Briefings Tracks

AI, ML, & Data Science

The focus of the AI, ML, and Data Science track is to cover the subject in a way that provides value for security professionals. Topics for the track can range from attacking and defending systems implementing AI to applying AI for better attacks, defenses, or detections. Submissions for the track should have the AI/ML functionality playing a key role in the submission. Regardless of the topic, the content for the track should have a heavy focus on applied concepts that attendees can use after the conference is over.

Applied Security

The Applied Security track welcomes submissions that cover topics and techniques that can be immediately applied to attendee/enterprise environments after returning home from the conference. Topics can still be cutting edge but shouldn't require complex plans to deploy or implement. Submissions should focus on security processes, technologies, and implementations that follow best practices and can be easily introduced into an attendee’s organization. Talks in this track help attendees "apply" proven and tested ideas to their systems after attending Black Hat.


Anywhere developers are shipping code, Black Hat is interested. Everything from web application security to the Security Development Lifecycle (SDLC) lives in this track. Good topics include broad-based, novel attacks against web technologies, programming languages, or ecosystems, especially when accompanied by offensive and/or defensive tooling. We are also keen for objective, data-driven research or case studies around secure development practices (train, develop, deploy, run, scale, respond) with actionable recommendations attendees can apply to improve their product security.

Note - Firmware submissions fall under the Hardware/Embedded track and OS and Infrastructure-as-Code submissions fall under Cloud & Platform Security.

Cloud & Platform Security

This track focuses on security issues affecting the full system platform stack (firmware, hypervisor, and operating system) of computing platforms powering everything from embedded systems, to modern desktops, to the cloud. The track focuses on topics such as: software attacks against modern Windows, macOS/iOS, and Linux; hypervisor and firmware vulnerabilities in Xen, Hyper-V, or UEFI; security-coprocessor issues in the Intel Management Engine, Apple Secure Enclave, or ARM TrustZone; microarchitectural attacks such as Meltdown/Spectre and hardware-enabled attacks such as Rowhammer. This track also encourages presentations on novel defenses that feasibly mitigate presently known or unknown instances of these classes of attacks -- especially if these defenses can scale and/or have scaled to effectively protect various ranges of platforms ranging from mobile phones to cloud-scale infrastructure with acceptable power, performance, and compatibility impact.


The Community track aims to provide a forum for idea sharing and discussion on relevant issues impacting the InfoSec community. Topics may include but are not limited to careers, legal issues, diversity, inclusion, attribution, substance abuse, mental health, burn out, security awareness, and work-life balance. Talks in this track should provide insights and solutions to help individuals new to InfoSec as well as those with years of experience and the talks do not need to be technical in nature. Community track talks should help affect change for the InfoSec community and session formats for this track are more open and flexible – panels, fireside chats, etc.


CorpSec is modern enterprise security: it's a track that covers research into the security of IT infrastructure and endpoint fleets. CorpSec includes device management and MDMs, directory and SSO identity services, orchestration and patch management, email, and storage networks. If it's new research targeting systems companies run to support team members, rather than the applications they provide or the operating systems themselves, the CorpSec track is probably a natural home for it.


The Cryptography track aims to do for cryptography what Black Hat's Exploit Development track does for software security: to be the industry's premiere venue for practical, real-world advances in cryptography informed by an attacker's sensibility. A Black Hat Cryptography Track talk will almost always be backed up with running code. We prize offensive cryptography and cryptanalysis but will host defensive and research cryptography when rooted in a context of real-world attacks. We're an especially good place to send new vulnerabilities in cryptographic protocols like TLS, cryptographic hardware like HSMs and smart cards, and cryptographic primitives like SHA-1.

Cyber-Physical Systems

A cyber-physical system (CPS) is any system where one, or more, computing elements monitor, manage and control a physical process. From wearable IoT devices to smart homes/buildings, from drones to self-driving vehicles, from Industrial Control Systems to avionics, these applications share common characteristics: the threat model relates to the physical process, the attacker goals are similarly linked to it, and both vulnerabilities and defense mechanisms need to encompass both the physical and the digital side of the systems. Talks in this track are directed at CPSs, either specific ones or on the concept as a whole, focusing on the systemic attacks and defenses. Note that the purely cyber or data components research may fit better in other primary tracks such as Hardware/Embedded or AI.

Data Forensics and Incident Response

The DFIR track will consist of topics and techniques used to assist defenders in responding to a variety of security incidents in on-premise, hybrid, and cloud environments. These topics may include, but aren't limited to, identification of compromised systems, digital evidence collection, network, host, malware analysis, threat intelligence, and threat hunting. Focus should be on techniques and procedures that can help defenders understand how an attack unfolded, if and when a breach occurred, and how it can be prevented in the future.


For every successful attack that hits the news, there's a defender out there, lurking in the dark, having just stopped another fifty. As cyber permeates everything in our daily lives, the stakes have never been higher, especially in the new world of a remote workforce sharing systems with their young distance learners, across perimeter-less and zero trust networks. How can we tip the balance to favor the blue team in their daily battle against chaos, data loss, or even lives lost? What new technologies should we look at, before attackers do? What are new approaches to consider, while keeping up with this ever-changing perimeter and the rapid introduction of new attack surfaces?

This track welcomes talks on practical, effective, and scalable security isolation technologies and exploit mitigations, at the compiler or platform level, as well as tools and techniques offering enhanced visibility, management, visualization, and data processing of any part of the kill chain, with the goal of disrupting and diminishing attacker capabilities and toolsets. Attendees, passionate about defense, are expected to rapidly take away practical new skills in the trade and join in the conversation on creatively addressing the future.

Exploit Development

Exploit Development submissions are welcome across a wide array of technologies and targets from servers to mobile devices. We are particularly interested in innovative and novel approaches that cover new exploit delivery mechanisms, code execution techniques, focus on new targets, or defeat existing exploit mitigations such as ACG or CFG. Submissions shouldn't be constrained to memory safety issues, but these often resonate well with our audience.

Hardware / Embedded

The Hardware / Embedded track is centered around attacks on hardware, firmware, and embedded devices. We're also interested in the security (and insecurity) of things like exotic hardware, autonomous vehicles, IoT, robotics, medical devices, voting machines, and other unique hardware-centric targets. Purpose-built, modded, or otherwise hacked hardware that solves (or creates) new security problems is pretty cool, too.

Human Factors

The Human Factors track focuses on people in security: how their decisions can affect the security of the organization, and how engineering and technology can help. This includes the way people make decisions and how to influence those decisions as an attacker or defender. It also includes how to reduce their decision load and the organizational (and potentially economic) factors that surround those decisions. This track welcomes submissions that detail techniques on the social influencing of people to act against their interest as well as innovative ways to strengthen technology and other solutions to decrease harm. This track is not about career development, BOFH stories, simple ploys like buying a UPS outfit, or sploits to make the browser draw a fake UI.


The Malware track focuses on both the defensive and offensive aspects of malware development. The defensive malware talks are centered around current malware; analysis, detection, remediation, and technical discussions on decent or broken functionality within anti-malware tools. The offensive malware talks are centered around; malware development, novel execution techniques, and obfuscation. We are most interested in talks that detail prevailing malicious attacks, recent attacks with high impact, or new techniques on both the offensive and defensive side of malware development without a product pitch.


The mobile track encompasses everything related to mobile devices (largely phones). The main aim for talks in this track should be to cover a feature, technique, concept or research result that first and foremost applies to mobile devices. Submissions where mobile devices/OSes are only one of the many use cases or affected targets are generally not suitable for this track.

Network Security

Talks in this track should tackle network defense issues related to protecting users or assets. Traditionally, this includes the vast array of NIDS, HIDS, IPS, SEIM, Firewalls, VPNs, etc., as well as the hardware components, like routers, switches, Wi-Fi and so on. Cloud computing networks and more exotic networks, like CAN Bus, ad-hoc networking and so on are included. We are looking specifically for novel means of deployment, detection, correlation, or protection of attacks that is both unique and ideally practical for use in protecting networks. Attendees of Network Defense track talks should walk away with ideas on how to defend themselves and a better understanding of the threat landscape with ideas on areas to research.


The Policy track features aspects of information security across organizations and that aren’t a technological fix: organizational, political, technology, or economic policies, as well as technical standards, laws, and norms of behavior. We welcome your research and risk-based findings about security impacts of policy or legislation on attackers and defenders; unintended consequences of policy or technical choices; metrics for assessing overall information security; proposed policies against new or stubborn security threats or those requiring coordination at scale (national, sectoral, or global). Successful submissions will include novel insights, backed by actual research, and not just soap-box opinions or complaints. Submissions about governance, metrics, or architecture within a single organization typically belong in the Enterprise track.

Reverse Engineering

"Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made and reproducing it or reproducing anything based on the extracted information." — Eldad Eilam

Talks in the Reverse Engineering Track may include subjects such as vulnerability discovery, data visualization, advanced exploitation techniques, bypassing security and software protections, and reverse engineering of hardware, software, and protocols.

Sustaining Partners