Def Con 31 (2023): Top Talks You Do Not Want to Miss
Ming Hui — 8/31/2023 — 8 Min Read
Def Con is, without a doubt, a must-attend conference for any security professional in their career. The recently concluded Def Con31 held in August 2023 was no exception.
In a fashion similar to previous years, the venue was packed with enthusiastic professionals, offering a valuable platform for learning and exchanging knowledge on new innovations, vulnerabilities, new attack vectors, and other crucial subjects in the field of cybersecurity.
Participants came from across the industry, including the National Defense, CEOs, and, of course, cybersecurity professionals who have just started their careers.
As we all reflect on our learnings from the jam-packed 3-day conference, we’ve prepared a list of talks you might find interesting to watch:
"Private Until Presumed Guilty" Allison Young, Diane Akerman
Theme: Personal Sensitive Data, Health Data
We’re currently in an age where data privacy is a concern for both businesses and consumers, especially personal health data. This talk focuses on health and lifestyle apps, introducing forensic extraction and reporting tools and how the government may utilize them. The speakers also discuss the different laws that protect, or do not protect, your private health data.
"A Different Uber Post Mortem" Joe Sullivan
Theme: Learnings, Insights, Security Breach Post-Mortem
Ex-Uber CEO, Joe Sullivan, shares his experience with dealing with a breach of Uber’s AWS environment in October 2016. Despite the resulting federal criminal case, he shares unique insights and lessons to be learned from the dynamics between researchers and companies, as well as companies and government.
"Shall we play a game? Just because a Large Language Model speaks like a human..." Dr. Craig Martell
Theme: A.I, National Defense
Dr. Craig Martell delves into the convergence of Artificial Intelligence (AI) and cybersecurity within the context of the United States Department of Defense. He shares insights about balancing agility with accountability, as well as the relationship between the role of hackers and AI in today’s digital battlefield. This talk would interest both technical and managerial professionals.
"Hack the Future: Why Congress and the White House are supporting AI Red Teaming" Austin Carson
Theme: GenAI, Red Teaming, Deployment at scale
GenAI has reshaped the type of data we can create, ranging from images to videos and even audio. This talk delves into how top officials and executives are balancing creativity and entrepreneurship with the known and unknown risks of deployment at scale. Red teaming can democratize education on AI, introducing trust and safety to this emerging technology. The panelists will discuss why it is meaningful for more people across different communities to be exposed to red teaming across multiple AI models.
"Vacuum robot security and privacy - prevent your robot from sucking your data" Dennis Giese
Theme: Security & Privacy, IoT, demo
Security and Privacy are two sides of the same coin, and this talk introduces security and privacy to our everyday IoT devices like the robot vacuum. It includes a demo of hacking these devices and how using a secondhand device may bring risks for both the old and new users.
One fun fact: Dennis Giese’s army of robot vacuum cleaners consists of >45 across various vendors
"LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World" “X”
Theme: LLMs, fuzz testing, open-source
LLMs today are already making an impact on software development. This talk explores how we can use LLM for fuzz testing and security. “X” covers the benefits of LLMs for security work and how this can pave the way to automate tasks done by humans in fuzz testing today. He also introduces FuzzForest, an open-source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs.
Most interestingly, he brings up the topic of if we will be replaced by a SecurityGPT model soon with the rise of ML/AI.
"The Price of Convenience: How Security Vulnerabilities in Global Transportation Pay..." Omer Attias
Theme: Hacking, PII, vulnerability, demo
Through a hacking demo, Omer examines the security risks associated with transportation applications, using Moovit as a case study. Their investigation of the app’s API, including SSL-encrypted data, has uncovered specific vulnerabilities. This includes a demonstration of how a custom user interface can obtain a “free ticket” and cause someone else to pay.
PII is at the heart of what we do at Borneo and we found it interesting that this talk explains how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users of Moovit. The findings offer practical recommendations to improve the security of transportation apps.
Our final thoughts
As expected, AI was a hot topic at the event this year, and many were interested in talks leaning towards it. Despite the risks and vulnerabilities it brings, AI is here to stay and will bring about transformative advantages and use cases in the work of cybersecurity professionals.
Def Con still remains to be an event that many security professionals make a special trip down for, and these thought-provoking talks help to create conversations and spark connections for many attendees. For the full list of talks at Def Con 31, check out this page here, and the list of recorded talks here.
Thank you to the team at Def Con for making this year’s Def Con 31 an enriching one, and we will be looking forward to the next one!
What is Borneo?
Borneo helps security & privacy teams achieve continuous compliance and data protection through accurate & actionable data discovery.
Want to watch Borneo in action? Request a demo here and we will get back to you soonest.
Choose real-time data protection. Choose Borneo.
Manage risk, increase trust, and accelerate innovation across your entire data ecosystem.