November 26, 2013 at 12:53Black Hat USA 2013. What was and a little about reports
There are many conferences on information security: small and large, technical and filled exclusively with marketing reports from vendors, or, save the Flying Macaroni Monster, persdany or reports in the style of "how to become a rock star in the world of information security." And there are two security conferences that have always stood out against this background: Black Hat and Defcon. Even people far from information security probably heard about them.
I would like to talk about how Black Hat USA held this year.
Performing at Black Hat or Defcon was my old dream. The dream came true last year, where I and Alexander AlexandrPolyakov Polyakov talked about Server Side Request Forgery, but this year the situation repeated itself, and my reportabout OLAP servers and attacks on MDX, the selection of the commission was successfully passed, and - hello, Vegas!
The conference lasts 6 days. 4 days of trainings and 2 days of reports and workshops. Actually, all the most interesting happens in the last 2 days.
You probably already heard about some reports:
1) ROOTING SIM CARDS
2) ANDROID: ONE ROOT TO OWN THEM ALL
3) HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
There were many more interesting presentations and topics, which is not surprising, given the list of conference keynotes: General Alexander is the director of the NSA (PRISM and blablabla) and Brain Muirhead (NASA, a cool story about the rovers that conquered Mars). Unfortunately, we stood at the ERPScan booth for the most part :), so I won’t consider them in detail, everyone can get acquainted with the material here .
Instead, I’ll try to tell you how the conference as a whole went.
It is worth noting that in addition to me and Alexander dark_k3y Bolshev, with whom I worked on a report on attacks on BI systems, Alexander Polyakov also went to Vegas, whose work has already been sent to BH. This time he taught at VN training.
We all had to speak on the first day, right after the director of the National Security Agency, Alexander. It’s a little annoying, because we couldn’t listen to each other’s reports, and then measure ourselves ... mmm ... find out who had more listeners. Other than this small minus, the timeslot was perfect. There is nothing better than to "shoot back" at the beginning of the conference, after which you can calmly go to other people's speeches or communicate with people who liked your report. It came to the ridiculous: late in the evening on the streets of Vegas, different people came up, who were interested not in the presence of trifles or a phone of the latest model, but in how Sasha and I managed to perform so cool. Nice damn it.
So, a little about the atmosphere of Black Hat. The conference takes place in the hotel / casino "Caesars Palace" (yes, the very one from the "Bachelor Party"). There are so many visitors at the conference:
In addition to reports and workshops, the conference also has a section where the receivers represent a variety of security tools (Black Hat Arsenal), and a section with stands of various security companies, which, incidentally, was our stand. In general, people had something to take their time to:
What did hackers do in the evening in Vegas when the reports ended? Mostly in parties (let American pensioners play in the casino). After the conferences, a huge number of different parties took place, since the main goal of the conference is not reports at all, but the community, which is going to be in Vegas. So, the first party - traditionally, the speaker party - was held in one of the Caesars' towers. It was attended mainly by speakers, leading workshops and trainings, sponsors, conference organizers and those who somehow managed to get the coveted bracelet. The atmosphere was light and relaxed, people got acquainted, shared their impressions and expectations related to VN. This is where you can meet a lot of smart people who are ready to talk with you on any topic on information security. The party ends early
The evening of the first day of reports is the main one. All the motions on this day. IOasis party - a party from IOActive - happened in one of the Caesars' deluxe rooms. It was possible to get there only at the invitation of one of those present. A bunch of drinks and snacks - and here you are, overcoming shyness, going to talk with Comrade Grug or Bratus, surrounded by his students. The main speakers and people of serious weight in the global information security industry gathered here.
This evening also hosted the publicly available (by appointment) WhiteHat party and Metasploit party.
The first was held by the hotel pools and was decorated in the Hawaiian style. Dancing, flower necklaces, straw skirts and mini-guitars were all there. But I remember the races on the radio-controlled boats in the pools (by the way, they could be controlled, for example, thanks to the HackRF / BladeRF , which we showed at our ZeroNights conference).
Metasploit party was held in one of the Vegas clubs. Huge dance floor, swimming pools and a free bar - what else do you need for relaxation? There were a huge number of people at this event. Finding interesting and useful people for communication in this crowd was also not a problem. Well, if it got really boring, then you could go up to one of several visitors with a google voice on your head and ask him to play with him.
On the final day, I got to three BlackHat parties: from Microsoft, Isec Partners and Zpaty.
The first was again accessible to everyone and strongly reminded the composition of the Metasploit party. Loud music, a bar and acrobats under the ceiling.
Isec Partners party was local and intended for friends of the company. Everything took place in the luxury room of the HardRock-hotel with a giant aquarium, bowling alley, live music and, again, a free bar. There were many Russian-speaking guys here, due to the fact that one of the company’s divisions is located in Belarus (if I remember correctly :)).
On the way to Isec Partners party, we decided a simple quest and received an invitation to Zpaty. It was decided to call in, as someone said that Mitnik would hang out there. Well, we didn’t find Mitnik and, having gulped slightly at the bar and chatted with the organizer of some local conference, we set off further.
Since the conference was held in early August, PRISM and Snowden's action were still very discussed topics. People went to the conference in T-shirts with the image of Edward, with the “Hello May Name from Edward” badges and so on. For most of those who came to the conference, Snowden was a hero who decided on a brave deed.
Another point that was paid attention at every party and report was the death of hacker Barnaby Jack .
They talked about it, discussed it, a lot of good words were said about Barnaby. This common grief brought together many previously unknown people Jack had inspired.
Also at the conference, the Pwnie Awards competition is traditionally held , at which security researchers are awarded pony figurines for the best information security research and bugs found. What is noteworthy, this year among the nominees for the award was also the Russian receiver Georgy Nosenko (Digital Security) with critical vulnerability in SAProuter.
The final list of winners who received the coveted pony can be found here .
The overall impressions of Black Hat USA turned out to be extremely positive: a lot of interesting people, cool receivers, whose work is always interesting to read, and a fun and laid-back atmosphere that invites dialogue.
We speak a lot at various foreign conferences and tried to realize all the best of them at our own ZeroNights conference , which was held recently in Moscow. It was cool, wait for the report soon :)
I would like to talk about how Black Hat USA held this year.
Performing at Black Hat or Defcon was my old dream. The dream came true last year, where I and Alexander AlexandrPolyakov Polyakov talked about Server Side Request Forgery, but this year the situation repeated itself, and my reportabout OLAP servers and attacks on MDX, the selection of the commission was successfully passed, and - hello, Vegas!
The conference lasts 6 days. 4 days of trainings and 2 days of reports and workshops. Actually, all the most interesting happens in the last 2 days.
You probably already heard about some reports:
1) ROOTING SIM CARDS
2) ANDROID: ONE ROOT TO OWN THEM ALL
3) HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
There were many more interesting presentations and topics, which is not surprising, given the list of conference keynotes: General Alexander is the director of the NSA (PRISM and blablabla) and Brain Muirhead (NASA, a cool story about the rovers that conquered Mars). Unfortunately, we stood at the ERPScan booth for the most part :), so I won’t consider them in detail, everyone can get acquainted with the material here .
Instead, I’ll try to tell you how the conference as a whole went.
It is worth noting that in addition to me and Alexander dark_k3y Bolshev, with whom I worked on a report on attacks on BI systems, Alexander Polyakov also went to Vegas, whose work has already been sent to BH. This time he taught at VN training.
We all had to speak on the first day, right after the director of the National Security Agency, Alexander. It’s a little annoying, because we couldn’t listen to each other’s reports, and then measure ourselves ... mmm ... find out who had more listeners. Other than this small minus, the timeslot was perfect. There is nothing better than to "shoot back" at the beginning of the conference, after which you can calmly go to other people's speeches or communicate with people who liked your report. It came to the ridiculous: late in the evening on the streets of Vegas, different people came up, who were interested not in the presence of trifles or a phone of the latest model, but in how Sasha and I managed to perform so cool. Nice damn it.
So, a little about the atmosphere of Black Hat. The conference takes place in the hotel / casino "Caesars Palace" (yes, the very one from the "Bachelor Party"). There are so many visitors at the conference:
In addition to reports and workshops, the conference also has a section where the receivers represent a variety of security tools (Black Hat Arsenal), and a section with stands of various security companies, which, incidentally, was our stand. In general, people had something to take their time to:
What did hackers do in the evening in Vegas when the reports ended? Mostly in parties (let American pensioners play in the casino). After the conferences, a huge number of different parties took place, since the main goal of the conference is not reports at all, but the community, which is going to be in Vegas. So, the first party - traditionally, the speaker party - was held in one of the Caesars' towers. It was attended mainly by speakers, leading workshops and trainings, sponsors, conference organizers and those who somehow managed to get the coveted bracelet. The atmosphere was light and relaxed, people got acquainted, shared their impressions and expectations related to VN. This is where you can meet a lot of smart people who are ready to talk with you on any topic on information security. The party ends early
The evening of the first day of reports is the main one. All the motions on this day. IOasis party - a party from IOActive - happened in one of the Caesars' deluxe rooms. It was possible to get there only at the invitation of one of those present. A bunch of drinks and snacks - and here you are, overcoming shyness, going to talk with Comrade Grug or Bratus, surrounded by his students. The main speakers and people of serious weight in the global information security industry gathered here.
This evening also hosted the publicly available (by appointment) WhiteHat party and Metasploit party.
The first was held by the hotel pools and was decorated in the Hawaiian style. Dancing, flower necklaces, straw skirts and mini-guitars were all there. But I remember the races on the radio-controlled boats in the pools (by the way, they could be controlled, for example, thanks to the HackRF / BladeRF , which we showed at our ZeroNights conference).
Metasploit party was held in one of the Vegas clubs. Huge dance floor, swimming pools and a free bar - what else do you need for relaxation? There were a huge number of people at this event. Finding interesting and useful people for communication in this crowd was also not a problem. Well, if it got really boring, then you could go up to one of several visitors with a google voice on your head and ask him to play with him.
On the final day, I got to three BlackHat parties: from Microsoft, Isec Partners and Zpaty.
The first was again accessible to everyone and strongly reminded the composition of the Metasploit party. Loud music, a bar and acrobats under the ceiling.
Isec Partners party was local and intended for friends of the company. Everything took place in the luxury room of the HardRock-hotel with a giant aquarium, bowling alley, live music and, again, a free bar. There were many Russian-speaking guys here, due to the fact that one of the company’s divisions is located in Belarus (if I remember correctly :)).
On the way to Isec Partners party, we decided a simple quest and received an invitation to Zpaty. It was decided to call in, as someone said that Mitnik would hang out there. Well, we didn’t find Mitnik and, having gulped slightly at the bar and chatted with the organizer of some local conference, we set off further.
Since the conference was held in early August, PRISM and Snowden's action were still very discussed topics. People went to the conference in T-shirts with the image of Edward, with the “Hello May Name from Edward” badges and so on. For most of those who came to the conference, Snowden was a hero who decided on a brave deed.
Another point that was paid attention at every party and report was the death of hacker Barnaby Jack .
They talked about it, discussed it, a lot of good words were said about Barnaby. This common grief brought together many previously unknown people Jack had inspired.
Also at the conference, the Pwnie Awards competition is traditionally held , at which security researchers are awarded pony figurines for the best information security research and bugs found. What is noteworthy, this year among the nominees for the award was also the Russian receiver Georgy Nosenko (Digital Security) with critical vulnerability in SAProuter.
The final list of winners who received the coveted pony can be found here .
The overall impressions of Black Hat USA turned out to be extremely positive: a lot of interesting people, cool receivers, whose work is always interesting to read, and a fun and laid-back atmosphere that invites dialogue.
We speak a lot at various foreign conferences and tried to realize all the best of them at our own ZeroNights conference , which was held recently in Moscow. It was cool, wait for the report soon :)