From Election Hacking to Hacking the Human Body in Biotech, there were many things to learn from Black Hat and DefCon in 2018.
The Internet of Things (IoT) has succeeded in creating a virtual playground for hackers. The digital “tubes” of the internet are connecting our family, friends and even cybercriminals to private places like our business and our home. The target audience for Black Hat security topics were business executives. DefCon however, was a much more open and less formal program. Our team from Accellis attended over 50 of the sessions through both conferences. Three Las Vegas hotels (Caesar’s Palace, The Flamingo, and Mandalay Bay) hosted both conferences that had over 20,000 people in attendance. More than 300 corporate vendors were on display at Black Hat, but there were less than 50 vendors at DefCon. Such a drastic difference shows that DefCon is genuinely a conference put on by hackers, for hackers.
Black Hat vs DefCon
There were some training workshops at the start of Black Hat which we did not attend. We primarily focused on briefings, the Business Hall, and Arsenal (which is more of a demo style presentation). The Arsenal demos mainly showcased open source software that people had written and some techniques for using them. I found that the Arsenal presentation demos covered relevant and exciting topics for real-world situations. The presenting technicians were very knowledgeable and ready to answer any questions that were asked. Since the tools used are open source, presenters are always looking for ways to improve.
In contrast to Black Hat, DefCon sets a theme each year. This year’s theme centered around the dystopian future of Orwell’s novel “1984”. Conference badges were programmable circuit boards that encouraged attendees to move a character through a maze. This was a unique feature that gave attendees a challenge. The main mantras of DefCon are 1) to explore and talk to others at the villages, 2) the con is what you make of it, and 3) don’t be a jerk. There were several learning villages where you can get some hands-on learning with other attendee’s. Topics ranged from hacking cars to hacking using nanotech. There were some capture the flag style contests in the red team blue team and IoT villages and even a game show called Hacker Jeopardy.
These were both great learning events in different ways. Vendor relationships heavily influenced the Black Hat briefings. Creativity, on the other hand, influenced DefCon. It was like a live show and tell for people to interact with one another on a variety of topics hacking and security-based topics. Since DefCon is more community driven, more options were available to speak to people with similar interests.
Bringing Vegas Back to Cleveland
One important theme permeated much of the discussion through Black Hat and DefCon – only by transparent collaboration and working within the security community will individuals and organizations finally move the needle on improving security. The two options are: we fix it 9teach people to look after themselves), or we let the machines fix it for us. If we don’t get this right, Orwell’s dystopian future might be right around the corner.