Misc Tech Notes

Fre 19 Augusti 2016

Black Hat USA 2016 and DEF CON 24

Posted by Peter ReuterÃ¥s in Conference   

This year I had the opportunity to attend both Black Hat and DEF CON in Las Vegas. This was my third time in Las Vegas and it felt great to be back. I really enjoy the city for 5-6 days every year or so. Even though everything is more expensive now then my first time there. This time we flew over with the relatively new Norwegian direct flight from Arlanda. That was the best flight ever. No changes and no bad domestic flights in the states. Also the TSA at Las Vegas was nice and extremely fast. The time from leaving the plane to be in the cab was under 30 minutes. We stayed at Aria which was great and located between the two conference venues. Normally the price for Aria is high but the rates for it from Black Hat made the rates normal. It was a great upgrade from the dark room at Luxor that was very depressing.

This was my second Black Hat conference. I attended 2014 and took part in one two day course. This year it was only the two days of talks and visiting the business hall and I must say that I don't think that the value you get from that isn't worth the price. Presentations are mostly very good but two days with scheduling conflicts that seems to be planned as well as talks placed in small rooms with not enough place makes it easy to miss talks. For that I payed (or my employer) $1,895.00. And that price doesn't even include access to the videos that you miss due to scheduling or to small rooms. At Vmworld talks that many people like to see can be scheduled more then once which I think is a concept that Black Hat should adopt. Next time I would prefer Bsides Las Vegas and DEF CON only. If any colleague what like to attend Black Hat USA I would only recommend doing it they wanted to take a course or had planned meetings with vendors. One other recommendation would be to only send on person there and by the videos of the presentations for the enterprise. Having to miss one session just to queue for the DEF CON badge for one whole hour was an other disappointment. You have to do that better next time. Also not having the right amount of badges and not communicating that in a better way so that we missed even more of the talks to go to DEF CON to change the plastic badge for a real one.

I should say that there was a lot of good talks at Black Hat and not only bad things. The keynote by Dan Kaminsky had some god points about where we would have been today without ssh and other other crypto solutions. Some other good talks was Demystifying the secure enclave processor and The Linux kernel hidden inside Windows 10.

DEF CON 24 was my first visit to that conference. Directly it was very clear that DEF CON was something completely different from Black Hat. People where open and asked questions when a colleague worked on the badge challenge. If I remember correctly there where four groups of people asking questions during one hour when we sat at a table in the chillout room. Most of the talks where good even though the remote control an airliner talk was canceled. Next time at DEF CON I would plan it more carefully and attend some villages. DEF CON is most certainly a conference I would recommend and that I would like to attend again.

Next time I would prefer to attend Bsides Las Vegas to get a feel for that conference. Or visit any other security conferences like DerbyCon or Hack in the box. Any other suggestions?