It’s been a few weeks since my last post here and I want to get back in to the swing of regular posts. So I want to announce that over the next few weeks I’ll be posting my commentary on some of my favorite talks from Black Hat and Def Con this year. For those of you who may not be as familiar with Black Hat and Def Con, they are two of the best security conferences in the US. They are held every year in the same week in Las Vegas, NV. Here are my thoughts on each of the conferences.
Black Hat is the more professional of the two conferences. This year and next year it will be held at Mandalay Bay Casino. The conference starts off with either two or four day training sessions that cost varying amounts depending on the content and length of the training. These happen Sunday through Tuesday. Then the conference ends with two days of professional talks on a wide verity of subjects. These are what I will be writing about for the next few weeks. Black Hat is a great conference and however it feels very much like a marketing campaign by the vendors that support the conference. Every where I walked it seemed like there was a sign that said “Coffee provided by Microsoft” or “Restroom cleaning provided by Cisco”. Obviously I’m joking on the last one, but it seemed like vendors paid good money to put their name on almost anything. Which is great for the attendees if you get excited about free swag. While the vendor swag was great, I was mainly there to learn. The talks started off slow and I was really disappointed with them at first, however as the day went on the talks got much better.
My final thoughts on Black Hat are this. The conference is great, however it is highly vendor focused. The conference is also expensive; my entrance to the talks was $1795USD (and that was the early bird special) and my two day training cost me $2600USD. While the talks were good, there was nothing that amazed me so much that I thought the price was worth it. This is a conference that I would attend again, however I would only attend if my company paid for me to go again. I would not pay the $1795 out of my own pocket. Finally, my opinion is that in order to make Black Hat worth while you must attend one of the trainings, otherwise you should attend Def Con instead.
Def Con is the conference that started it all. 22 years ago, Jeff Moss (aka. The Dark Tangent also founder of Black Hat) brought together a bunch of his friends who were the first of the hackers (back then they were just referred to as computer nerds) for a party. Def Con is one of the best security conferences for the money, it costs $220 in cash at the door and its 4 days of security related talks. The thing I like about Def Con talks is that many of the talks from Black Hat stay around and are given at Def Con as well. Def Con feels more grassroots in that all the organizers (also called Goons) are volunteers and there are no corporate sponsors. There is a small vendor area that has mainly has small hacker community vendors selling their products at a discount. So this conference does not feel as commercialized as Black Hat.
Unlike Black Hat, Def Con has other things to do other than just the amazing talks. There are the various villages, Crypto and Privacy, Lockpick, Wireless, Hardware Hacking, Social Engineering, Tamper Evident and ICS (Industrial Control Systems). In these villages there are experts from around the world that are willing to help you and answer any questions you may have. They will regularly put on workshops to teach you the basics in their respective field and the best part is they usually have some sample hardware for you to test your new found skills on. There are also various competitions such as Crash and Compile where teams have to solve coding problems and every time their code compiles and crashes or does not provide the correct output they must drink a beer (did I mention this started as a party?) or the all time coveted capture the flag competition. Finally, after a long day of listening to talks or learning new skills in the various hacker villages there are the parties. Some can get pretty outrageous and some are more tame than others, but my suggestion is that everyone go check out hacker jeopardy. If you’ve never seen it just search it on youtube and you’ll understand why I recommend it.
My final thoughts on Def Con are this, it’s a great security conference and well worth the $220. It has this awesome grassroots feeling that I think attracts a lot of great minds in our field. The talks are great and the villages allow for hands on learning of new skills. If you are going to travel for one conference this year I would recommend this one.