Believe it or not, 0day is usually rare at BH/DC. I've worked at vendors who paid money to have their various products placed on security con networks just to see that crap, and it is spectacular. The volume of the sheer crap, especially on the DefCon network, usually causes a near denial-of-service during peak times. Next thing you know, the laptops come out and bingo, more collateral damage. A “retired” hacker turned security professional meets up with that old buddy, they popped all those systems together back in the day, some old urges awaken after a couple of shots and stories about old times. You know that one person that if you are around you just want a cigarette, even if you quit years ago? Hacking can be that way, too. There will be a lot of hacker types, alcohol, and a weird form of "I must prove myself" posturing that can lead to collateral damage in the form of felonies committed against the tech you brought. Most occur during dinner time when attendees are eating and heading out to vendor parties - during the day there is more foot traffic and housekeeping staff about. Yes, there have been room break-ins in the past with attendees' tech devices targeted, but these are hardly the norm and somewhat rare. There will be researchers, security companies, and representatives from all kinds of target companies these groups are interested in. While a lot of these spies tend to do spy stuff on each other, on occasion they have been known to go after conference attendees. There are rumors that the number of government-rate rooms that are booked in Las Vegas hotels far exceed the number of BH/DC attendees from a TLA or military-industrial-entertainment-complex company. Some of these nation states send their spies simply because their enemy is sending spies.Īnd, of course, the various United States TLAs (short for Three-Letter Acronym, referring to the FBI, CIA, NSA, and other agencies, basically Scary Scary Spies) will be represented heavily, some to attend the conferences, but many to keep an eye on the aforementioned organizations. But a lot of them will be actual spies who do spy stuff, with a completely different set of scary skills. Some of the attendees are those same characters you've read about online, or who are featured on the Duo Security Attribution Magic 8-Ball of Truth and Justice (my name for it). There is typically a decent amount of foreign intelligence that attend BH/DC. While applicable to most cons, there are a number of threats historically associated with BH/DC, and I've grouped them into three categories - nation state actors, security professionals/hackers, and regular crime elements. With that in mind and input from friends, I've pulled a few tips together that I hope can help. While the easy thing would be just to say "don't use or bring a cellphone or laptop at all", I would hope security professionals are capable of attending a conference without getting compromised. This is a general guideline aimed at first-time attendees to Black Hat and DEF CON, although there is probably decent advice to be had for all contained in this post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |