how to reduce their decision load and the organizational (and potentially economic) factors that surround those decisions. This track welcomes submissions that detail techniques on the social influencing of people to act against their interest as well as innovative ways to strengthen technology and other solutions to decrease harm. This track is not about career development, BOFH stories, simple ploys like buying a UPS outfit, or sploits to make the browser draw a fake UI.
This track examines offensive and defensive research into the devices, frameworks and applications of the "Internet of things." Sensors, actuators, wireless smart devices all fall into this area including any type of vulnerability or defensive mechanism, hardware and/or software. Submissions that focus on the specific peculiarities of IoT (communication, integration, smart devices) are of interest. If your target is an IoT device but the hack or defensive mechanism is related mostly to a cryptographic operation or to the underlying operating system, you may wish to select one of those tracks as primary and/or secondary. If you are discussing an IoT device of primarily industrial use, please consider the Smart Grid and Industrial Security track.
The Malware track focuses on both the defensive and offensive aspects of malware development. The defensive malware talks are centered around current malware; analysis, detection, remediation, and technical discussions on decent or broken functionality within anti-malware tools. The offensive malware talks are centered around; malware development, novel execution techniques, and obfuscation. We are most interested in talks that detail prevailing malicious attacks or new techniques on both the offensive and defensive side of malware development without a product pitch.
The mobile track encompasses everything related to mobile devices (largely phones). The main aim for talks in this track should be to cover a feature, technique, concept or research result that first and foremost applies to mobile devices. Submissions where mobile devices/OSes are only one of the many use cases or affected targets are generally not suitable for this track.
Talks in this track should tackle network defense issues related to protecting users or assets. Traditionally, this includes the vast array of NIDS, HIDS, IPS, SEIM, Firewalls, VPNs, etc., as well as the hardware components, like routers, switches, Wi-Fi and so on. Cloud computing networks and more exotic networks, like CAN Bus, ad-hoc networking and so on are included. We are looking specifically for novel means of deployment, detection, correlation, or protection of attacks that is both unique and ideally practical for use in protecting networks. Attendees of Network Defense track talks should walk away with ideas on how to defend themselves and a better understanding of the threat landscape with ideas on areas to research.
This track focuses on security issues affecting the full system platform stack (firmware, hypervisor, and operating system) of computing platforms powering everything from embedded systems, to modern desktops, to the cloud. The track focuses on topics such as: software attacks against modern Windows, macOS/iOS, and Linux; hypervisor and firmware vulnerabilities in Xen, Hyper-V, or UEFI; security-coprocessor issues in the Intel Management Engine, Apple Secure Enclave, or ARM TrustZone; microarchitectural attacks such as Meltdown/Spectre and hardware-enabled attacks such as Rowhammer. This track also encourages presentations on novel defenses that feasibly mitigate presently known or unknown instances of these classes of attacks -- especially if these defenses can scale and/or have scaled to effectively protect various ranges of platforms ranging from mobile phones to cloud-scale infrastructure with acceptable power, performance, and compatibility impact.
Well-intentioned policy decisions at every level can have profound impacts on the effectiveness of security practices and technologies. This track covers technical, organizational, political or economic policies, as well as technical standards, laws affecting security (intentionally or not) and defined norms of behavior. We are interested in submissions that address security issues that can't be addressed at the level of the individual, as well as policies that affect individuals in unforeseen ways. This track welcomes submissions with data about security impacts of policy on attackers and defenders (e.g. SDLC), real-world security impacts resulting from unintended consequences of policy choices, novel and innovative best practices in areas of broad security concern but with insufficient research or documentation, new, effective, metrics for tracking and assessing the practical effectiveness of security programs, countermeasures, and testing, and proposed policies that mitigate new and emergent security threats and those requiring urgent or unusual inter-organizational coordination. The Policy track is not for general complaints about nation-state adversaries, the state of security, or retrospective reviews of problems without proposed solutions.
"Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made and reproducing it or reproducing anything based on the extracted information." – Eldad Eilam
Talks in the Reverse Engineering Track may include subjects such as vulnerability discovery, data visualization, advanced exploitation techniques, bypassing security and software protections, and reverse engineering of hardware, software, and protocols.
The Security Development Lifecycle track, or SDL track, focuses on practical presentations that help developers build more secure software and hardware in both waterfall and agile development models. Talks are welcomed in any of the seven phases of SDL; Training, Requirements, Secure Design, Implementation, Verification, Release, or Response. We are most interested in talks which identify new techniques or tools in the field of secure development practices and presentations which leverage objective data or case studies to provide actionable recommendations attendees can apply to improve their product security.
The Smart Grid and Industrial Security track focuses on the security of SCADA, industrial automation, power transport and generation. The track also covers related subject areas like solar, microgrids, EV charging, as well as oil, water, and gas distribution. We are most interested in submissions that approach the already known problem spaces in SCADA and industrial in new and unique ways, or talks that point out unusual and unexpected attack vectors that haven't been explored.
Talks in this track should specifically tackle web-based issues that work over ports 80/443 and the like. This usually implies issues in web-servers (Apache, Nginx, IIS, etc.), browsers (Internet Explorer/Edge, Chrome, Safari, Firefox, etc.) and web technologies (AJAX, Flash, HTML5, SSL/TLS, etc.). This track can also include issues related to how web based programming languages (Java, C#, PHP, Python, Ruby, etc.) process/handle web transactions (SQL Injection, Command Injection, Cross Site Scripting, pivoting, exfiltration, etc.) and additionally how browsers can be tricked into performing otherwise nefarious activities. Attendees of Web AppSec track talks should walk away with one or more new attack ideas or increased knowledge of the existing web attack surface area/landscape or equivalently useful knowledge.
