34 sessions from 54 presenters representing 20 organizations!
来自 20 个组织的 54 位演讲者进行了 34 场演讲!
We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30.
第 23 届 BlueHat 安全大会将于 10 月 29 日至 30 日在华盛顿州雷德蒙德举行,我们非常高兴地公布演讲者阵容和演讲内容。
This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”.
今年的会议延续了 BlueHat 的精神和安全未来倡议 "安全高于一切 "的使命。
Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, with the shared goal of creating a safer and more secure world for all.
来自微软内外的安全研究人员和响应者将齐聚华盛顿州雷德蒙德的微软园区,分享、辩论和相互挑战,共同目标是为所有人创造一个更安全、更有保障的世界。
For those unable to attend in-person sessions will be available to view on demand in the weeks following the conference.
无法亲临现场的与会者可在会后几周内点播会议内容。
Please note that session times and order are still subject to change. The final schedule will be published and provided to attendees in advance of the conference.
请注意,会议时间和顺序可能会有变动。最终日程安排将在会议召开前公布并提供给与会者。
| Day 1, Tuesday, October 29, 2024 第 1 天,2024 年 10 月 29 日星期二 |
|
|---|---|
| Keynote: Chris Wysopal (Weld Pond) 主题演讲:Chris Wysopal(维尔德池塘) Co-founder & Chief Security Evangelist, Veracode Veracode 联合创始人兼首席安全布道者 |
|
| Track A: Cloud & Identity Security A 轨道:云与身份安全 |
Track B: OS & App Security 轨道 B:操作系统和应用程序安全 |
| The two sides of UnOAuthorized Presented by Eric Woodruff from Semperis and Cameron Vincent from Microsoft UnOAuthorized 的两面性 由 Semperis 的 Eric Woodruff 和微软的 Cameron Vincent 介绍 |
DCOM Research for Everyone! Presented by James Forshaw from Google 面向所有人的 DCOM 研究!由来自谷歌的 James Forshaw 主讲 |
| Tokens & Takeovers: Cloud-Powered Supply Chain Attacks Presented by Nitesh Surana from Trend Micro and Gaurav Mathur from Microsoft 代币与接管:云驱动的供应链攻击趋势科技的 Nitesh Surana 和微软的 Gaurav Mathur 主讲 |
Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021 & CVE-2024-38173 Presented by Michael Gorelik from Morphisec Outlook 释放 RCE 混乱 CVE-2024-30103 & CVE-2024-38021 & CVE-2024-38173 由来自 Morphisec 的 Michael Gorelik 主讲 |
| Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Presented by Cymulate 双重间谍:利用 Azure AD 中的直通式身份验证凭证验证 Cymulate 主讲 |
Pointer Problems – Why We’re Refactoring the Windows Kernel Presented by Joe Bialek from Microsoft 指针问题--我们为什么要重构 Windows 内核 微软公司 Joe Bialek 主讲 |
| Lightning Talks 闪电讲座 | |
| World of Scams - A systematic analysis of online scams using the Scam Tactics and Techniques Framework Presented by Amit Tambe from F-Secure 诈骗世界 - 利用诈骗战术和技巧框架对在线诈骗进行系统分析 F-Secure 的 Amit Tambe 介绍 |
|
| A Security Engineer’s Journey: Creating a Developer-Friendly Security Tool Presented by Susan Krkasharian from Microsoft 安全工程师的旅程:创建开发人员友好型安全工具 微软公司的 Susan Krkasharian 主讲 |
|
| My Best Frenemy: A Synergy Between Red Team and Blue Team in Oracle's SaaS Security Presented by Svetlana Gaivoronski and David B. Cross from Oracle 我最好的敌人:甲骨文 SaaS 安全中红队和蓝队之间的协同作用 由甲骨文公司的 Svetlana Gaivoronski 和 David B. Cross 主讲 |
|
| Lessons Learned: Scaling Out Securing Open Source Presented by Zachary Steindler from Microsoft 经验教训:微软的 Zachary Steindler 发表演讲 |
|
| Entitlements on macOS and why they matter Presented by Yves Younan from Cisco Talos MacOS 上的权限及其重要性 由 Cisco Talos 的 Yves Younan 主讲 |
|
| Creating a Transparent Cloud Industry Presented by Justin T Mourfield and Sesha Machiraju from Microsoft 创建透明的云产业 微软公司的 Justin T Mourfield 和 Sesha Machiraju 主讲 |
How Microsoft is Scaling DAST Presented by Jason Geffner from Microsoft 微软如何扩展 DAST 由来自微软的 Jason Geffner 介绍 |
| Echoes of Intrusion: Demystifying MS Graph API Attacks Presented by Miriam Wiesner from Microsoft 入侵的回声:揭开微软图形 API 攻击的神秘面纱 由微软的 Miriam Wiesner 主讲 |
When the Levee Breaks: Exposing Critical Flaws in Wi-Fi Camera Ecosystems Presented by Mark Mager and Eric Forte from Elastic 当堤坝崩溃时:揭露 Wi-Fi 摄像头生态系统中的关键漏洞 由来自 Elastic 的 Mark Mager 和 Eric Forte 主讲 |
| Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves Presented by Nestori Syynimaa from Microsoft 停用 Azure AD Graph API 很容易,以及我们告诉自己的其他谎言 由来自 Microsoft 的 Nestori Syynimaa 主讲 |
Sweet QuaDreams or Nightmare Before Christmas? Dissecting an iOS 0-day Presented by Christine Fossaceca from Microsoft and Bill Marczak from Citizen Lab 甜蜜的 QuaDreams 还是圣诞节前的噩梦?剖析 iOS 0-day,由微软的 Christine Fossaceca 和 Citizen Lab 的 Bill Marczak 主讲 |
| Day 2, Wednesday, October 30, 2024 第 2 天,2024 年 10 月 30 日星期三 |
|
|---|---|
| Keynote: Amanda Silver 主题演讲:阿曼达-席尔瓦
CVP & Head of Product, Developer Division, Microsoft 微软开发者部门首席副总裁兼产品总监 |
|
| Track C: Threat Hunting & Intel 轨道 C:威胁猎取与情报 |
Threat D: AI & ML Security 威胁 D:人工智能和 ML 安全 |
| Patterns in the Shadows: Scaling Threat Hunting and Intelligence for Modern Adversaries Presented by Mark Parsons and Colin Cowie from Sophos 阴影中的模式:针对现代对手的威胁猎捕和情报扩展 Sophos 的 Mark Parsons 和 Colin Cowie 主讲 |
Lessons Learned from Red Teaming 100 Generative AI Applications Presented by Ram Shankar Siva Kumar and Blake Bullwinkel from Microsoft 来自微软的 Ram Shankar Siva Kumar 和 Blake Bullwinkel 介绍从 Red Teaming 100 个生成式人工智能应用中汲取的经验教训 |
| Scaling AppSec With an SDL for Citizen Development Presented by Michael Bargury from Zenity/OWASP and Don Willits from Microsoft 使用面向公民开发的 SDL 扩展 AppSec 由 Zenity/OWASP 的 Michael Bargury 和 Microsoft 的 Don Willits 主讲 |
Isolation or Hallucination? Hacking AI Infrastructure Providers for Fun and Weights Presented by Hillai Ben-Sasson and Sagi Tzadik from Wiz 隔离还是幻觉?黑客攻击人工智能基础设施提供商的乐趣和权重 来自 Wiz 的 Hillai Ben-Sasson 和 Sagi Tzadik 主讲 |
| Embedding Sysmon Logs for Enhanced Threat Detection: A Practical Approach to Using RAG in Cybersecurity Presented by Jose Rodriguez from George Mason University 嵌入 Sysmon 日志以增强威胁检测:在网络安全中使用 RAG 的实用方法 来自乔治梅森大学的 Jose Rodriguez 主讲 |
Breaking LLM Applications - Advances in Prompt Injection Exploitation Presented by Johann Rehberger from embracethered.com 打破 LLM 应用程序 - 即时注入漏洞利用的进展,由 embracethered.com 的 Johann Rehberger 主讲 |
| Lightning Talks 闪电讲座 | |
| Getting "In Tune" with an Enterprise: Detecting Microsoft Intune Lateral Movement Presented by Brett Hawkins from IBM 与企业 "保持一致":检测 Microsoft Intune 的横向移动 由来自 IBM 的 Brett Hawkins 主讲 |
|
| AI's got Muffins- the RAG-a-muffins!!! Presented by Vivek Vinod Sharma from Microsoft AI's got Muffins- the RAG-a-muffins!..!由微软公司的 Vivek Vinod Sharma 主讲 |
|
| Ransomware Resilience: Turning the Tide Against Cyber Extortion Presented by Tom Williams from True Zero Technologies 勒索软件的复原力:扭转网络勒索的趋势 True Zero Technologies 的 Tom Williams 主讲 |
|
| SafeChatAI: Enhancing Cybersecurity Awareness Using Artificial Intelligence Presented by Ayobami Olatunji from Microsoft SafeChatAI:利用人工智能提高网络安全意识,微软 Ayobami Olatunji 主讲 |
|
| Firmware Security: The Middle Child of Security Presented by Nithin Sade from Google 固件安全:固件安全:安全的 "中流砥柱" 演讲人:来自 Google 的 Nithin Sade |
|
| Three Decades of Network Security Evolution Presented by Vern Paxson from Corelight 来自 Corelight 的 Vern Paxson 讲述网络安全三十年的发展历程 |
PyRIT: From LLM Security Research to Practical Attacks Presented by Richard Lundeen from Microsoft PyRIT:从 LLM 安全研究到实际攻击 微软公司的 Richard Lundeen 主讲 |
| MSTIC Ghost Stories - A Threat Intelligence Year in Review Presented by Rachel Giacobozzi from Microsoft 微软公司 Rachel Giacobozzi 介绍的 MSTIC 鬼故事 - 威胁情报年度回顾 |
SLIP: Securing LLMs IP Using Weights Decomposition Presented by Adam Hakim from Microsoft SLIP:使用权重分解确保 LLMs IP 安全 微软公司的 Adam Hakim 主讲 |
| Minting Silver Bullets is Challenging Presented by Josh Brown-White from Microsoft 铸造银弹是一项挑战 微软公司 Josh Brown-White 发言 |
Automate AI Red Teaming in your existing tool chain with PyRIT Presented by Joris de Gruyter and Shiven Chawla from Microsoft 利用 PyRIT 在现有工具链中实现人工智能 Red Teaming 自动化 微软公司的 Joris de Gruyter 和 Shiven Chawla 主讲 |
To join the conversation and follow along with BlueHat 2024 please follow us on X/Twitter @MSFTBlueHat and on LinkedIn at aka.ms/MSRC-LinkedIn
要加入对话并关注 BlueHat 2024,请在 X/Twitter @MSFTBlueHat 和 LinkedIn aka.ms/MSRC-LinkedIn 上关注我们。
Looking forward to seeing you all at BlueHat!
期待在 BlueHat 见到大家!
Nic Fillingham, BlueHat Program Manager
蓝帽子项目经理 Nic Fillingham