This is the second installment of the ‘Best Sessions from BSides SF 2024’ blog that was posted earlier <link to the first blog>. The conference provides access to cutting-edge insights, trends, and innovations in the field, essential for staying ahead in an ever-evolving landscape of cyber threats. The diverse range of sessions, workshops, and keynotes cover a broad spectrum of topics, ensuring attendees gain comprehensive knowledge and expertise.
For the first time the security conference introduced an integrated circuit electronic badge like DEFCON in which there is cipher, puzzle, game, or something to hack on the badge. The BSides badge had a four-line LED screen, joysticks and was powered by a battery or USB-C connector. The puzzle on the badge could be solved with clues and each badge had one pre-installed clue. Attendees were encouraged to connect their badges with other attendees to exchange clues to solve the puzzle. A smart idea to entertain and have people socialize with each other.
My impression and summary of the research sessions from Day 2 is below. I found the conference sessions most interesting as they were a mix of various topics like Privacy & Governance, AI, Security @ Scale, Detection & Response, Security leadership and others. The link to the slides and recording will be available on the BSides SF website soon so please checking here.
Presenters: Shay Berkovich, Oren Ofer
Kubernetes is the most popular container orchestration platform used to automate the deployment, scaling, and management of containerized applications. It's the cornerstone of modern cloud-native infrastructure, enabling efficient resource utilization and seamless application scaling across diverse environments. The presenters detailed recent attacks on Kubernetes infrastructure and touched on cluster event sources, assess cluster-cloud interfaces, and suggested many useful rules for an efficient and high -coverage detection solution.
Presenters: Anthony Scheller, Jorge Gomez
IAM policy maintenance is challenging due to complex, dynamic environments, and the need for granular access control, often leading to human error and compliance concerns. With more than 5000 individual permission that can be accessed to users, groups and roles in the cloud, security assessment becomes very tricky. This presentation proposes AI Identity Management (AiIAM) with a promise to simplify the principle of least privilege leveraging LLMs to automate AWS IAM policy generation. By empowering developers and following a democratized AWS IAM strategy this proposal aims to automate manual security reviews.
Conductor: Tal Folkman, Guy Nachshon
I could not attend this workshop because it was full, but the topic was very timely. The conductors guided participants in creating a covert trojan within code completion models. It taught how to inject a backdoor discreetly and then explored detection techniques for the same. Workshops are hands-on and in this one, attends gained experience crafting and identifying hidden threats, unveiling the underbelly of trusted coding.
Presenter: Dave Johnson
This proposal explored LLM based threat detection engineering by using RAG, fine-tuning and prompt-chaining. RAG is a model architecture that combines the capabilities of both retrieval-based and generative models. It integrates a retriever component to fetch relevant information from a large knowledge source and a generator component to produce a response based on the retrieved information. Fine-tuning refers to the process of taking a pre-trained machine learning model and further training it on a specific task or domain with new data. Prompt-chaining is a strategy used in language model-based approaches, where multiple prompts are sequentially chained together to generate a coherent piece of text.
Presenter: Amol Sarwate
This presentation proposes a multi-layered data backup defense with prevention, detection, analytics and ultimately threat hunting strategies for your backup data. Based on the MITRE ATT&CK, the presentation proposed a simplified four step ransomware lifecycle and explored strategies that data security departments can adopt in each ransomware attack phase. The four phases were pre-attack, dormant, detonation, and recovery. Techniques like backup honeypots, IOAs, IOCs, deduplication, entropy, and threat hunting were discussed. The big takeaway was the emphasis on using multiple techniques for each phase and not relying on just one technique.
Presenter: Arjun Chakraborty
Access to realistic cybersecurity data is difficult to procure and expensive to simulate. Synthetic data generation has seen great advances with LLMs over the last year. This proposal explores if ML based detection methods can be used to generate realistic faux data. The presenter detailed methodologies and the results of his experiments in this area.
Presenter: Dwayne McDaniel
Short-lived credentials are better than long-lived ones because they reduce security risks by limiting exposure, enabling easier revocation, and enhancing compliance adherence. But automatic rotation of secrets, such as passwords or API keys, poses a threat of potential service disruption if done incorrectly. This presentation embraces a future of proper secrets management and auto-rotating secrets in which the presenter proposed techniques for solving this issue.
After two days of intense research sessions and exchanging ideas with peers my insights and impressions from the conference are below:
The most resonating call for action from the conference was to have a companywide AI strategy. This includes strategies to use AI-based security defenses and also strategies to protect from risks posed by AI. Introduction of new technology paradigm has always had a double-edged impact and a monumental shift like AI is bound to make waves in security.
Want to learn more about how Veritas helps our customers be cyber resilient? Tune in to our virtual broadcast, where we share our latest advances in AI-Powered Cyber Resilience and what they mean for you. Or subscribe to the Veritas Cybersecurity Newsletter on LinkedIn for the latest on enterprise-grade cyber resilience.