{"id":1634,"date":"2023-08-30T20:45:49","date_gmt":"2023-08-30T20:45:49","guid":{"rendered":"https:\/\/www.dnsfilter.com\/blog\/black-hat-2023-recap"},"modified":"2023-08-30T20:45:49","modified_gmt":"2023-08-30T20:45:49","slug":"black-hat-2023-the-dnsfilter-recap-with-david-elkind-and-nick-saunders","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/30\/black-hat-2023-the-dnsfilter-recap-with-david-elkind-and-nick-saunders\/","title":{"rendered":"Black Hat 2023: The DNSFilter Recap with David Elkind and Nick Saunders"},"content":{"rendered":"<p>I sat down with David Elkind, Chief Data Scientist, and Nick Saunders, Product Manager, to talk about how Black Hat went for the DNSFilter team. The three of us attended numerous briefings, trekked through the business hall, and put a few miles on our DNSFilter Nikes.<\/p>\n<p><!--more--><\/p>\n<div class=\"hs-embed-wrapper\" data-service=\"youtube\" data-responsive=\"true\">\n<div class=\"hs-embed-content-wrapper\">\n<p><iframe width=\"200\" height=\"113\" src=\"https:\/\/www.youtube.com\/embed\/TA4BzUEfqy0?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen title=\"Black Hat Discussion 2023\">[embedded content]<\/iframe><\/p>\n<\/div>\n<\/div>\n<h2>\u201cWhat was your favorite talk?\u201d<\/h2>\n<p>David already published his thoughts on LLM and generative AI talks in particular (and the inability to escape them), and <a href=\"https:\/\/www.dnsfilter.com\/blog\/black-hat-2023-review-llms-everywhere\"><span>he had one favorite by CyCraft Technology<\/span><\/a>.&nbsp;<\/p>\n<p>In our chat, David had this to say on the CyCraft talk: \u201cAs the chief data scientist, I spend all day every day thinking about different kinds of AI machine learning models and how they can fit into the DNSFilter product and just the broader security landscape\u2026 [CyCraft is a] company that does incident response and their approach, I thought, was very clever. They wanted to find a better way to find malicious command lines on Windows\u2026And what they realized was that a large language model, since it&#8217;s designed to parse natural languages\u2014human languages\u2014it might also be very effective at parsing command lines and understanding and interpreting the command line and therefore making inferences about risk\u2026and all sorts of other questions that you really want to answer in a security setting.\u201d<\/p>\n<p>As for Nick\u2019s favorite talk, he was a fan of a slightly different AI talk that focused on phishing: <a href=\"https:\/\/www.blackhat.com\/us-23\/briefings\/schedule\/index.html#devising-and-detecting-phishing-large-language-models-gpt-gpt-vs-smaller-human-models-v-triad-generic-emails-31659\"><span>Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails)<\/span><\/a>. \u201cWell, speaking of the main topic du jour, I did a track on LLMs in phishing, which I thought was a pretty interesting application. A lot of the ones were focusing on how to identify malware with an LLM, but this one is actually putting it to use to create pretty convincing-looking emails.\u201d<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/black-hat-2023-the-dnsfilter-recap-with-david-elkind-and-nick-saunders.jpg?resize=624%2C468&#038;ssl=1\" width=\"624\" height=\"468\" loading=\"lazy\"><\/p>\n<p>And that\u2019s what a lot of talks at Black Hat centered around: AI is moving quickly, and we need to be aware of the malicious applications that are already in-use so that we can combat them.&nbsp;<\/p>\n<p>In a way, this was highlighted in the <a href=\"https:\/\/twitter.com\/Fox0x01\/status\/1689319783827742739\"><span>keynote<\/span><\/a> by <a href=\"https:\/\/twitter.com\/Fox0x01\"><span>Azeria<\/span><\/a> (AKA Maria Markstedter) where she discussed how reactive companies have been in regards to AI. It actually mimics how companies reacted to the proliferation of the iPhone. Security wasn\u2019t necessarily taken into account, but companies moved quickly to make sure they were at the bleeding edge.&nbsp;<\/p>\n<p>Similarly, threat actors have always done the same. They are some of <em>the<\/em> earliest adopters.&nbsp;<\/p>\n<p>Despite the overwhelming number of AI talks, David was happy to have more to choose from. \u201cIt used to be that finding the AI or machine learning talks\u2014which are my area of interest\u2014would mean I would find, you know, three or four [talks], and then I&#8217;d have to figure out what I would do. But this year\u2026they were all stacked up, and I had to pick which machine learning talk I wanted to go to at a particular time slot, which is a little bit stressful, but I was glad to get more content.\u201d<\/p>\n<h2>Where in the world is protective DNS?<\/h2>\n<p>One thing I noticed in attending numerous briefings (some related to DNS, others around general security precautions to take) is that protective DNS was sometimes left out of the conversation where it probably should have been included.&nbsp;<\/p>\n<p>I asked David and Nick why they think protective DNS doesn\u2019t get mentioned in these security conversations when we\u2019re talking about how to block these threats.<\/p>\n<p>David: \u201cWell, there&#8217;s definitely an attitude that because DNS is so old and so fundamental that there&#8217;s no real need to think about security because all the security stuff has already been thought about, right? \u2018There&#8217;s no new terrain to be covered\u2019, I think. And that&#8217;s probably a bit of a simplification because it&#8217;s so fundamental. That means that it&#8217;s going to be everywhere, it&#8217;s going to be omnipresent, and it&#8217;s going to be a very powerful tool if you can find a way to misuse it. So continuing to level up the protective capabilities of DNS is going to be a key part of security going forward.\u201d<\/p>\n<p>Nick: \u201c It is basically table stakes is kind of how I could see it as well. The reason people aren&#8217;t bringing it up as an explicit solution is, as David mentioned, it has been around for a while.\u201d<\/p>\n<p>But protective DNS is fundamental to securing organizations, and the very first layer of defense. When we\u2019re talking about simple but powerful actions organizations can take to secure their perimeter, this is the big one. Though\u2026we might be biased.<\/p>\n<p>David summed it up nicely when talking about protective DNS and securing DNS in general: \u201cIt&#8217;s definitely part of our job to raise awareness about the different ways that DNS can be protected, right? There&#8217;s all the privacy components like the encryption and things like that. There&#8217;s the authentication piece as well. But there&#8217;s also the filtering component, which is determining which queries are related to malicious activity and how we should handle those.\u201d<\/p>\n<p>How <em>should<\/em> you start handling that malicious DNS traffic? <a href=\"https:\/\/app.dnsfilter.com\/signup\"><span>Start your free trial of DNSFilter today for step one<\/span><\/a>.&nbsp;<\/p>\n<p>Maybe next year the topic du jour should be protective DNS.<\/p>\n<p><a href=\"https:\/\/www.dnsfilter.com\/blog\/black-hat-2023-recap\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I sat down with David Elkind, Chief Data Scientist, and<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,590,417],"tags":[236,593,418],"class_list":["post-1634","post","type-post","status-publish","format-standard","hentry","category-ai","category-machine-learning","category-team","tag-ai","tag-machine-learning","tag-team"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"DNSFilter","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/dnsfilter\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/machine-learning\/\" rel=\"category tag\">Machine Learning<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/team\/\" rel=\"category tag\">Team<\/a>","tag_info":"Team","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1634"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1634\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}