Black Hat USA 2013. What was a little about the reports
There are many conferences on information security: small and large, technical and filled exclusively with marketing reports from vendors, or, save the Flying Pasta Monster, with personal data or reports in the style of "how to become a rock star in the world of information security". And there are two security conferences that have always stood out against this background: Black Hat and Defcon. Even people far from IB, perhaps, heard about them.
I would like to talk about how the Black Hat USA conference was held this year.
Performing on Black Hat or Defcon was my long-time dream. My dream came true last year, where I and Alexander AlexandrPolyakov Polyakov told me about the Server Side Request Forgery, but this year the situation recurred, and my report on OLAP servers and attacks on the MDX successfully passed the selection of the commission, and - hello, Vegas!
The conference lasts 6 days. 4 days of trainings and 2 days of reports and workshops. Actually, the most interesting things happen in the last 2 days.
')
You have probably heard about some reports:
1) ROOTING SIM CARDS
2) ANDROID: ONE ROOT TO OWN THEM ALL
3) HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
There were still many interesting presentations and topics, which is not surprising given the list of keynotov conference: General Alexander - Director of the NSA (PRISM and Blablabla) and Brain Muirhead (NASA, the cool story about the rovers who conquered Mars). Unfortunately, most of the konfa we stood at our ERPScan booth :), so I will not discuss them in detail, everyone can get acquainted with the material here .
Instead, I will try to tell you how the conference went as a whole.
It is worth noting that besides me and Alexander dark_k3y Bolsheva, with whom I worked together on a report on attacks on BI systems, Alexander Polyakov also went to Vegas, whose work has once again fall on BH. This time he led a training session at VN.
We all had to speak on the first day, immediately after the director of the National Security Agency, Alexander. It is a little insulting, because they could not listen to each other's reports, and after that they tried ... umm ... find out who had more listeners. In addition to this small minus, the timeslot was perfect. There is nothing better than “shooting back” at the beginning of the conference, after which you can calmly go to other people's speeches or communicate with people who liked your report. It was ridiculous: late in the evening, on the streets of Vegas, various people approached who were not interested in our little things or the latest model phone, but on how Sasha and I managed to perform so coolly. Nice damn it.
So, a little about the atmosphere of Black Hat. The conference takes place in the hotel / casino "Saesars Palace" (yes, the one from the "Bachelor Party"). There are a lot of visitors at the conference:
In addition to reports and workshops, there is also a section at the conference where resellers present various security tools (Black Hat Arsenal), and a section with stands of various security companies, which, by the way, included our stand. In general, people had something to do with their time:
What did the hackers do in the evening in Vegas, when the reports ended? Mainly, by parties (let American retirees play in casinos). After the conferences, a huge number of different parties took place, since the main goal of the conference is not reports at all, but the community that gathers in Vegas. So, the first party - traditionally, the speaker-party - was held in one of the towers of the Caesars. It was attended mainly by speakers, presenters of workshops and trainings, sponsors, conference organizers and those who managed to somehow get the coveted bracelet. The situation was easy and relaxed, people got to know, shared their impressions and expectations related to VN. This is where you can meet a lot of smart people who are ready to talk with you on any topic on information security. The party ends early, because the next day the main part of the conference starts - reports, people go to bed.
The evening of the first day of the reports is the main one. The whole movement is on this day. IOasis party - a party from IOActive - happened in one of the luxury rooms of the "Caesars". It was possible to get there only at the invitation of one of those present. A lot of drinks and snacks - and here you are, shying away from shyness, you go to communicate with a friend Grug or Bratus, surrounded by his students. Here are the main speakers and people who have a serious weight in the global information security industry.
The evening also hosted publicly available (by appointment) WhiteHat party and Metasploit party.
The first was held at the pools of the hotel and was decorated in Hawaiian style. There were dances, flower necklaces, straw skirts and mini-guitars. But I remember more the race on the radio-controlled boats on the pools (by the way, their management could be intercepted, for example, thanks to HackRF / BladeRF , which we showed at our ZeroNights conference).
Metasploit party was held at one of the Vegas clubs. Huge dance floor, swimming pools and a free bar - what else do you need to relax? The people at this event was a huge amount. Finding interesting and useful people in this crowd was not a problem either. Well, if it became quite boring, then you could go up to one of several visitors with a Googleglass on his head and ask him to play with him.
On the final day, I hit three BlackHat parties: from Microsoft, Isec Partners, and Zpaty.
The first was again available to anyone and strongly resembled the composition of the Metasploit party who came. Loud music, bar and acrobats on the ceiling.
Isec Partners party was local and was intended for friends of the company. Everything was held in the luxury room of the HardRock-hotel with a giant aquarium, a bowling alley, live music and, again, a free bar. There were a lot of Russian-speaking guys, due to the fact that one of the company's divisions is located in Belarus (if I remember correctly :)).
On the way to the Isec Partners party, we decided on an easy quest and received an invitation to Zpaty. It was decided to call in, as someone said that Mitnick would hang out there. Well, we did not find Mitnick and, having downcast a little at the bar and having a chat with the organizer of some local conference, went further.
Since the conference was held in early August, the PRISM and Snowden's deed were still very much discussed topics. People went to conferences in T-shirts with the image of Edward, with badges "Hellme May Name of Edward", etc. Snowden for most of those who came to the conference was a hero who decided on a brave deed.
Another point that was paid attention to at each party and the report was the death of the hacker Barnaby Jack .
They talked about it, it was discussed, many good words were said about Barnaby. This common grief brought together many strangers who were inspired by Jack.
Also at the conference is traditionally held the Pwnie Awards competition, at which security researchers are awarded pony figurines for the best security research and found bugs. Remarkably, this year, among the nominees for the award was the Russian diver Georgy Nosenko (Digital Security) with a critical vulnerability in SAProuter.
The final list of winners who received the coveted pony can be found here .
The general impressions about Black Hat USA turned out to be extremely positive: a lot of interesting people, cool recseers, whose work is always interesting to read, and a fun and relaxed atmosphere, conducive to dialogue.
We speak a lot at various foreign conferences and tried to embody the best of them at our own ZeroNights conference, which took place recently in Moscow. It was cool, wait for the report soon :)
I would like to talk about how the Black Hat USA conference was held this year.
Performing on Black Hat or Defcon was my long-time dream. My dream came true last year, where I and Alexander AlexandrPolyakov Polyakov told me about the Server Side Request Forgery, but this year the situation recurred, and my report on OLAP servers and attacks on the MDX successfully passed the selection of the commission, and - hello, Vegas!
The conference lasts 6 days. 4 days of trainings and 2 days of reports and workshops. Actually, the most interesting things happen in the last 2 days.
')
You have probably heard about some reports:
1) ROOTING SIM CARDS
2) ANDROID: ONE ROOT TO OWN THEM ALL
3) HOME INVASION V2.0 - ATTACKING NETWORK-CONTROLLED HARDWARE
There were still many interesting presentations and topics, which is not surprising given the list of keynotov conference: General Alexander - Director of the NSA (PRISM and Blablabla) and Brain Muirhead (NASA, the cool story about the rovers who conquered Mars). Unfortunately, most of the konfa we stood at our ERPScan booth :), so I will not discuss them in detail, everyone can get acquainted with the material here .
Instead, I will try to tell you how the conference went as a whole.
It is worth noting that besides me and Alexander dark_k3y Bolsheva, with whom I worked together on a report on attacks on BI systems, Alexander Polyakov also went to Vegas, whose work has once again fall on BH. This time he led a training session at VN.
We all had to speak on the first day, immediately after the director of the National Security Agency, Alexander. It is a little insulting, because they could not listen to each other's reports, and after that they tried ... umm ... find out who had more listeners. In addition to this small minus, the timeslot was perfect. There is nothing better than “shooting back” at the beginning of the conference, after which you can calmly go to other people's speeches or communicate with people who liked your report. It was ridiculous: late in the evening, on the streets of Vegas, various people approached who were not interested in our little things or the latest model phone, but on how Sasha and I managed to perform so coolly. Nice damn it.
So, a little about the atmosphere of Black Hat. The conference takes place in the hotel / casino "Saesars Palace" (yes, the one from the "Bachelor Party"). There are a lot of visitors at the conference:
In addition to reports and workshops, there is also a section at the conference where resellers present various security tools (Black Hat Arsenal), and a section with stands of various security companies, which, by the way, included our stand. In general, people had something to do with their time:
What did the hackers do in the evening in Vegas, when the reports ended? Mainly, by parties (let American retirees play in casinos). After the conferences, a huge number of different parties took place, since the main goal of the conference is not reports at all, but the community that gathers in Vegas. So, the first party - traditionally, the speaker-party - was held in one of the towers of the Caesars. It was attended mainly by speakers, presenters of workshops and trainings, sponsors, conference organizers and those who managed to somehow get the coveted bracelet. The situation was easy and relaxed, people got to know, shared their impressions and expectations related to VN. This is where you can meet a lot of smart people who are ready to talk with you on any topic on information security. The party ends early, because the next day the main part of the conference starts - reports, people go to bed.
The evening of the first day of the reports is the main one. The whole movement is on this day. IOasis party - a party from IOActive - happened in one of the luxury rooms of the "Caesars". It was possible to get there only at the invitation of one of those present. A lot of drinks and snacks - and here you are, shying away from shyness, you go to communicate with a friend Grug or Bratus, surrounded by his students. Here are the main speakers and people who have a serious weight in the global information security industry.
The evening also hosted publicly available (by appointment) WhiteHat party and Metasploit party.
The first was held at the pools of the hotel and was decorated in Hawaiian style. There were dances, flower necklaces, straw skirts and mini-guitars. But I remember more the race on the radio-controlled boats on the pools (by the way, their management could be intercepted, for example, thanks to HackRF / BladeRF , which we showed at our ZeroNights conference).
Metasploit party was held at one of the Vegas clubs. Huge dance floor, swimming pools and a free bar - what else do you need to relax? The people at this event was a huge amount. Finding interesting and useful people in this crowd was not a problem either. Well, if it became quite boring, then you could go up to one of several visitors with a Googleglass on his head and ask him to play with him.
On the final day, I hit three BlackHat parties: from Microsoft, Isec Partners, and Zpaty.
The first was again available to anyone and strongly resembled the composition of the Metasploit party who came. Loud music, bar and acrobats on the ceiling.
Isec Partners party was local and was intended for friends of the company. Everything was held in the luxury room of the HardRock-hotel with a giant aquarium, a bowling alley, live music and, again, a free bar. There were a lot of Russian-speaking guys, due to the fact that one of the company's divisions is located in Belarus (if I remember correctly :)).
On the way to the Isec Partners party, we decided on an easy quest and received an invitation to Zpaty. It was decided to call in, as someone said that Mitnick would hang out there. Well, we did not find Mitnick and, having downcast a little at the bar and having a chat with the organizer of some local conference, went further.
Since the conference was held in early August, the PRISM and Snowden's deed were still very much discussed topics. People went to conferences in T-shirts with the image of Edward, with badges "Hellme May Name of Edward", etc. Snowden for most of those who came to the conference was a hero who decided on a brave deed.
Another point that was paid attention to at each party and the report was the death of the hacker Barnaby Jack .
They talked about it, it was discussed, many good words were said about Barnaby. This common grief brought together many strangers who were inspired by Jack.
Also at the conference is traditionally held the Pwnie Awards competition, at which security researchers are awarded pony figurines for the best security research and found bugs. Remarkably, this year, among the nominees for the award was the Russian diver Georgy Nosenko (Digital Security) with a critical vulnerability in SAProuter.
The final list of winners who received the coveted pony can be found here .
The general impressions about Black Hat USA turned out to be extremely positive: a lot of interesting people, cool recseers, whose work is always interesting to read, and a fun and relaxed atmosphere, conducive to dialogue.
We speak a lot at various foreign conferences and tried to embody the best of them at our own ZeroNights conference, which took place recently in Moscow. It was cool, wait for the report soon :)
Source: https://habr.com/ru/post/203708/
All Articles