Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight – Source: www.csoonline.com

This week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.

The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is available for the presentation but talk of the recent no-confidence vote against Prime Minister Michel Barnier’s government and a €1 billion cybercrime combat program to enhance healthcare system cybersecurity might be expected to feature in the conference’s opening keynote.

AI system hacking

Researchers at Technion and Intuit are due to talk about PromptWares, an emerging risk to agent-based gen AI applications, such as chatbots and assistants.

The presentation, by red team cybersecurity firm Embracethered.com, will cover exploiting tool integration to escalate privileges, extract sensitive data, or modify system configurations. Manipulating LLM memory for long-term control and persistence are also on the agenda for the presentation, entitled “SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications.”

The talk is not purely offensive. Embracethered.com is due to outline suggested mitigations and a summary of what vendors are doing to address these various vulnerabilities in LLM applications.

Another presentation, “LLMbotomy: Shutting the Trojan Backdoors,” looks beyond input-based attacks such as prompt injection. Researchers from cybersecurity vendor Sophos will show how malicious modifications inserted during the training lifecycle and triggered by specific inputs might be used to attack LLM-based systems.

A presentation on Thursday will outline how ING Bank has infused AI-based technologies in applications such as vulnerability management, secret leakage prevention, identity and access management, and data leakage prevention.

“The shift towards AI-based approaches was not just about automating tasks but about enhancing the quality of security decisions, removing unnecessary access, reducing false positives, and optimising the workload for Security Operations Centre (SOC) teams,” a synopsis of the talk explains.

For example, by coupling vulnerability data with its alerts using AI-based technologies the bank was able to significantly reduce the number of false positives its operation centre staff were facing.

The talk, entitled “Infusing AI in Cybersecurity: The Times They Are AI-Changin’,” promises to offer other organisations tips on best practices and methodologies in rolling out AI-based technologies within their own businesses.

Dive deeper

The best of more established strands of security research will also be highlighted during Black Hat Europe. Celebrated application security hacker Orange Tsai will put the spotlight onto the “Best Fit” feature in Windows.

This long established “Best Fit” character conversion technology can be abused to bypass security mechanisms, remount argument injection, and, in certain scenarios, achieve arbitrary code execution, Tsai has discovered.

The hack allows a man-in-the-middle attacker to authenticate themselves to a device using RADIUS. Only deployments using the EAP authentication method or the not-yet-standardized RADIUS over TLS are unaffected, according to cryptographer Miro Heller, the PhD student behind the research.

DNSSec, the security extension to the DNS lookup protocol, is deployed across a third of internet systems. Security researchers will outline how a cryptographic attack against any DNSSEC-validating DNS resolver would have caused systems to hang.

Researchers at Goethe-Universität Frankfurt will explain how the internet “dodged a bullet” from the so-called KeyTrap denial of service attack.