Microsoft Security highlights from Black Hat USA 2022

Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Microsoft was among the companies participating in the conference, which was from August 6 to 11, 2022, in Las Vegas, Nevada. This year’s event was hybrid, with some attendees attending in-person and others joining online.

We were excited to join members of the Black Hat security community representing 111 countries.1 Along with more than 17,000 in-person attendees—and more than 15,000 virtual attendees—we heard security insights and shared the latest in Microsoft Security solutions, including two new security solutions—Microsoft Defender Threat Intelligence to track threat actor activity and Microsoft Defender External Attack Surface Management to discover unknown and unmanaged resources that are visible and accessible from the internet.

Booth excitement

A picture of the Microsoft Security booth at the Black Hat USA 2022 Conference.

What energizes us the most about conferences like Black Hat is the opportunity to meet people. During the conference, we welcomed hundreds of security professionals to our booth. There, we talked about cybersecurity threats, shared our perspective on the need for comprehensive security, listened to their stories of cybersecurity challenges, and gave them demonstrations of the latest innovations from Microsoft Security in the threat intelligence and protection space, including Microsoft Defender Experts for Hunting.

We’re passionate about security and it’s always a thrill to be among others who feel the same way. Our team in the booth was kept happily busy. Some attendees chatted in groups of two or more while others crowded around four demo stations—Microsoft Security Experts, threat protection, threat intelligence, and identity and access management—to see how Microsoft product solutions can help catch what others miss.

During our Diversity and Inclusion Hour on Wednesday, Black Hat attendees gathered in the Microsoft booth to socialize and talk about diversity, equality, and inclusion in the workplace. As a bonus, Microsoft enlisted a professional photographer to take headshots for anyone who attended and wanted to update their LinkedIn profiles.

A group of people having a conversation in the circle.

Conference sessions

Microsoft Security team members stay up on the latest news, solutions, and strategies in the security world. We were thrilled when several of these security professionals received the opportunity to share their thought leadership insights with Black Hat attendees.

  • “Advancing Investigations with Threat Intelligence”: Microsoft Incident Response Consultant MacKenzie Brown shared how Microsoft’s Detection and Response Team (DART) harnesses the power of threat intelligence while in the trenches helping customers challenged by cyberattacks. MacKenzie also walked through how DART responded to recent threats from the North Korean nation-state actor believed to be behind HolyGh0st and Lapus$. 163 attendees viewed the session virtually.
  • “AAD Joined Machines—The New Lateral Movement”: Microsoft Senior Security Researcher Mor Rubin talked about new research about a mechanism designed to allow authentication between Microsoft Azure Active Directory-joined machines. Mor also explored the foundation of the new network protocol, presented a way (and a tool) to perform pass-the-certificate attacks, and talked through an open-source solution that can help companies hunt for attacks.
  • “CastGuard: Mitigating Type Confusion in C++”: Microsoft Software Security Engineer Joe Bialek discussed type confusion vulnerabilities, which have incredibly powerful primitives to exploit writers. Joe introduced a new mitigation called CastGuard that’s being deployed to a set of Windows components (with more in the works). With a tiny instruction sequence and the virtual function table pointer of an object, CastGuard helps prevent illegal static down-casts in C++ code.
  • Malware Classification With Machine Learning Enhanced by Windows Kernel Emulation”: Microsoft Security Software Engineer Dmitrijs Trizna presented a hybrid machine learning architecture that combines static and dynamic malware analysis methodologies. This architecture surpasses the capabilities of the modern AI classifiers and records a detection rate of 96.7 percent with a fixed false positive rate of 0.1 percent.

Conference social events

It wouldn’t be a conference without plenty of fun social events to get everyone chatting, networking, and celebrating the achievements of security professionals. At the Cybersecurity Women of the Year Awards (CSWY Awards) on August 9, 2022, attendees gathered at the Luxor, enjoyed a gourmet meal, and toasted to female cybersecurity and privacy leaders who are changing the world.

Aanchal Gupta, CVP of Engineering at Microsoft is announcing a winner.

“The CSWY Awards recognize women protecting businesses, schools, and governments from cyber threats actors,” said Carmen Marsh, creator of the CSWY Awards. “We give security pros the opportunity to talk about what’s happening or not happening in cybersecurity and how to make it better. It’s wonderful to bring women from around the world to Las Vegas for this important event while creating inspiring role models for the new generation of cybersecurity professionals.”

As a Signature Sponsor, Microsoft was honored to recognize three barrier breakers serving as role models for future generations of cybersecurity professionals. Microsoft Corporate Vice President of Cloud and Microsoft 365 Security, Aanchal Gupta gave out the Cybersecurity Woman Privacy Woman Law Professional of the Year 2022 award, while Microsoft Senior Director of Security Narrative and Strategy, Shelli Strand awarded the Cybersecurity Woman Influencer of the Year 2022 award. Abhilasha Bhargav-Spantzel, Microsoft Partner Security Architect, gave out the Cybersecurity Woman Volunteer of the Year award.

After dinner and the awards ceremony, attendees networked and danced to a DJ spinning hits.

“Today, we have an incredible opportunity to attract a talented and impassioned generation of defenders and to change the deep gender disparity in our industry. I am so grateful to the Cybersecurity Woman of the Year program organizers for spotlighting the amazing work being done by those superheroes who are setting a powerful example for us all,” said Vasu Jakkal, Microsoft Corporate Vice President of Security, Compliance, Identity, Management, and Privacy, “Microsoft is proud to take part in an event that is helping to cultivate inclusivity, inspire and facilitate mentorship, and celebrate the important field of cybersecurity.”

On August 10, 2022, Microsoft Security Response Center (MSRC) hosted Microsoft’s annual Researcher Celebration event at the Illuminarium in Las Vegas, Nevada. The event brought together some of Microsoft’s Most Valuable Researchers (MVRs), and many security leaders and professionals. Attendees met with the head of MSRC, Aanchal Gupta, MSRC leadership, and other key Microsoft attendees to thank the MVRs and researcher community for their contributions. Check out the list of MSRC 2022 Most Valuable Researchers!

Throughout the evening, more than 500 guests from more than 200 organizations across the information security community participated in space-themed activities and experiences while connecting and re-connecting in person for the first time in many years. Thanks to everyone that attended and helped make the event memorable.

Collage of images showing people at the different experiences at Microsoft’s annual Researcher Celebration event at the Illuminarium in Las Vegas.

More threat intelligence resources

We can’t wait for future opportunities to connect with everyone again in person. Until then, there are a few ways for you to stay connected and up to date on the latest from Microsoft in threat intelligence solutions:

  • Join us on September 15, 2022, for the free digital event Stop Ransomware with Microsoft Security to hear key insights from Microsoft’s leadership, including a fireside conversation between Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity, and Privacy Business.
  • Explore details on Microsoft’s threat intelligence solution in our blog post about new solutions for threat intelligence and attack surface management.
  • Check out the latest Cyber Signals report.
  • If you attended Black Hat and interacted with Microsoft, please share your feedback with us. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Black Hat USA 2022 Closes on a Record Breaking Event in Las Vegas & Online, AP News. August 19, 2022.

READ MORE HERE