Black Hat USA continues to be the proving ground for some of the most provocative, forward-thinking cybersecurity research in the world. In 2024, as the lines between AI governance, supply chain security, and offensive research blurred further, the conference spotlighted both technical brilliance and strategic urgency.
After carefully reviewing over a hundred sessions across Briefings, Main Stage, and Keynotes, we've curated CISO Platform’s Top 10 Talks from Black Hat USA 2024—handpicked for their technical novelty, enterprise relevance, and real-world impact.
This list is designed to help security teams and executives prioritize key innovations shaping cybersecurity in 2024 and beyond.
CISO Platform’s Top 10 Talks from Black Hat USA 2024
1) Bytecode Jiu-Jitsu: Choking Interpreters to Force Execution of Malicious Bytecode
Speaker: Toshinori Usui (NTT Security), Masataka Tagomori (University of Tokyo)
A masterclass in exploiting Python interpreters using syntactically valid yet malicious bytecode. This talk exposed novel attack surfaces where traditional input validation mechanisms break down.
Why it matters: Many EDRs rely on dynamic analysis—this bypasses it entirely.
2) Flipping Bits: Your Credentials Are Certainly Mine
Speaker: Fredrik “STÖK” Alexandersson
A deep dive into a practical typo-squatting attack that leverages bit-flip domain lookalikes. This technique avoids traditional filters while harvesting real credentials.
Why it matters: Incredibly simple, yet shockingly effective—especially in phishing-resistant environments.
3) OVPNX: Four Zero‑Days in OpenVPN Leading to RCE, LPE, and Kernel Compromise
Speaker: Vladimir Tokarev (Microsoft)
One of the most technically sophisticated attack chains at Black Hat 2024. Tokarev presented how minor misconfigurations and unpatched assumptions in OpenVPN software stack could be chained into full-blown compromise.
Why it matters: Over 5M endpoints globally run OpenVPN—this shook the VPN world.
4) Becoming Cybersecurity Bilingual: Communication Models for Hackers and Executives
Speaker: John Dwyer (Binary Defense)
Not a traditional offensive talk—this one centered on breaking down communication barriers between security researchers and business leaders. Dwyer presented tested frameworks to translate risk into boardroom impact.
Why it matters: Security is no longer just technical. This talk gives your team a voice.
5) AI Safety and You: Emerging Risk Models in GenAI Ecosystems
Speakers: Nathan Hamiel, Amanda Minnich, Nikki Pope, Mikel Rodriguez
This panel explored risk modeling for autonomous systems, LLM misuse, synthetic data threats, and prompt injection as an emerging “supply chain” attack.
Why it matters: As GenAI adoption scales, this talk is a blueprint for building security guardrails.
6) Keynote: Democracy's Biggest Year – Securing Global Elections in 2024
Speakers: Jen Easterly (CISA), Hans de Vries (ENISA), Felicity Oswald (NCSC UK)
A rare geopolitical focus, this keynote discussed state-backed disinformation, election interference, and resilience strategies from three continents.
Why it matters: 2024 marks a record number of national elections. Cybersecurity is now a democratic backbone.
7) Keynote: Fireside Chat with Moxie Marlinspike
Speakers: Jeff Moss & Moxie Marlinspike
One of the most anticipated sessions. Encryption pioneer Moxie weighed in on the future of secure messaging, decentralization, and AI’s threat to cryptographic trust.
Why it matters: Encryption policy and ethics are at the center of enterprise and regulatory friction.
8) Smarter, Faster, Stronger Security in the Age of AI
Speakers: Ann Johnson (Microsoft), Sherrod DeGrippo
This session mapped Microsoft’s strategy around real-time threat intel, adaptive AI-enhanced defense, and blue team augmentation.
Why it matters: A blueprint for organizations investing in AI-native SOCs.
9) Main Stage: Rethinking Software Supply Chain and Vulnerability Management
Speaker: Danny Jenkins (ThreatLocker)
A tactical session dissecting how modern software packaging introduces deeply buried vulnerabilities. Focused on isolation, behavioral controls, and proactive patching.
Why it matters: CISOs still underestimate the complexity of securing third-party code dependencies.
10) Locknote: Black Hat 2024 Key Takeaways
Speakers: Jeff Moss, Nathan Hamiel, Window Snyder, Jos Wetzels
This annual wrap-up offered an expert synthesis of the most urgent themes: GenAI risks, agentic AI governance, infrastructure attack surface growth, and the fusion of nation-state and criminal tactics.
Why it matters: Every attendee leaves with this one circled. If you missed the event, start here.
Closing Thoughts: What These Talks Reveal About 2025
Black Hat 2024 clarified that:
- Agentic AI is an operational risk.
- The software stack is more fragile than we think.
- Security must scale both technically and communicatively.
If you're a CISO or technical decision-maker, these sessions aren’t just good to watch—they’re essential context for your roadmap.
Want CISO Platform's in-depth debrief for each of these talks, or a curated takeaway pack for your board or internal team? Drop a comment or connect with us at CISO Platform
By: Priyanka Aash, Co-founder, CISO Platform
Comments