Events

BlackHat USA 2006

The last time I attended a BlackHat Conference, somebody tried to break into my computer using a 0-day vulnerability, which I noticed and blocked due to pure luck.

Today, armed with a well sized toolbox of sniffers and packet analysers, I’m in Las Vegas. No, not to gamble my AV researcher salary, but to attend the BlackHat USA Briefings and Trainings, 10th Edition.

One of the most striking things about BlackHat conferences in Las Vegas is the huge number of people that come to listen to the presentations: about database security, rootkits, writing secure code or state of the art hacking. This information was cutting edge about 6 months ago – any respectable hacker is going to keep all the 0-day exploits to him/ herself, and only disclose a few every now and then.

This year there are about 3000 registered participants and about double that number is expected at DefCon, which is starting tomorrow. I think it’s by far the biggest computer security-related conference I have attended.

The first day went pretty smoothly, with talks ranging from US Government officials down to self confessed hackers who are known only by their nicknames. Personally, I find this very interesting – in the antivirus world, you’d never (except under truly exceptional circumstances) see a virus writer coming to a conference such as VB or AVAR to talk about his latest creations. Yet at BlackHat it’s pretty common to see people talking about better ways to evade rootkit detectors or IDS systems to the accompaniment of loud cheers from the crowd.

The packet sniffer that I have set up on my PowerBook has been pretty silent so far except for an insane amount of broadcasted packets (after all, most people here do have a laptop and are using the WiFi connection to … do…things) . But I wouldn’t be surprised if I saw a rerun of the Amsterdam 0-day experience. After all, it is BlackHat.

BlackHat USA 2006

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox