How Hacking Dies…. to thunderous applause
by mjw on Aug.10, 2007, under
This year was my first time attending BlackHat. I’ve gone to Defcon several times before and I’ve generally enjoyed the experience. However, I was able to get BH expensed this year and went along.
Initially I was quite impressed. Caesar’s is FAR nicer than Alexis Park or the Riviera. Lunch was excellent and the talks were very comfortable. The parties were awesome and in general I can’t complain at all about the location/setup.
Unfortunately, the speakers just didn’t deliver. There was no exceptional work this year such as exploiting Cisco routers or 0-days for some major software. I can handle the lack of exceptional. If everything were exceptional than exceptional would just be ordinary. I had expected the types of talks I’d heard at Defcon in years past. The speakers are usually the same so shouldn’t the talks be about the same?
The answer is definitely ‘no’. The audience was mostly managers and other suits, so the talks tended to be not technical or product focused. I think the low point was Greg Hoglund’s talk. Greg is an exceptional person, he’s written several of the best books in the Offensive Security sphere. He was talking about exploiting MMORPGS (and you can’t get much cooler than that), but 95% of the talk was just a sales pitch for HBGary’s Inspector — which while I’m sure it’s a cool product but I can’t afford it and I don’t want to hear about it.
So in that room and to thunderous applause of the sales pitch, Hacking died at BH07.
Leave a Reply
You must be logged in to post a comment.
August 10th, 2007 on 3:00 pm
I think day 1 was really good. The HD moore talk, there was a talk on the HEAP which was dry but the content in the paper made up for that. Plus the JS talk (hacking intranet sites from the outside in). Day 2 was very weak. I setup my bluetooth scanner and collect some data for a project I am working on.
I don’t want to agree because I have really loved BH in the past, but I would say that another year of the sponsors buying there seats and time to speak at BH and the con will be dead. Go back tot he days of allowing more independant speakers to come in with ideas and content. Not some sales pitch on a product that no one in the room can afford.
Also, more free open source tools or POC code would be cool.
xs
August 10th, 2007 on 10:00 pm
I thought HD’s talk was alright. It’s the style of pen-testing that I prefer. Far too many people perform a “vulnerability assessment” and call it a pen test. I think there’s an important difference in that a VA is essentially scanning a network for a known vulnerability. It’s pretty much just auditing the patch management system. Pen testing, hacking to me, is right on with what HD was talking about. However, as that’s what I do all the time the talks seemed rather slow to me (not to mention they took up 2 blocks).
Which talk about heap exploiting are you talking about? The one talking about dereferenced pointers?
I think the real “scene” is moving to the sidelines of BH/Defcon. I got a nice DoS against the iPhone that I’m still playing with and I talked about a few cool topics with some buddies — but I just have to wonder what’s the point if the best part of the conference is talking with friends?
My new goal is to get more involved with the Shmoo group and try to help build up shmoocon. Despite have the same old taste of DC I think it’s the best route to having a really meaningful experience.
August 13th, 2007 on 12:11 am
The HEAP talk was “Understanding the HEAP by breaking it”. Very good technical paper to read when jacked up on Monster and Penguins.
I also agree that alot of the scene is move to more of a side channel. People meeting and talking. Same kind of stuff in our crew. Talking about new code, 0-days or just drinking and having fun.
We are going to hit shmoo next year and see what it is like. I think alot of people want to work with shmoo, it’s just getting them to respond to you and work with ya. Good luck with that.
Maybe we can find some sexy girls before next year and get them in our crew so we can go to the hacker pimps and the ninja parties. I have been going to Defcon and BH for fours years and have never been invited. Maybe we lack foo.
BH and DC seem to be selling out there talk spots to the highest vendor. Just look at who is speaking at BH this year. All of the major speakers were major sponsors to the con. HUMMM…. so DT sold it and then sold out.
xs