Hi,
I won’t be in Vegas for Black Hat this year as there’s a direct conflict with one of my kids’ birthdays, but I thought one or another reader might find it helpful to get some inspiration as for selecting the talks to catch (not least as there’s so many interesting ones). I hence decided to quickly write this post.
Here’s my would-be schedule for the first day (second day to follow, maybe, in another post), under the assumption to attend exactly one talk per slot. I could give a longer rationale per talk than the one below, based on several (mostly technical) factors, but this is just about providing suggestions in a brief form.
Disclaimer: I was on the BH guest review board this year so I might be biased in some cases.
10:20 Kate Pearce & Carl Vincent: HTTP/2 & QUIC – Teaching Good Protocols to Do Bad Things
From a real-life deployment perspective this talk might (still) come a bit too early, but hey, I’m a networking guy, and I know that Kate puts months of scrutiny & energy into preparing her talks.
11:30 Sarah Zatko & her husband: Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L.
Due to the current hype around this (interesting!) project you might have to show up early for this one to get a seat.
13:50 Wesley McGrew: Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
If you’re a pentester yourself or you regularly engage such guys, go watch this talk! You’ll learn a lot about what can go wrong in the field.
15:00 Paul Sabanel: Into the Core – In-Depth Exploration of Windows 10 IoT Core
16:20 Dan Amiga & Dor Knafo: Account Jumping Post Infection Persistency & Lateral Movement in AWS
Very interesting & relevant topic which needs to be on the radar of defenders in all those organizations who’ve (hastily?) moved critical applications to AWS.
17:30 Kymberlee Price: Building a Product Security Incident Response Team: Learnings from the Hivemind
This is for a rather specific audience but if you belong to it, please go watch this talk. It might help many of us (and society in general). thank you.
===
Some more candidates include:
Sean Metcalf: Beyond the MCSE: Active Directory for the Security Professional
If you’re involved with infosec in a large organization just read the first sentence of the abstract and you’ll understand why this is a relevant talk, and there’s probably not many guys who can deliver the message the way Sean can.
Felix Wilhelm: Xenpwn: Breaking Paravirtualized Devices
Felix is a colleague of mine so I had the pleasure to see this already. If you haven’t, strongly consider watching it. Here’s a quote on Felix’ work.
Michael Ossmann: GreatFET: Making GoodFET Great Again
Besides giving the clown too much reference by the “great again” wordplay this is probably a great talk if you’ve an interest in hacking hardware. I know first-hand that Michael always delivers.
===
I wish everybody safe travels and a great time in Vegas
Enno
PS: to my companions & friends not mentioned above – please don’t take it personally. I didn’t take it easy … I’m sure you will deliver outstanding talks, too 😉