We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30.
This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”.
Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, with the shared goal of creating a safer and more secure world for all.
For those unable to attend in-person sessions will be available to view on demand in the weeks following the conference.
Please note that session times and order are still subject to change. The final schedule will be published and provided to attendees in advance of the conference.
Day 1, Tuesday, October 29, 2024 | |
---|---|
Keynote: Chris Wysopal (Weld Pond)
Co-founder & Chief Security Evangelist, Veracode |
|
Track A: Cloud & Identity Security | Track B: OS & App Security |
The two sides of UnOAuthorized Presented by Eric Woodruff from Semperis and Cameron Vincent from Microsoft | DCOM Research for Everyone! Presented by James Forshaw from Google |
Tokens & Takeovers: Cloud-Powered Supply Chain Attacks Presented by Nitesh Surana from Trend Micro and Gaurav Mathur from Microsoft | Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021 & CVE-2024-38173 Presented by Michael Gorelik from Morphisec |
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Presented by Cymulate | Pointer Problems – Why We’re Refactoring the Windows Kernel Presented by Joe Bialek from Microsoft |
Lightning Talks | |
World of Scams - A systematic analysis of online scams using the Scam Tactics and Techniques Framework Presented by Amit Tambe from F-Secure | |
A Security Engineer’s Journey: Creating a Developer-Friendly Security Tool Presented by Susan Krkasharian from Microsoft | |
My Best Frenemy: A Synergy Between Red Team and Blue Team in Oracle's SaaS Security Presented by Svetlana Gaivoronski and David B. Cross from Oracle | |
Lessons Learned: Scaling Out Securing Open Source Presented by Zachary Steindler from Microsoft | |
Entitlements on macOS and why they matter Presented by Yves Younan from Cisco Talos | |
Creating a Transparent Cloud Industry Presented by Justin T Mourfield and Sesha Machiraju from Microsoft | How Microsoft is Scaling DAST Presented by Jason Geffner from Microsoft |
Echoes of Intrusion: Demystifying MS Graph API Attacks Presented by Miriam Wiesner from Microsoft | When the Levee Breaks: Exposing Critical Flaws in Wi-Fi Camera Ecosystems Presented by Mark Mager and Eric Forte from Elastic |
Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves Presented by Nestori Syynimaa from Microsoft | Sweet QuaDreams or Nightmare Before Christmas? Dissecting an iOS 0-day Presented by Christine Fossaceca from Microsoft and Bill Marczak from Citizen Lab |
Day 2, Wednesday, October 30, 2024 | |
---|---|
Keynote: Amanda Silver
CVP & Head of Product, Developer Division, Microsoft |
|
Track C: Threat Hunting & Intel | Threat D: AI & ML Security |
Patterns in the Shadows: Scaling Threat Hunting and Intelligence for Modern Adversaries Presented by Mark Parsons and Colin Cowie from Sophos | Lessons Learned from Red Teaming 100 Generative AI Applications Presented by Ram Shankar Siva Kumar and Blake Bullwinkel from Microsoft |
Scaling AppSec With an SDL for Citizen Development Presented by Michael Bargury from Zenity/OWASP and Don Willits from Microsoft | Isolation or Hallucination? Hacking AI Infrastructure Providers for Fun and Weights Presented by Hillai Ben-Sasson and Sagi Tzadik from Wiz |
Embedding Sysmon Logs for Enhanced Threat Detection: A Practical Approach to Using RAG in Cybersecurity Presented by Jose Rodriguez from George Mason University | Breaking LLM Applications - Advances in Prompt Injection Exploitation Presented by Johann Rehberger from embracethered.com |
Lightning Talks | |
Getting "In Tune" with an Enterprise: Detecting Microsoft Intune Lateral Movement Presented by Brett Hawkins from IBM | |
AI's got Muffins- the RAG-a-muffins!!! Presented by Vivek Vinod Sharma from Microsoft | |
Ransomware Resilience: Turning the Tide Against Cyber Extortion Presented by Tom Williams from True Zero Technologies | |
SafeChatAI: Enhancing Cybersecurity Awareness Using Artificial Intelligence Presented by Ayobami Olatunji from Microsoft | |
Firmware Security: The Middle Child of Security Presented by Nithin Sade from Google | |
Three Decades of Network Security Evolution Presented by Vern Paxson from Corelight | PyRIT: From LLM Security Research to Practical Attacks Presented by Richard Lundeen from Microsoft |
MSTIC Ghost Stories - A Threat Intelligence Year in Review Presented by Rachel Giacobozzi from Microsoft | SLIP: Securing LLMs IP Using Weights Decomposition Presented by Adam Hakim from Microsoft |
Minting Silver Bullets is Challenging Presented by Josh Brown-White from Microsoft | Automate AI Red Teaming in your existing tool chain with PyRIT Presented by Joris de Gruyter and Shiven Chawla from Microsoft |
To join the conversation and follow along with BlueHat 2024 please follow us on X/Twitter @MSFTBlueHat and on LinkedIn at aka.ms/MSRC-LinkedIn
Looking forward to seeing you all at BlueHat!
Nic Fillingham, BlueHat Program Manager