What goes on at a Black Hat conference?

By on 3 Sep 2015

Category: Tech matters


Blog home

Black Hat is the most technical and relevant global information security event series in the world.

Hacker conferences are great for building relationships, raising awareness and sharing practical insights and timely, actionable knowledge.

Black Hat is one of the most prominent security hacking conferences. Over 9000 security professionals, including myself, coming from over 100 countries attended this year’s conference in Las Vegas, USA.

This was my first Black Hat, which I was attending to expand my security knowledge and share the most up-to-date security information with APNIC Members I train. It was an experience worth sharing with all of you though.

Leading up to the conference, I read many articles pointing out some “safety rules”. These rules are in place for good reason as some of the world’s best security researchers and hackers attend the event, some of which are eager to try out their latest hacks and ground-breaking discoveries.
What happens at Black Hat, doesn't necessarily stay at Black Hat
The keynote speech “Lifecycle of a Revolution” by Jennifer Garnick was both powerful and thought provoking. She emphasized the importance of Internet freedom and why it is slowly dying.

We in the Internet community share the same view. Hackers, engineers and users alike are all responsible to keep it free, open, stable and secure. We can all agree with her when she said “The Internet would not just enable communication, but would do so in a decentralized and radically democratic way.”

BGP and DNS discussions

The main event ran many parallel sessions with over one hundred talks, briefings, arsenals and sponsored events.

I attended a two-day tutorial on Cloud Security. As more data moves to cloud services, this topic is deemed essential to include in our Network Security Workshop.

On the parallel tracks, I was naturally drawn to talks on network infrastructure security, including presentations on BGP and DNS. At APNIC, we make it our goal to spread awareness on RPKI (BGP Security) and DNSSEC.

The talk on “Internet Plumbing: The State of BGP Security” provided prolonged discussion about RPKI well after the Q&A.

In another talk, OpenDNS launched @bgpstream, a platform that posts alerts about hijack, leaks and outages.

Paul Vixie, a known figure in the Internet community and a recent keynote speaker at APNIC38, also did a talk on the use of Passive DNS and how it can be utilized to reduce damage during takedowns.

Other interesting talks focused on perimeter defense, intrusion detection and honeypots.

Everything can be hacked

A major idea that continually popped up during the week was that everything from mobile devices to big data environments can be hacked. Indeed this has an impact on the age of Internet of things (IoT).

Several vulnerabilities were disclosed – Stagefright for Android devices, Thunderstrike 2 hack for Mac firmware, remote car attacks using CAN messages, and SCADA insecurity.

The arsenal showcased many more new tools for hackers and forensics.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published.