Black Hat & DEF CON: 2024 Wrap-Up & 2025 Preview

Curious about Black Hat and DEF CON in 2025? Here’s what we know now:

• Black Hat 2025 dates are scheduled for August 2nd-7th, 2025 at the Mandalay Bay Convention Center, Las Vegas
• DEF CON 33 is currently scheduled for August 7–10, 2025 at the Las Vegas Convention Center West Hall

Read on for a full recap from Black Hat and DEF CON 32.

This year's Black Hat and DEF CON conferences, held from August 3rd to the 11th, 2024, in the sparkling city of Las Vegas, showcased various innovations and discussions that pushed the boundaries of our understanding of cyber threats and solutions.

Black Hat, taking place from August 3rd to 8th, kicked off the week with its renowned briefings and training sessions. This year’s event brought together a diverse group of experts, including ethical hackers, security researchers, and industry leaders, all eager to share their insights. Some standout topics included:

• Advanced threat detection techniques
• The latest ransomware evolution
• Cutting-edge research on machine learning

DEF CON 32, which followed from August 8th to 11th, continued the excitement with its signature hacker culture and hands-on workshops. Security enthusiasts loved this conference because it featured everything from Capture the Flag competitions to thought-provoking panels on the ethics of hacking and the future of artificial intelligence in security.

Both of these conferences are for information security and are known for sharing the latest research, hacks, and knowledge within the security community. This blog post will summarize the big announcements and highlights from the 2024 edition of the Black Hat 2024 and DEF CON 32 conferences.

(Interested in more tech conferences? Be sure to check out our many conference guides, available in the menu on the right-hand side.)

Themes & insights from Black Hat 2024

Check out these highlights from Black Hat 2024.

CrowdStrike outage and its impact on cyber resilience

The recent CrowdStrike outage was a major topic at Black Hat 2024, emphasizing the growing importance of cyber resilience. The outage, which affected millions of devices and caused significant financial losses, highlighted the need for secure-by-design principles and robust incident response plans.

Discussions underscored the need for software development that prioritizes security, along with enhancing collaboration across the industry to prepare for inevitable large-scale breaches in the future.

Election security amid rising geopolitical tensions

With the upcoming 2024 U.S. presidential election, Black Hat sessions were heavily focused on the evolving threats of disinformation, nation-state involvement, and AI-driven misinformation.

Cybersecurity leaders stressed the importance of collective efforts to secure election infrastructure from sophisticated threats. Speakers emphasized the crucial role of both the public and private sectors in securing democratic processes worldwide, especially amid riding geopolitical tensions and nation-state cyber activities.

AI: Both a cybersecurity threat and a tool

Generative AI and its dual nature as both a threat and a defense tool were central themes. While AI can amplify the success rate of cyberattacks and the spread of misinformation, it also offers opportunities for enhancing cybersecurity defenses.

Many vendors at Black Hat, including IBM and HPE, showcased new AI-driven tools aimed at improving threat detection, response, and anomaly detection. However, skepticism remained among experts regarding the risks of deploying AI without fully understanding its implications and the potential for unintended vulnerabilities.

(Related reading: what genAI means for cybersecurity.)

New cybersecurity solutions and collaborations unveiled

Several companies took the opportunity to announce new partnerships and innovations. Cisco celebrated a decade of its Talos threat intelligence platform, while Fortinet introduced new capabilities through its acquisition of Next DLP. Infoblox launched a new ecosystem program to facilitate deeper collaboration across the industry, and Wiz showcased its comprehensive cloud security portfolio.

Of course, we at Splunk also capitalized on this opportunity to talk about the three stratetic transformations that security teams must make for a truly modern SecOps approach:

• Embrace federated data.
• Adopt TDIR: threat detection, incident & response.
• Take full advantage of AI and automation.

This evolution will power the SOC of the future. 

These announcements highlighted the ongoing push towards collaboration and integrated security solutions to address the increasing complexity of the threat landscape.

Real-world implications of doxing and privacy intrusions

Jacob Larsen’s presentation on doxing and privacy intrusion underscored the growing trend of cyber threats crossing into the physical world. His research, which involved interviews with extortionists, highlighted how doxing is being used not just for online harassment but for real-world extortion. His recommendations included reducing the amount of personal information shared online, avoiding SMS-based authentication, and taking steps to enhance both digital and physical privacy.

Key highlights from DEF CON 32

See below to check out a summary of highlights from DEF CON 32:

Innovative hacking villages and AI challenges

DEF CON 32 featured several talks, workshops, and a total of 32 specialized hacker villages, including Aerospace, Telecom, and Biohacking Villages. The conference also showcased unique villages like Lockpicking, Hardware Hacking, and Car Hacking, which offered immersive, hands-on experiences in various cybersecurity fields.

A major highlight was the semi-final of the Artificial Intelligence Cyber Challenge (AIxCC), hosted by DARPA, which just selected its top 7 scoring teams that will be awarded $2 million each and will advance to the final competition in 2025. Each team has a year to mature its technology before the final competition where they will compete for a cumulative $29.5 million to teams with the most effective and efficient systems.

Unfixable malware bugs in browsers

At DEF CON 32, SquareX exposed a major flaw in Secure Web Gateways (SWGs) that leaves users vulnerable to "last mile reassembly" attacks, where malware is deployed directly through the browser which bypasses traditional defenses. This issue stems from SWGs’ inability to detect threats assembled in-browser, as they typically scan for file-based threats. SquareX demonstrated 25 bypass methods, highlighting the flaw’s depth and noting that fixing it would require costly architectural changes.

The ease of exploiting this vulnerability has been amplified by large language models (LLMs), which enable even less experienced attackers to create effective exploits. Vendor responses varied from silence to acknowledgment without solutions, revealing a critical gap in the widely used SWG technology.

(Related reading: LLM security with the OWASP Top 10.)

Deepfake technologies and detection

DEF CON 32 also highlighted the ease of creating deepfakes, with an experiment demonstrating face-swapping in real-time videos. Using DeepFaceLive, participants generated realistic deepfakes, while DARPA’s Semantic Forensics (SemaFor) assessed their detection capabilities.

Despite sophisticated detection tools, identifying deepfakes remains challenging, emphasizing the growing threat of manipulated media and the need for advanced verification methods.

New projects and government initiatives

During the closing ceremony, DEF CON and Black Hat founder Jeff Moss announced two new projects: DEF CON Franklin and DEF CON Academy.

• Franklin aims to integrate hacker community research into national security debates through an annual “Hacker’s Almanack” focused on critical infrastructure.
• DEF CON Academy seeks to support hackers with practical resources and guidance.

Additionally, the National Cyber Director introduced the Open-Source Software Prevalence Initiative to assess the use of open-source software in critical infrastructure. The Department of Homeland Security will invest over $11 million in enhancing open-source software security, following recommendations from the 2023 RFI on Open-Source Software Security.

Watch this video of Jake Braun, Franklin Chairman, discussing the Franklin Project at DEF CON 32:

Splunk at Black Hat 2024

This year at the Black Hat 2024 conference, Splunk had its very own event! This event was on Tuesday, August 6th, 2024 at Slice of Vegas - Pizza Kitchen & Bar inside of the shops in Mandalay Bay.

This event was an Open Cybersecurity Schema Framework event, where industry leaders discussed the latest developments in OCSF, shared real-world use cases, and provided best practices for schema mapping and data encoding. Guests were able to connect with experts like Paul Agbabian from Splunk and Mark Terenzoni from AWS, and engaged in insightful discussions and networking opportunities.

Photos from Black Hat 2024

Check out some of our favorite photos from the event below. See more on Flickr.