Top Story: Black Hat conference recommendations
Next week is the annual Black Hat show in Vegas. It is actually a multitude of events, not all of which are run by the same folks. The main focus includes Arsenal (which is the live demos of various security tools) and the traditional trade show floor (both of which are held at the Mandalay Bay Wednesday and Thursday). There is also a CISO Summit held at the Four Seasons on Tuesday and the DEFCON show which starts on Thursday and runs through the weekend at Caesar’s Palace. And last but not least is B Sides Las Vegas, which is held at the Tuscany Suites Tuesday and Wednesday. This last show partly showcases the local farm team talent but often has some top-notch presentations (such as this one from a Proofpoint researcher on Google Docs vulnerabilities), many of which are available for watching online afterward.
The main keynote will be given by Alex Stamos, who is the Facebook CSO, on Wednesday at 9:00 am. He asks (and hopefully answers) if we can incentivize and celebrate defensive security research in the same way that we applaud the discovery of vulnerabilities. Here are a few other sessions that you might want to attend:
On Wednesday at 10 am there will be a talk on using a tool to determine your SAP security profile that uses PowerShell to probe further if your endpoint has been compromised.
There is a session on Wednesday at 11:30 am about using hacking tools to compromise Android phones, using some specific techniques that promise to be at the high end of the knowledge scale. At the same time, another talk will be on building a honeypot using a Raspberry Pi, and Christopher Hadnagy will discuss how attackers can research their targets and what you can do to stop them.
Wednesday at 1:50 pm, Borislav Chernilovsky, a security researcher at Imperva, will explore the Mirai attacks through the malware source code, including demonstrating the attacks themselves.
On Thursday at 9:00 am, this session shows you how a new exploit called Skype&Type can make use of audio info leaked from your VoIP calls to reconstruct the victim's input from keystroke noise.
Finally, RSA's Percy Tucker and Walter Abeson will discuss on Thursday at 11 am how they defend the show network from attacks and how the NOC team operates.