September 28, 2013

BlackHat Report

I'm just finishing up my last (second) day of BlackHat briefings.  I was lucky enough to be able to be sent to attend BlackHat this year by my company (Dynamics Research Corp).  A few tips for attendees - water, deodorant, more water, and black T-shirts.  The uniform of the day for conference attendees seems to be the ubiquitous black T-shirt with some form of hacking slogan on it.  I'd say it's at least 50% if not more.

You'll need to drink plenty of water to stay hydrated.  So far, I think I'm winning this battle, but as soon as you step outside in the Vegas heat, your mouth dries up within seconds, and you can feel the water get wicked up your esophagus only to be lost to the desert.  While you won't spend much time outside, the dryness persists in the air-conditioned casinos, and while it's a slower process, it continues unabated the whole time you're here.

Also, don't forget to eat.  I think I ate dinner at 11:45PM last night.  There is so much going on, and it's so interesting that skipping a meal as you focus on something else is an easy thing to do.

With all that said, Oh My God! - I need to come to this every year, whether the company is picking up the tab or not.  I may not be able to afford BlackHat, but I can probably pick up BSides-LV and Defcon myself.  The people here are smart as hell - everyone is extremely congenial and open and the whole experience so far has been phenomenal.  It's going to take me all year just to DIGEST the amount of information I've picked up here - and my head is SWIMMING with new ideas spurred by some of this research.  I'm thinking in new ways about timing attacks, secondary communication channels, encryption, browser security, organizational defenses.....it's incredible!

Note: This post sat in draft mode because I never got back to finish writing it - Defcon was so engaging I forgot about it entirely.