Reminiscing About Black Hat USA 2015

The Strip

While searching for some photos for my last blog post on Thinkst Canary I found a couple more from our recent trip to Black Hat USA and DEF CON, which I consider worth sharing. Nothing too technical, just some visual impressions and comments from my side. Let’s get it on!

Sign Up

My colleague Patrik and myself arrived one day early before the briefings and headed right to Mandalay Bay to check out the Black Hat venue and get a feel for the city. The sheer size of just everything is mind-blowing.

Experiencing the Black Hat opening myself was far up on my todo list. The tweet of Dominique Bongard, from our own TROOPERS conference, stating that we have a “Blackhat US style introduction” was still present in my mind. You can imagine that expectations couldn’t be higher from there on!

Verdict: Call me narcissistic, but I still think our opening trailer is from a different planet. And [spoiler alert!] we’re actually planning to go for the next level in 2016 😉

Enough of this “who’s the coolest kid in town” pissing contest – let’s talk about the content then!

After the keynote by Jennifer Granick (which I enjoyed a lot!), I headed off to see some familiar faces (Haroon & Marco covered separately in my previous blog post) and ended up talking to tons of people around the conference. My basic insight for a event that big: You can’t meet everybody and you better accept early on that you won’t see every single talk. It’s just too much! Sadly Black Hat isn’t releasing all videos right away for free. Currently you can find eight of them in their 2015 YouTube playlist, including the #BH15 highlights “Rowhammer” by Mark Seaborn and Halvar Flake or “Stagefright” by Joshua Drake.


Later that day Charlie Miller and Chris Valasek brought another much-anticipated presentation onto the stage: Everything about their JEEP hack.

Hate them or love them, but those guys are indisputably fun to watch! They don’t make a secret out of their preference for stunt hacking – including remotely ditching a car in real life traffic. Knowing that people like Dave Aitel for example are quite vocal about not liking this kind of “geared towards the media kind of security research”, they even named one of the attack scripts “” to signal that they at least heard his criticism.

Besides being stunt-approved, they also showed off their technical expertise and reconstructed step by step their way towards the final compromise. One of the easier steps included making use of a service called “NavTrailService”, which didn’t need much exploiting at all. Charlie asked: “What does NavTrailService?” and Chris giggled “Gives you shells, bro.”

One advise from Charlie should have been followed more closely by our very own ERNW car hacking team (sorry guys for teasing ;-)): When bricking one of your car’s electronic components while trying to hack the car… NEVER EVER tell your car dealer that you actually tried to hack the car!

Just try to mimic Charlie’s innocent puppy face (seen above) instead, and you shall receive a replacement 😉

Square hacking

It was nice to see that Black Hat also opens the stage to young talents from the academic world. “Mobile Point of Scam: Attacking the Square Reader” was presented by two graduates from Boston University. Impressive to see how Alexandrea Mellen, John Moore and Artem Losev (not onstage) were able to mock around with every generation of Square’s credit card readers. Especially their hardware hack, physically bypassing the encryption chip of the S4 reader, spurred interest among the audience. Slides and white-paper are available.


On the left you see the official Black Hat NOC. If you’re interested in the stats of one of the most hostile networks on the planet you will find a talk about it online here. Let’s finish this session with possibly the best company booth I’ve seen for a long time (right photo). To illustrate their strong focus on the cloud (slogan: “Security as a Service”), the San Jose based company Zscaler allowed attendees to smash physical security boxes with a baseball bat! I guess that’s “Insanity as a Service” (IaaS) then 😉

There are a couple of more photos from DEF CON and a good story on vendor/community interaction from the automotive space. Stay tuned!

Thanks for reading – Florian