LABScon24 Highlights | Examining The Latest in Cybersecurity Trends & Challenges

For the third year in a row, LABScon gathered world-class cyber researchers and threat investigators from 16 countries to share their bleeding-edge intelligence on some of the most pressing issues from across the threat landscape.

From exploring the latest in techniques, exploits, and tooling to uncovering the tracks of today's threat actors, we're looking back on three-days' worth of deep dives and open discourse with the lens focused on how to keep pushing the needle on our adversaries.

While LABScon24 was a premier, invite-only event, we're excited to share several highlights from our time last week in Scottsdale, Arizona. We won't hold out on what we learned, so make sure you follow our ongoing LABScon Replay series where we showcase all of the talk tracks presented from the event in a lead-up to next year's conference.

Keynote Insights | The Consolation of Threat Intel & The Complexities of Ransomware Dynamics

This year's formative speech by SentinelLabs' AVP Juan Andrés Guerrero-Saade highlights the challenges facing the current state of threat intelligence while urging for a critical discussion about its purpose and direction. As we explore a growing sense of disenfranchisement felt by many professionals in the cybersecurity community, there is a lack of meaningful impact, and the growing disconnect within the field. Juan Andrés also emphasized the importance of redefining the value of cyber threat intelligence (CTI) and reinvigorating the industry to make sure that CTI not only meets its intended goals but also empowers its professionals.

#LABScon24 keynote day presentation https://t.co/YKXb6fAYtB

- LABScon (@labscon_io) September 24, 2024

For this year's keynote, Max Smeets offered a thought-provoking presentation on the complexities of today's ransomware dynamics. He outlined the so-called "ransomware paradox," which highlights how ransomware groups are differentiating themselves from traditional advanced persistent threats (APTs).

Max also zeroed in on the need for a cultural shift within the cybersecurity community - one that advocates for a code of ethics specifically concerning the reporting of ransomware incidents. This talk calls for the defense community to continue working together to stop ransomware groups from exploiting our attention for their own personal (and criminal) gains. Check out his upcoming book, Ransom War: How Cyber Crime Became a Threat to National Security, set to release in February 2025, which promises to delve deeper into these issues.

Max Smeets on the ransomware trust paradox #LABScon24@Maxwsmeetspic.twitter.com/IgqMD4oBpw

- LABScon (@labscon_io) September 19, 2024

Real Talks in Real-Time | Opening Up the Discourse on Today's Cybersecurity Hot Topics

At LABScon24, we proudly delivered on what's most important: setting the stage for the community's best and brightest to give real talks in real-time. Here's a snapshot of just a few of the great presentations given at this year's event, with more recordings to be published on the SentinelLabs homepage.

Cyber defense researcher Eugenio Benincasa and Dakota Cary, Sr. Security Advisory Consultant at SentinelOne, explored China's Capture the Flag (CTF) landscape highlighting key competitions and participants, which can provide valuable context for cyber defenders. These insights can help strengthen threat intelligence efforts focused on individuals and groups within China.

Eugenio and Dakota honed in on CTF competitions at universities. "There are multiple 'NCAAs' for hacking in China, organized by multiple ministries" said Cary, drawing a metaphor between these hacking competitions and the intercollegiate athletics administration in the U.S., which oversees all sports including the billion-dollar industries of college football and college basketball.

Their talk concluded by detailing two Chinese hacking competitions with no write ups - one of which may have had student participants attack a real target. You can read more about the Zhujian Cup in this WIRED article.

It's New Year's Eve '23: while you were celebrating, a Chinese university likely used a student hacking contest to conduct cyber ops vs. an unknown target.

More at #LABScon2024. Shoutout to @KimZetter for diving into mine and @DakotaInDC 's researchhttps://t.co/d4YlPRqS6s

- Eugenio Benincasa (@eubenincasa) September 18, 2024

In their presentation on the topic of supply chain-related failures, Alex Matrosov (Founder & CEO of Binarly) and Fabio Pagani (Vulnerability Research Lead, Binarly) discussed the critical firmware supply-chain weaknesses in Secure Boot key management. Their findings revealed how default test keys shipped by vendors could expose systems to significant threats.

Binarly researchers Alex Matrosov and Fabio Pagani with some fresh details on the PKfail supply chain exposure @binarly_io@matrosov@pagabucpic.twitter.com/iE1lY64zie

- LABScon (@labscon_io) September 19, 2024

SentinelLabs' Jim Walter (Senior Threat Researcher) examined recent developments in the Kryptina platform, exploring why it appeals to threat actors and its implications for victims and targeting. Jim also laid out his analysis on the May 2024 Mallox leak, which focused on the modifications and improvements made by current threat actors. A full blog post deep diving into this topic is available here.

Saw this preso from Jim Walter on the @LabsSentinel team at @labscon_io . Wild to see basically a straight cut/copy on the RaaS side.https://t.co/XnmCDxBncs

- Steve Stone (@stonepwn3000) September 23, 2024

Event Specials | It's About Building Community

LABScon is not just about research; it emphasizes the importance of community when it comes down to the hard work of combating cyber threats. Elly Rostoum, Managing Director of the Alperovitch Institute, said it best:

We came for the research, forever changed by the camaraderie #LABScon24@labscon_iohttps://t.co/mtlJknHerGpic.twitter.com/70IbXRTkSL

- Elly Rostoum (@EllyRostoum) September 26, 2024

As part of such a tight-knit group of defenders, it's important to take a few moments to recognize the constant and remarkable efforts dedicated to applying fresh outlooks and solutions while tackling complex problems. SentinelLabs was honored to present Dr. Cristina Cifuentes (Vice President of Oracle's Software Assurance organization) with a Lifetime Achievement Award for leading the charge in solving big issues in the Software Assurance industry. Cristina's passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at the Queensland University of Technology, which led to her being named the Mother of Decompilation for her contributions to this domain.

https://t.co/qPaYKq88MJpic.twitter.com/Y0qTjliRPh

- LABScon (@labscon_io) September 19, 2024

And what's a three-day event without a little (read: a lot) of fun? The guests got to show off their creative flair at our Cyber Crime Gala: Meme Warfare Edition,

Enjoy the rugged beauty that is The Copper State, and

Most importantly, connect with like-minded security leaders and professionals all sharing the same goal of keeping the community safe.

@labscon_io was a blast! Lots of interesting talks, amazing people, and great to learn more about the latest in security research.

And the @dreadnode team represented!#labsconpic.twitter.com/j9s567Al4t

- Rob (@Rob_Mulla) September 21, 2024

Looking Ahead to 2025

Now that LABScon 2024 is all wrapped up, we're already looking forward to what next year has in store. Save the date for LABScon25 (September 17 to 20, 2025) and follow us on X to look out for the next call for papers.

The event, sold out for the third year in a row, was supported by generous sponsorships from Luta Security, Dreadnode, Binarly, Cisco Talos, Aesir Security Consulting, Hidden Layer, Silent Push, The Alperovitch Institute, The Vertex Project, Bishop Fox and Framework. We'd also like to say a sincere thank you to all of the amazing folks who came together to make this event the success that it is. Stay connected with us as we start releasing more insightful presentations from the event and give updates on upcoming talks.

>