The last time I attended a BlackHat Conference, somebody tried to break into my computer using a 0-day vulnerability, which I noticed and blocked due to pure luck.
Today, armed with a well sized toolbox of sniffers and packet analysers, I’m in Las Vegas. No, not to gamble my AV researcher salary, but to attend the BlackHat USA Briefings and Trainings, 10th Edition.
One of the most striking things about BlackHat conferences in Las Vegas is the huge number of people that come to listen to the presentations: about database security, rootkits, writing secure code or state of the art hacking. This information was cutting edge about 6 months ago – any respectable hacker is going to keep all the 0-day exploits to him/ herself, and only disclose a few every now and then.
This year there are about 3000 registered participants and about double that number is expected at DefCon, which is starting tomorrow. I think it’s by far the biggest computer security-related conference I have attended.
The first day went pretty smoothly, with talks ranging from US Government officials down to self confessed hackers who are known only by their nicknames. Personally, I find this very interesting – in the antivirus world, you’d never (except under truly exceptional circumstances) see a virus writer coming to a conference such as VB or AVAR to talk about his latest creations. Yet at BlackHat it’s pretty common to see people talking about better ways to evade rootkit detectors or IDS systems to the accompaniment of loud cheers from the crowd.
The packet sniffer that I have set up on my PowerBook has been pretty silent so far except for an insane amount of broadcasted packets (after all, most people here do have a laptop and are using the WiFi connection to … do…things) . But I wouldn’t be surprised if I saw a rerun of the Amsterdam 0-day experience. After all, it is BlackHat.