<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">
RL Blog

Buckle up for Black Hat 2022: Sessions your security team should not miss

Carolynn van Arsdale
Blog Author

Carolynn van Arsdale, Writer, ReversingLabs.


Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss. 

Just because cybersecurity’s biggest conferences halted their productions these past two years, cybersecurity itself did not take a backseat. Continued advancements in the industry, plus non-stop cybercriminal activity have left the community with much to discuss as we reflect on the events that have unfolded since the start of the pandemic (think SolarWinds, Colonial Pipeline, and Log4j … just to name a few). 

After two years of cancellations and a halting return, Black Hat USA 2022 is set to return to Las Vegas next week in something close to its former glory. And with two years of pent up cybersecurity research and discoveries, there’s lots to look forward to. 

To help you plan your itinerary, we’ve compiled the Black Hat sessions we’re eager to attend, broken down by category.  


Chris Krebs: Black Hat at 25: Where Do We Go From Here?

Thursday at 9:00am

Since being unceremoniously sacked by then-President Trump for confirming that the 2020 presidential election was free of hacking incidents or tampering, Chris Krebs has been on the front lines helping private sector firms address their cyber risks, as a Founding Partner of Krebs Stamos Group (with former Facebook CISO Alex Stamos).

Krebs’ unique perspective as the Federal Government’s former top expert on cybersecurity and a highly valued private sector consultant makes his Black Hat keynote this year a “must see” event. In this talk, Krebs will reflect on where the InfoSec community stands today after convening in the desert for 25 years. His thoughts on where we stand? Not good. Krebs will outline how the industry needs to both shift its mindset and actions in order to take on the next 25 years of InfoSec. 

Kim Zetter: Pre-Stuxnet, Post-Stuxnet: everything Has Changed, Nothing Has Changed

Thursday at 9:00am

In the “deep perspective” category, Thursday’s keynote by award winning investigative cybersecurity journalist Kim Zetter is another “must see” event at Black Hat. Zetter has covered cybersecurity and national security since 1999, writing for WIRED, Politico, PC World and other publications. She is the author of Countdown to Zero Day, the definitive account of the creation of the Stuxnet malware, which was deployed against Iran. 

Zetter’s talk will focus on cyberattacks on critical infrastructure (CI) dating back to Stuxnet in 2010. Despite all of the changes in cybersecurity since Stuxnet was discovered, Zetter argues that nothing has really changed: continuous attacks on CI come as a surprise when the community should have seen these attacks coming. In this talk, Zetter will argue that attacks like Colonial Pipeline were foreseeable, and that the future’s attacks will be no different. 


With a kinetic war ravaging cities and towns in Ukraine, the specter of cyberwar has taken a back seat. But behind the scenes, offensive cyber operations have played a pivotal role in Russia’s war on Ukraine, since long before Russian troops rolled across the border this past February. This year’s Black Hat has a number of interesting talks delving into the cyber aspects of the Ukraine conflict. They include: 

Industroyer2: Sandworms Cyberwarfare Targets Ukraine’s Power Grid Again

Wednesday at 10:20am

ESET’s Robert Lipovsky and Anton Cherepanov take us on a tour of the multiple forms of cyberwarfare that have taken place throughout Russia’s military operations against Ukraine, dating back to 2016 with the launch of the original Industroyer malware. Recently, a new version of the malware was discovered, known as Industroyer2, with the same goal of triggering electricity blackouts. In this talk, the ESET researchers will give a technical overview of this new malware, as well as the several other wiper malwares they discovered impacting Ukraine this past year.

Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine

Wednesday at 3:20pm

Experts have been in agreement that cyber is a new threat of operation in military conflicts, but have disagreed on what form an actual cyberwar might take. Russia’s war on Ukraine is putting much of that debate to rest. In this talk, SentinelOne’s Juan Andres Guerrero-Saade and Tom Hegel will give an overview of what cyberwarfare really is, versus what society’s collective assumptions are about the role of cyber in modern warfare.

They will specifically discuss the strains of wiper malware that have impacted Ukraine in 2022, considering that nation-state wiper malware prior to Russia’s war on Ukraine was rare. This discussion of various strains of wiper malware will help to show what we can realistically expect from cyberwarfare in the modern era. 

Securing open source and the software supply chain

The security of software supply chains and development organizations is another dominant theme at this year’s Black Hat Briefings, with a slew of talks addressing various aspects of supply chain risk and attacks (check out our analysis of the supply chain thread at Black Hat here). If you’re interested in learning more about how malicious actors may target your organization by exploiting weaknesses in your software supply chain, here are some talks to consider: 

Don't get owned by your dependencies: how FireFox uses in-process sandboxing to protect itself from exploitable libraries (and you can too!)

Thursday at 2:30pm

PhD Student Shravan Narayan and Research Scientist Tal Garfinkel of UC San Diego’s Black Hat talk will focus on the threat of memory safety vulnerabilities in third party C libraries, which are a major source of zero-day attacks in today’s applications. Their research team has been using Firefox to test sandbox capabilities that could mitigate this threat, which led them to create RLBox: an open source language level framework. Their presentation will discuss how they came up with this tool, and how it can be applied to other applications.  

Scaling the security researcher to eliminate OSS vulnerabilities once and for all

Thursday at 3:20pm

Moderne Inc.’s Patrick Way, plus HUMAN Security’s Jonathan Leitschuh and Shyam Mehta will present their talk on how to manage open source software (OSS) in a way that best leverages researchers’ time, knowledge, and resources. The solution they propose is bulk pull request generation, which they will demonstrate on several real-world OSS projects during their presentation. Their goal is to fix vulnerabilities on a large, reasonable scale. 

Controlling the source: abusing source code management systems

Thursday at 3:20pm

Brett Hawkins, a Red Team Operator a part of IBM X-Force Red’s Adversary Simulation will discuss an overlooked, widely-used system that threat actors can exploit to carry out software supply chain attacks: Source Code Management (SCM) systems. His presentation will demonstrate how popular SCM systems can be easily exploited by attackers. Brett will also share an open source tool and defensive guidance that can be used to mitigate this threat. 

Threat hunting

It wouldn’t be Black Hat without discussions of vulnerabilities, threats, attacks and cyber defense. And this year’s show doesn’t disappoint. One clear theme in the schedule of talks is the growing prominence of “right of boom” tools and approaches in the cybersecurity community. A number of talks delve into new approaches to improve the quality of incident response and threat hunting. They include:  

The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting

Wednesday at 2:30pm

The definition of threat hunting, and the practical application of it, varies across industries and technologies, making it difficult to start a threat hunting program from scratch that works best for your organization. But, too often, threat hunting floats above the security “poverty line” — inaccessible to organizations without sizable information security budgets and teams.

In this presentation, John Dwyer, Neil Wyler, and Sameer Koranne of IBM Security X-Force will share a new, free threat hunting framework. The team’s hope is that this framework will help to detect incidents that can be prevented by a reliable threat hunting program. 

No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook To Develop a Shared Narrative of Major Cyber Incidents

Wednesday at 3:20pm

Do the stories we tell ourselves (and others) about cyber incidents affect our ability to respond to them? Of course they do! In fact, developing a shared understanding of cyber incidents is critical to making sure they don’t happen again. Fortunately, we can look to other industries for the best way to do this.

In this talk, Victoria Ontiveros, a Researcher at Harvard Kennedy School talks about the findings of a report by Harvard’s Belfer Center that looks at how the aviation industry draws lessons from aviation incidents, and applies these lessons to cybersecurity incidents. This allowed her team and Tarah Wheeler, CEO of Red Queen Dynamics, Inc to create the Major Cyber Incident Investigations Playbook. In this talk, Ontiveros and Wheeler will be presenting this playbook, which is meant to make cyber incident investigations more actionable among the industry. 

A New Trend for the Blue Team — Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware

Wednesday at 4:20pm

Blue Teams have it rough. Constrained by time, staffing and budget, they need to choose carefully when deciding which threats to investigate and how best to direct their reverse engineering talent against suspected malware or ransomware binaries, while also navigating efforts by malicious actors to misdirect or even attack them.

In this talk, TXOne Networks Inc.’s Sheng-Hao Ma, Mars Cheng, and Hank Chen will highlight the efforts of actual Blue Teams and share a new tool for the Blue Team known as the Practical Symbolic Engine, which they argue offers the best threat hunting techniques in a fully static situation. 

Come say hello to ReversingLabs at the show

The ReversingLabs team will be at Black Hat 2022. Stop at booth 2460 to chat with us. Our team will be giving out demos, presentations, plus limited-edition schwag. See you there!

Keep learning

Keep learning

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

More Blog Posts