It’s almost that time of year again, when hackers, researchers, gurus, and just about everybody with an interest in cybersecurity descends on Las Vegas for the annual Black Hat USA conference. This year is the venerable expo’s 22nd in succession and promises 6 action-packed days stuffed with intensive training courses, cutting-edge briefings, demos of innovative products and, of course, plenty of social networking. There’s no shortage of information on what to expect, but check out our guide below to make sure you haven’t missed anything essential. We’ve also got some tips for those of you that wish you were going but couldn’t make it, so read on!
Black Hat USA 2019, which runs from August 3rd to August 8th, is expected to host almost 20,000 attendees, which means there’s one statistic that applies to us all: almost nobody will know you, and you will know almost nobody. One of the main aims of Black Hat is to put some small dent in that statistic so that you come away having made some new friends and acquaintances. Since everyone is in the same boat, don’t worry about being shy and strike up conversations with all those strangers! A great place to network is the hosted parties. We’ll be hosting our own on Tuesday 6th at 5.30pm, so join us for golf, gaming and a whole lot more!
Every year there’s a warning about being hacked at Black Hat, and to be fair, a gathering of thousands of hackers is not a place where you want to hang out if you have no idea about security. The organizers recommend Faraday bags and RFID blocking sleeves. If you’re bringing a laptop device, a good idea is to flash it with a clean install, put the bare minimum of data on it you need to survive the week, and restrict unnecessary services like Bluetooth and Wifi. When you get home, pull off any files you need to keep and restore the device from a backup. For phones, some people take a burner, others use a Faraday bag to keep out unwanted attention. Watch out for ATM skimmers, too, and because you’re a security professional we don’t need to tell you: don’t plug in any USBs handed out by strangers (or newly-met friends)!
Black Hat USA 2019 is all about the tech, hacker craft, and improving your skill set. And it’s also a great place to pick up a new gig. With the massive shortage in cybersecurity skills facing the industry, everyone’s looking to hire talent, and if you’re in the market you’ll find plenty of people interested. Personal networking in the Business Hall is a great place to start. There’s also a Who’s Hiring page on the Black Hat USA website you can check out.
As cool as it can be to hang out with a whole tribe of like-minded infosec professionals, not everyone can find the time (or the cash!) to get to Black Hat USA 2019. While that means you will miss out on the parties and the swag in the Business Hall, it doesn’t mean you have to miss out on the most important Briefings (Black Hat lingo for conference presentations). You can sign up for online streaming access and even get a USB – we’ll trust the organizers to provide one that’s free of malware and trojans! – with recordings of all the presentations. Costs start at $299, and rise depending on which package you choose.
Speaking of hacking and online streaming, Black Hat themselves got pwned by Mozilla’s Michael Coates back in 2010 when he signed up for the online streaming. He quickly found a way to get the service without dishing up the cash due to a vulnerability in the web application that was supposed to handle the registration. Of course, Michael informed the organizers immediately, and the issue was quickly fixed. We wonder if they gave him a free sub after all? If like Michael, you happen to stumble across an unexpected vulnerability, responsible disclosure is the key. See the next item!
The commencement of Black Hat USA 2019 just happens to coincide – almost to the day – with the 2nd anniversary of Marcus Hutchins’ arrest by FBI agents on August 2nd, 2017, which occurred shortly after the Black Hat and Def Con conferences of that year. Marcus, better known by his handle MalwareTech in InfoSec circles, had become the ‘accidental hero’ of the WannaCry ransomware outbreak earlier that year when he inadvertently tripped a kill switch by registering a domain he found hardcoded into the malware. That brought the ransomware infection to a sudden halt, and brought Marcus a lot of attention. Marcus fell foul of the Feds after trying to make his way home after Black Hat USA 2017 when agents charged him with distributing the Kronos banking malware some years earlier. Marcus’ story’ provides a cautionary tale: hackers attending the con who are guilty of real cyber crimes? Beware.
Everybody loves a good Capture the Flag competition, and this year there’s an online CTF aimed at all levels running throughout Wednesday 8th, with a $1000 prize for 1st place (there’s runner up prizes, too!). Don’t worry if you’re not a hardcore hacker: even first timers are welcome to participate and learn first-hand the fun of a CTF competition. Build your skills through self-learning challenges in forensics, web exploitation, scripting and reverse engineering. It’s free and open to non-attendees, so you can do it from home. What’s not to like? Find out more here.
Yup, that old law of physics which applies to everyone (except Star Trek characters) means you’re going to have to make some hard choices about what to attend and what to miss. Schedule clashes like this for pretty much every time slot mean you’re going to have to make sacrifices.
Fortunately, at least the Trainings and Briefings run on separate schedules, but you’ll still need to think carefully about which is most important as access depends on what kind of pass you buy. Trainings are generally well-regarded, some have even sold out already and most are nearing full subscription, so plan ahead as to what might interest you. Be aware that Trainings won’t offer you any kind of certification, but will put you in the hands of industry professionals who live and breathe their work. Briefings are vital to keep up with the direction of the latest research, but plan ahead of time which you want to attend and get there early. Queues will be long, so have a backup plan if you can’t get in to a session that’s your first choice.
If you’re used to sitting behind a desk (or on a sofa) staring at your computer display for long hours, then there’s another kind of Black Hat Training you might want to consider before the con even kicks off: upping your exercise regime! You’re going to be putting in a lot of steps as there’s plenty of miles to cover between halls, conference rooms, bars, restaurants and the like. And when you’re not walking, you’re going to be spending a lot of time standing, so choose footwear with comfort not fashion in mind. You’ll also want this handy floor plan to help you find the shortest distance between two places.
We don’t mean that like “walk on water, only faster”, but as in “water is the elixir of life”. You’re going to the desert, in August. Water might not be everywhere, and it certainly won’t be cheap, but if you’re going to get the max out of your hectic schedule you need to ensure that you’re properly hydrated. Alcohol (no surprise) will dehydrate you, but so will lots of talking – or shouting during noisy parties. Take a refillable water bottle with you and replenish it at every available opportunity. Moisturiser for dry lips will come in handy, too.
If you’re not entirely exhausted by Thursday the 8th and are lamenting not being able to see all your new found buddies till Black Hat USA 2020, the good news is Def Con 27 is waiting for you just down the strip. That’s right, Def Con begins on the last day of Black Hat, so if you really want to push yourself to the max, meet even more people, share any of the amazing things you’ve learned while loading up your knowledge base still further, there’s four more days of fun to be had. Def Con 2019 runs from August 8th to 11th, and you can check out all they have to offer here.
Whether you’re going to Black Hat to meet like-minded people, learn new tricks or explore the latest security solutions, you’ll find plenty of each and much more besides. With 125 Trainings, 124 Briefings and hundreds of vendors exhibiting in the Business Hall, you’ll come away with a unique insight into all the latest trends in Infosec. SentinelOne will be there, of course, so come and join us at Tuesday’s party and drop by and say hello at Booth 222 in the Business Hall.