Blackhat 2017 and Defcon 25

So I went to “hacker camp,” Black Hat USA, BSides LV and the DefCon. This year is the 20th Blackhat and 25th DefCon which promises to be a special event.

BlackHat USA 20

As usual it starts with the more corporate-friendly Black Hat USA security conference, which took place at the Mandalay Bay in Las Vegas.

The main highlight of the conference is Black Hat Briefings, which runs July 26-27. This year Microsoft was showcasing their new Defender ATP and ATA which is promised to launch in September. The new Defender will be available to all Windows 10 users with corporations opting for ATP and ATA as an enterprise solution. The product demo was quite impressive with the ability to detect anomalous powershell and malicious application behaviours. Truly EPP, EDR and UBA are merging into a single platform and if Microsoft pulls it off, it would be like Trendmicro and Crowdstrike having a child that protects the user from malicious code and suspicious behaviours.

On the vulnerabilities front, Dragos demoed the CrashOveride attack that hit Ukraine last month. SCADA and ICS systems still have a long way to go before nation’s critical infrastructure is secure. As a mining employee, I feel for the time being, air-gapping industrial systems is the way to go until manufacturers start writing secure code.

Not to be beaten by SCADA, IoT manufacturers also got a lot of exposure at BH20. The usual arsenal sessions showcased tools against networked light bulbs which you can buy at Home Depot, wifi security cameras that coughed up credentials to electronic door locks that you can bypass with a simple payload.

All in all, BH20 is corporate and I had made vendor meetings with McAfee, Trendmicro, Exabeam, Crowdstrike, Bugcrowd, Splunk, Microsoft, Cisco and DarkTrace. Below I posted a few vendor dinners and parties as this is part of the vendor relationship building that one does at BlackHat.

DefCon 25

DefCon always follows Blackhat, in fact you can buy your DefCon pass when you get your BlackHat pass, no LineCon for you!

This year DefCon is at the grand Caesar’s Palace in Las Vegas from July 27-30. I 100% like Caesar’s Palace better as a conference ground and yes DefCon 26 will be back at Caesar’s again so thank you DT for listening to the masses. At BlackHat you get the VIP treatment and sleep comes at a regular time usually after large sponsored dinners but for DefCon it is very very different. At DefCon, sleep is a privilege. You’re treated like a n00b until you hack something. For me, I spend a lot of time at the hacking villages and workshops learning new skills and attacks from world renown hacker and the attack tool writers themselves.

Among the villages I spent the most time at: Voting Machine hacking village, Car Hacking village, Crypto and Privacy village, Wireless village and Lockpicking village. This year the Voting Machine Hacking Village is brand spanking new and because of the Russia hacking controversy, it got most of my time (Hacking Democracy). I also want to note that the “Hacking Democracy” panel was high interesting and amusing because after listening to the speakers and then spending hours hacking a voting machine… I concluded Democracy is vulnerable despite their re-assurances.

What pays for DefCon is the skills that you learn from some of the best hackers in the world (if they don’t get arrested) and the 3 major skills I learnt this year, 1) Diebold hacking 2) Enterprise wireless hacking 3) Windows dll injection for privilege escalation. Second to that are the friendships with absolutely like-minded persons of interest. To end, I’ll leave you with some advice from DefCon25, “Packets don’t lie” and “Always social engineer your way in”.