Def Con is, without a doubt, a must-attend conference for any security professional in their career. The recently concluded Def Con31 held in August 2023 was no exception.

In a fashion similar to previous years, the venue was packed with enthusiastic professionals, offering a valuable platform for learning and exchanging knowledge on new innovations, vulnerabilities, new attack vectors, and other crucial subjects in the field of cybersecurity.

Participants came from across the industry, including the National Defense, CEOs, and, of course, cybersecurity professionals who have just started their careers.

As we all reflect on our learnings from the jam-packed 3-day conference, we’ve prepared a list of talks you might find interesting to watch:

"Private Until Presumed Guilty" Allison Young, Diane Akerman

https://forum.defcon.org/node/246113

Theme: Personal Sensitive Data, Health Data

We’re currently in an age where data privacy is a concern for both businesses and consumers, especially personal health data. This talk focuses on health and lifestyle apps, introducing forensic extraction and reporting tools and how the government may utilize them. The speakers also discuss the different laws that protect, or do not protect, your private health data.

Watch the talk here!

"A Different Uber Post Mortem" Joe Sullivan

https://forum.defcon.org/node/246141

Theme: Learnings, Insights, Security Breach Post-Mortem

Ex-Uber CEO, Joe Sullivan, shares his experience with dealing with a breach of Uber’s AWS environment in October 2016. Despite the resulting federal criminal case, he shares unique insights and lessons to be learned from the dynamics between researchers and companies, as well as companies and government.

Watch the talk here!

"Shall we play a game? Just because a Large Language Model speaks like a human..." Dr. Craig Martell

https://forum.defcon.org/node/247092

Theme: A.I, National Defense

Dr. Craig Martell delves into the convergence of Artificial Intelligence (AI) and cybersecurity within the context of the United States Department of Defense. He shares insights about balancing agility with accountability, as well as the relationship between the role of hackers and AI in today’s digital battlefield. This talk would interest both technical and managerial professionals.

Watch the talk here!

"Hack the Future: Why Congress and the White House are supporting AI Red Teaming" Austin Carson

https://forum.defcon.org/node/246105

Theme: GenAI, Red Teaming, Deployment at scale

GenAI has reshaped the type of data we can create, ranging from images to videos and even audio. This talk delves into how top officials and executives are balancing creativity and entrepreneurship with the known and unknown risks of deployment at scale. Red teaming can democratize education on AI, introducing trust and safety to this emerging technology. The panelists will discuss why it is meaningful for more people across different communities to be exposed to red teaming across multiple AI models.

Watch the talk here!

"Vacuum robot security and privacy - prevent your robot from sucking your data" Dennis Giese

https://forum.defcon.org/node/245765

Theme: Security & Privacy, IoT, demo

Security and Privacy are two sides of the same coin, and this talk introduces security and privacy to our everyday IoT devices like the robot vacuum. It includes a demo of hacking these devices and how using a secondhand device may bring risks for both the old and new users.

One fun fact: Dennis Giese’s army of robot vacuum cleaners consists of >45 across various vendors

Watch the talk here!

"LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World" “X”

https://forum.defcon.org/node/245769

Theme: LLMs, fuzz testing, open-source

LLMs today are already making an impact on software development. This talk explores how we can use LLM for fuzz testing and security. “X” covers the benefits of LLMs for security work and how this can pave the way to automate tasks done by humans in fuzz testing today. He also introduces FuzzForest, an open-source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs.

Most interestingly, he brings up the topic of if we will be replaced by a SecurityGPT model soon with the rise of ML/AI.

Watch the talk here!

"The Price of Convenience: How Security Vulnerabilities in Global Transportation Pay..." Omer Attias

https://forum.defcon.org/node/246125

Theme: Hacking, PII, vulnerability, demo

Through a hacking demo, Omer examines the security risks associated with transportation applications, using Moovit as a case study. Their investigation of the app’s API, including SSL-encrypted data, has uncovered specific vulnerabilities. This includes a demonstration of how a custom user interface can obtain a “free ticket” and cause someone else to pay.

PII is at the heart of what we do at Borneo and we found it interesting that this talk explains how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users of Moovit. The findings offer practical recommendations to improve the security of transportation apps.

Watch the talk here!

Our final thoughts

As expected, AI was a hot topic at the event this year, and many were interested in talks leaning towards it. Despite the risks and vulnerabilities it brings, AI is here to stay and will bring about transformative advantages and use cases in the work of cybersecurity professionals.

Def Con still remains to be an event that many security professionals make a special trip down for, and these thought-provoking talks help to create conversations and spark connections for many attendees. For the full list of talks at Def Con 31, check out this page here, and the list of recorded talks here.

Thank you to the team at Def Con for making this year’s Def Con 31 an enriching one, and we will be looking forward to the next one!

---

What is Borneo?

Borneo helps security & privacy teams achieve continuous compliance and data protection through accurate & actionable data discovery.

Want to watch Borneo in action? Request a demo here and we will get back to you soonest.