Skip to content

Black Hat USA 2021: Top 5 sessions to attend & tips to survive now that conferences are back in-person


It is that time of the year again—cyber-criminal summer camp is back! In 2020, the global pandemic dramatically changed our social environment, and both Black Hat and Defcon went virtual with in-person networking and parties placed on hold. This year, both events are back with a hybrid flavor to them.

Black Hat USA is a hybrid offering—you can choose to go in person or attend online—it’s followed by Defcon.

The in-person Black Hat event has limited places accommodating less than half of the 17,000-attendee count that typically attend. As I am based in Europe and face the current restrictions on international travel, this will be a virtual-only event for me.

Reviewing hundreds of session is a challenge, so I’ve listed my top 5

Whether you’re preparing to go to Las Vegas or, like me, finding a comfortable place at home to participate, it’s always challenging to review the hundreds of sessions available. In an effort to help you in your decision-making process, I have listed my top 5 sessions not to miss at Black Hat 2021.

Choosing sessions to attend this year was more difficult, with many of my favorite speakers missing from the lineup. I’ll definitely be watching the keynote with Matt Tait, COO at Corellium, who previously worked as an analyst at GCHQ. He will be sharing details on defending supply chains as well as the future of contactless deliveries.

Top 5 sessions to attend at Black Hat 2021

I hope my Black Hat conference picks will help you get started with your planning, and that we all have an awesome hacker summer camp experience.

Zerologon: From Zero to Domain Admin by Exploiting a Crypto Bug

Tom Tervoort  | Principal Security Specialist, Secura

Date: Wednesday, August 4 | 11:20am-12:00pm ( Virtual )

Tracks: Cryptography, CorpSec

Nearly all of us have heard about the Zerologon vulnerability CVE-2020-1472 which exposed a critical vulnerability in the NETLOGON protocol and received a CVE score of 10 of out 10 which is bad—very bad. This was discovered by security researchers at Secura so it’s sure to be interesting and is at the top of my list.

CQOffensiveSecurity: The Extreme Windows Offensive Security Toolkit

Paula Januszkiewicz | CEO and Founder, CQURE Inc. and CQURE Academy
Mike Jankowski-Lorek | Director of Consulting, CQURE Inc.

Date: Wednesday, August 4 | 12:00pm-1:00pm ( Virtual )

Track: Exploitation and Ethical Hacking

When I look for top sessions I always check whether Paula is speaking because I inevitably learn from her insights. Paula and her team at CQURE Inc. and CQURE Academy consistently create awesome tools. That’s why this session on CQURE CQOffensiveSecurity Toolkit is a must.

Breaking the Isolation: Cross-Account AWS Vulnerabilities

Shir Tamari  | Head of Research,
Ami Luttwak  | Co-Founder & Chief Technology Officer,

Date: Wednesday, August 4 | 11:20am-12:00pm and 3:20pm-4:00pm ( Virtual )

Tracks: Cloud & Platform Security, AppSec

With so many organizations accelerating their migration to the cloud, this session stands out as a must-watch.

Multiple AWS services were found to be vulnerable to a new cross-account vulnerability class. An attacker could manipulate various services in AWS and cause them to perform actions on other clients’ resources due to unsafe identity policies used by AWS services to access clients’ resources.

The vulnerabilities have been proven on three major AWS services (AWS Config, Cloudtrail, and Serverless Repository) and have allowed a potential attacker to write and read certain objects from private S3 buckets. This session reviews the specific mitigations provided to the IAM vulnerabilities and discusses the current gaps in the way the vulnerability management process for IAM is handled today.

I’m a Hacker Get Me Out of Here! Breaking Network Segregation Using Esoteric Command & Control Channels

James Coote  | Senior Consultant, F-Secure Consulting
Alfie Champion  | Senior Consultant, F-Secure Consulting

Date: Thursday, August 5 | 11:20am-12:00pm ( Virtual )

Tracks: Network Security, Defense

Attackers are always looking for ways to get inside and move around your network undetected. Many organizations have used network segmentation to keep attackers from moving around easily. This session should be useful as it shares both the Red Team and Blue Team perspectives.

FROM ZERO TO FULL DOMAIN ADMIN – Tracking the digital footprint of a ransomware attack—a real-world incident

Joe Carson  | Chief Security Scientist & Advisory CISO, Delinea

Date: Thursday, August 5 | 1:40pm-2:00pm ( Virtual )

Tracks: Risk, Compliance and Security Management, Security Operations & Incident Response

Last but not least, my own session at Black Hat will demonstrate and discuss a real-world security incident that involved the CryLock Ransomware variant. I will share the methods and techniques used by attackers while providing tips on how you can avoid becoming the next victim.

Connect with ThycoticCentrify virtually or in person at Black Hat 2021.
Booth #1770


Stop by our booth to learn more about Cloud-Ready PAM.  Don’t forget to enter our raffle. We’ll be giving away a Peloton, an Xbox Series X, an Oculus VR Headset, and more. 


We are offering customized product demos, tailored to address your organization’s modern security needs at scale. Discover and explore how our cloud-ready PAM solutions can help your organization stay safe from the ever-expanding threatscape. 

Not registered? Join us at the Black Hat virtual event, registration is FREE!

And Finally, My Top Survival Tips for Hacker Cons

There are several tips for those attending Black Hat or Defcon in person. They’ll help you stay safe and reduce the risk of becoming compromised. I follow these practices on my frequent travels, but I take specific precautions during Black Hat and Defcon to further reduce risks.

Here’s a quick list to keep in mind:

  • Keep valuables in your hotel room locked in your suitcase
  • You are going to be caught on camera and tracked, so accept it
  • Update, patch, and backup your devices before you leave home
  • Power off any devices that you are not using
  • Leave sensitive data at home
  • Use cash and keep your contactless cards in an RFID-protected wallet
  • Always assume someone is watching and monitoring you
  • Avoid Public WIFI and use mobile data always with a VPN

Have fun and stay safe!