This week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is available for the presentation but talk of the recent no-confidence vote against Prime Minister Michel Barnier’s government and a Euro1 billion cybercrime combat program to enhance healthcare system cybersecurity might be expected to feature in the conference’s opening keynote. Researchers at Technion and Intuit are due to talk about PromptWares, an emerging risk to agent-based gen AI applications, such as chatbots and assistants.Using PromptWares, it’s possible to run attacks ranging from crashing a gen AI application to tricking an e-commerce chatbot into providing discounts to customers.These hacks are due to be presented in a talk titled “The Double (AI) Agent: Flipping a GenAI Agent Behavior from Serving an Application to Attacking it using PromptWares.”A later talk will explore advanced prompt injection exploits targeting widely used large language model (LLM) applications, such as Microsoft Copilot, GitHub Copilot Chat, Anthropic Claude, and others.The presentation, by red team cybersecurity firm Embracethered.com, will cover exploiting tool integration to escalate privileges, extract sensitive data, or modify system configurations. Manipulating LLM memory for long-term control and persistence are also on the agenda for the presentation, entitled “SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications.”The talk is not purely offensive. Embracethered.com is due to outline suggested mitigations and a summary of what vendors are doing to address these various vulnerabilities in LLM applications.Another presentation, “LLMbotomy: Shutting the Trojan Backdoors,” looks beyond input-based attacks such as prompt injection. Researchers from cybersecurity vendor Sophos will show how malicious modifications inserted during the training lifecycle and triggered by specific inputs might be used to attack LLM-based systems.These trojan backdoors might be introduced either through malicious intent or inadvertently through data poisoning.The presentation is due to culminate with an explanation about potential countermeasures.
Mastering AI
While the technology is not without its risks, AI systems also offer the potential to enhance productivity by automating routine cybersecurity tasks.A presentation on Thursday will outline how ING Bank has infused AI-based technologies in applications such as vulnerability management, secret leakage prevention, identity and access management, and data leakage prevention.”The shift towards AI-based approaches was not just about automating tasks but about enhancing the quality of security decisions, removing unnecessary access, reducing false positives, and optimising the workload for Security Operations Centre (SOC) teams,” a synopsis of the talk explains.For example, by coupling vulnerability data with its alerts using AI-based technologies the bank was able to significantly reduce the number of false positives its operation centre staff were facing.The talk, entitled “Infusing AI in Cybersecurity: The Times They Are AI-Changin’,” promises to offer other organisations tips on best practices and methodologies in rolling out AI-based technologies within their own businesses.
Dive deeper
The best of more established strands of security research will also be highlighted during Black Hat Europe. Celebrated application security hacker Orange Tsai will put the spotlight onto the “Best Fit” feature in Windows.This long established “Best Fit” character conversion technology can be abused to bypass security mechanisms, remount argument injection, and, in certain scenarios, achieve arbitrary code execution, Tsai has discovered.Various applications and open-source projects, including Microsoft Office, cURL, PHP, and Windows, executables are at risk from the novel attack vector.The presentation, “WorstFit: Unveiling Hidden Transformers in Windows ANSI!”, will offer coding advice and tips for potential mitigations.Another talk will offer an attack against RADIUS, the de facto standard protocol for authentication, authorization, and accounting for networked devices.The hack allows a man-in-the-middle attacker to authenticate themselves to a device using RADIUS. Only deployments using the EAP authentication method or the not-yet-standardized RADIUS over TLS are unaffected, according to cryptographer Miro Heller, the PhD student behind the research.DNSSec, the security extension to the DNS lookup protocol, is deployed across a third of internet systems. Security researchers will outline how a cryptographic attack against any DNSSEC-validating DNS resolver would have caused systems to hang.Researchers at Goethe-Universität Frankfurt will explain how the internet “dodged a bullet” from the so-called KeyTrap denial of service attack.The long-feared possibility that sufficiently powerful quantum computers might break traditional encryption methods edged slightly closer this year.A talk by Cavero Quantum looks at how researchers are looking towards “redefining the origin of secrecy in a post-quantum world” by “leveraging the properties of finite randomness.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3621403/black-hat-europe-preview-cryptographic-protocol-attacks-and-ai-in-the-spotlight.html
