Black Hat and DEF CON 2017 Recap

July 31, 2017 • Amanda McKeon

The Black Hat 2017 conference just wrapped up in Las Vegas, followed immediately by the DEF CON hacker convention. Between the two shows, it’s one of the largest annual gatherings of cybersecurity professionals and enthusiasts in the world.

Black Hat features a trade show floor with vendors representing all aspects of the cybersecurity community, plus high-profile keynote speakers and educational sessions covering a variety of research and industry developments. This year was Black Hat’s 20th anniversary. And DEF CON celebrated its 25th year as a destination for everyone from cybersecurity hackers to lock pickers.

Recorded Future’s Alex Walker was there, and on today’s show he shares his experience from Black Hat and DEF CON, and how these sorts of gatherings are helping the cybersecurity and threat intelligence communities mature and focus on emerging challenges.

This podcast was produced in partnership with the CyberWire and Pratt Street Media, LLC.

For those of you who’d prefer to read, here’s the transcript:

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone, I’m Dave Bittner from the CyberWire. Thanks for joining us for episode 17 of the Recorded Future podcast. The Black Hat 2017 conference just wrapped up in Las Vegas, followed immediately by the DEF CON hacker convention. Between the two shows, it’s one of the largest annual gatherings of cybersecurity professionals and enthusiasts in the world. Recorded Future’s Alex Walker was there, and on today’s show he shares his experience from Black Hat and DEF CON, and how these sorts of gatherings are helping the cybersecurity and threat intelligence communities mature and focus on emerging challenges. Stay with us.

Alex Walker:

It’s a massive undertaking. So, probably one of the biggest spaces that you could have a conference in Las Vegas. Full of different types of vendors speaking about pretty much every element of cybersecurity, pretty incredible to see all of these things in one place. So many companies that we also work with, and then a lot of ones that maybe I’d never even heard before. So many people talking about, how do we approach a world that is becoming ever-increasingly dangerous online, and that as people become more and more aware of these potential cyberthreats, how can we protect ourselves in all these different spaces? There’s a lot of people at least looking to insert their solution in different parts of companies’ workflows. And it’s everything from the private and public sector to federal intelligence, that kind of thing. Really, a wide swath of people trying to tackle the issue of how do we confront this world today that is evermore connected and gives opportunity for people to do bad things to us?

Dave Bittner:

And so, we’re talking about sort of a typical trade show environment where you have a show floor with booths, and then breakout rooms with meetings and presentations?

Alex Walker:

Yes, exactly. Pretty typical trade floor, and a number of people trying to use their booth, use their space, to try to say something unique. Or at least, draw you in to be able to be curious about what their security solution is making different for you from all the other vendors’ booths.

Dave Bittner:

Now, also going on in Vegas around the same time is DEF CON. So, what’s the difference between Black Hat and DEF CON?

Alex Walker:

I think really it’s in the approach, the attitude. DEF CON is seeking to tackle, how do we live in this new environment? It was the 25th year of DEF CON this year. Its history is really based in this 90s hacker culture. The original founders, and still a number of the people who are involved in putting on DEF CON every year, were essentially, criminals. People who either through curiosity or other things, decided to see what they could do. Some of those original phone phreakers, people who tried to break into government websites for fun. So, there’s this attitude of adventure. There’s still very much this outsider nature that can definitely be hard to break into, but what it does offer is unique solutions to those problems, and a certain amount of fun, cynicism, sarcasm, when we approach these different problems.

So, for example, I attended a session on point-of-sale malware, and it was an individual who had gathered up a number of different machines that you would find to swipe your card at any kind of retailer. He found out ways to get around some of the protocols to access the administration mode, and then eventually, to load on the video game Doom, and then using the magnetic stripe to enter cheat codes into the game and have a playable version of this video game on that four to six inch screen. Something that you would only think could be used for putting your card information in.

Dave Bittner:

Now, so it seems like there’s almost a whimsical nature, sort of a winking nature to DEF CON. They don’t take themselves too seriously, perhaps.

Alex Walker:

Absolutely. And that element goes out to everything. There’s chill-out sessions sponsored by pirate electronic radio. Any of the things that you want to purchase in terms of swag, official t-shirts and hats, you have to pay only in cash, and they give you a number where you have to wait in line. There’s a lot of these things about obfuscating your personality. The badges this year were a recreation of the original DEF CON 1 badge, in which instead of your name, like I had on my Black Hat badge, it’s an alias. So, people refer to each other by their online handles. There’s still this sense of anonymity. And then, there is a small vendor space within Black Hat [Editor’s Note: Alex meant to say DEF CON], but again, you’re paying for a lot of these things only in cash, and it’s things like lock-pick sets. Again, in the spirit of seeing what is possible, living on this line of what may be legal. But also, giving this liberating spirit of, let’s see what we can do, let’s test the boundaries, and let’s try to tackle these problems in a different way.

Dave Bittner:

So, getting back to Black Hat. Take us through some of the sessions that you attended. The kinds of things that were there for you to be able to learn.

Alex Walker:

I had to spend a good majority of my time at the booth. But when I did have a little bit of time, walking around the floor, seeing the different ways that people were presenting solutions, and I think one of the biggest things that seemed to be across the board was providing analysts information. The other way, too, was trying to populate that information within a space that made sense. Sometimes it would be the same thing, people talking about an endpoint solution versus another kind of software service, and trying to sell this idea that it is possible to protect yourself if you know the right kinds of things. So then, it all becomes a matter of what sources are important to you, can you have the proper coverage of those sources to make sure that you know as many things as you can. The amount of information that is necessary to do that job is increasing all the time. It’s also up to analysts to be savvy about what information is important, and perhaps what other things are too noisy.

But, one of the things that I really noticed in this conference that’s been different than the number of other conferences that I’ve attended in the space was the situational awareness about threat intelligence. How it might be important to even emerging teams where there’s only a couple people, and how to try to find solutions that would maximize their amount of time. So I had a number of conversations and did some demonstrations for people who said, “I’m the only threat analyst. I’m the only person who’s actually hunting,” or “I only work with two other guys who are in a SOC, and I have to link up everything that I do and be able to share information quickly between other members of my team.” And so, it’s been interesting, even within the last six or eight months or so, to see people changing into this space, knowing what they want to get out of threat intelligence. And also understanding the potential importance of having more awareness about what types of threats could be affecting them, and what possible ways they can mitigate those threats.

Dave Bittner:

So when people were coming to your booth at Recorded Future to ask about threat intelligence, what kinds of questions were they asking?

Alex Walker:

A lot of it revolved around the types of data, the types of sources. People asking me about, do you collect from certain kinds of blogs or forums? How can I link all of this different information together? How can I place all this information about IPs and hash values and domains into a place where I’m already using it? So, a lot of conversations about things like a SIEM integration. How can you help me do what I’m already doing? How can you pair with products that I already have to make it better? How can we maintain awareness about our entire environment? So, I had a conversation with a couple educational institutions, universities who have a pretty big public IP space. How can we make sure that none of our IPs are being used for bad things, become part of a RAT control or something like that?

Dave Bittner:

Is there a sense of an overall maturation of the field, of the environment? Things are … I don’t want to say settling down, but that people are getting a sense for where they need to focus their energies?

Alex Walker:

Yeah. I definitely see some of that happening. I think there’s still a number of people who, they see some of the need based on these big things like WannaCry, Petya, NotPetya. This kind of huge wave of tools that I think a lot of people, a lot of analysts, didn’t quite understand how they’re being paired. Where are these attacks coming from, how can we protect ourselves in the future? But, I think the more and more things are being published about these types of attacks, things with ransomware, increases in the amount of Apple iOS malware that no one can just afford to sit on their laurels anymore. So, I think that need, or that urgency to be more proactive and more aware was definitely there. And overall, I think that’s a good thing. Even if it’s companies, teams, analysts that haven’t quite gotten to that exact space, the idea or mindset that threat intelligence is essential to everyday duties, I think it’s gonna go a long way to getting us collectively in the space that we need to be to try to mitigate some of these future disasters.

Dave Bittner:

So, beyond the show floor itself, when you’re considering the social side of things … the opportunities to be able to gather with other people in the industry, to socialize, to trade stories, what are the opportunities for those sorts of things at this show?

Alex Walker:

Sure. One of the greatest things about something like Black Hat, is just how many people are in one place at one time. Being able to have a number of different meetings with people in somewhat of a more casual environment. To be able to talk about different ways that you’re applying threat intelligence, different ways that companies view the security world, and getting time to socialize about things. I think when you can hang out and talk about some of these issues, perhaps there’s a higher level of honesty, of being candid. Also, I think you need a certain amount of that, going back to what we’ve been talking about with DEF CON, I think you need some of that humor, some of that different angle, alternative approaches to solving some of these issues.

Dave Bittner:

So, you’re fresh back from the show. As you’re looking back on the time that you spent out there in Vegas, what are the take-homes for you? What are some of the lessons that you learned?

Alex Walker:

I’d gone to another session at DEF CON, which was trying to think of how it was somewhat of a larger lesson about the place we find ourselves in encountering these new threats. So, it was all about drones. The threat that could be perceived from smaller drones, these mini quadcopters. And then, all of the different companies that are in the space to counter or approach this issue.

So first, they gave a demonstration of how this drone could fly by your window while you were taking a coffee break, use your wireless USB mouse to access your computer files. And they put up a screen that said “You’re now in the danger drone.” These things in which it’s such a simple thing, and maybe even a threat that you wouldn’t even perceive right now in terms of all the other threats that are in the space. And then, it was looking at all of the different companies that are trying to solve this issue, with varying degrees of success. Anything from highly trained eagles, to guns with nets, and all of these other things. When I think about this kind of physical threat that is also manifesting itself in a cyberspace, we’re looking at the ways that we’re trying to counter this threat. We have to be careful in the way that we’re trying to offer solutions and trying to compete with things that are somewhat alien, that are evermore sophisticated, with old methods, may not work anymore.

One of the other things that I encountered, too, is how big between these two communities have overlapping membership, how wide this group of people is who really care about tackling these problems. It’s exciting to see how many brilliant minds are devoted to this space that is becoming less and less niche all the time, as its issues that the general populace are thinking about every day. Looking forward to this future in which every single person, in their own lives because they use so much technology, is potentially at risk. So, how to best educate everyone to be able to meet those challenges in the future.

Dave Bittner:

Our thanks to Alex Walker for joining us.

Don’t forget to sign up for the Recorded Future Cyber Daily email and everyday you’ll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

You can also find more intelligence analysis at recordedfuture.com/blog.

And remember to save the date for RFUN, the sixth annual threat intelligence conference coming up in October in Washington, D.C. Attendees will gain valuable insight into threat intelligence best practices by hearing from industry luminaries, peers, and experts from Recorded Future. The details are at recordedfuture.com/rfun.

We hope you’ve enjoyed the show and that you’ll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast team includes Coordinating Producer Amanda McKeon, Executive Producer Greg Barrette. The show is produced by Pratt Street Media with Editor John Petrik, Executive Producer Peter Kilpe, and I’m Dave Bittner.

Thanks for listening.

Related Posts

Exploring the Future of Security Intelligence at RFUN: Predict 2019

Exploring the Future of Security Intelligence at RFUN: Predict 2019

December 5, 2019 • The Recorded Future Team

Just about a month ago on October 29 to 31, more than 600 Recorded Future partners, clients, and...

Threat Hunting, Mentoring, and Having a Presence

Threat Hunting, Mentoring, and Having a Presence

December 2, 2019 • Monica Todros

Our guest today is O’Shea Bowens He’s CEO of Null Hat Security and a SOC manager for Toast, a...

From Infamous Myspace Wormer to Open Source Advocate

From Infamous Myspace Wormer to Open Source Advocate

November 25, 2019 • Monica Todros

If you are of a certain age — an age where you may have spent a good bit of your time online...