On my way to Las Vegas, NV for Black Hat 2010 and DEFCON 18. I barely got on the flight, and that’s with a confirmed reservation. Apparently Delta does this new thing wherein anyone who books late or after 60-70% of the flight is booked doesn’t get a seat assignment. Instead you have to wait for your initials to show up on a TV screen at the gate. I guess it is a lot like the lottery. I was essentially the last person to board, and a nice couple gave me the window seat. I had a few minutes to start this post on my iPad, which was handy.
Thankfully, this year, I will be attending on behalf of my company and better yet, for real business. As an IS LDP, I’ve managed to land a great rotation within the information security department. I’m primarily working on educating developers on how to write secure code, tools they can use, and implementing new process milestones to ensure that everything is coded securely for that specific case.
Unfortunately, a lot of what we need to cover hasn’t been revealed yet: this year’s exploits. Being in attendance for Black Hat and DEFCON is the best way to get informed, meet people who know what we’re up against, and really understand what we’re doing. That said, I had planned on making the trip to Vegas already, as I did last year for DEFCON. Something about the community at the DC events is just amazing. Your concerns, thoughts, and ideas suddenly don’t fall on deaf ears. Why? Because every attendee knows how deep the rabbit hole goes.
I’m very excited about the talks this year. The residential router pwnage is going to be a popular talk I think, as well as the ATM jack potting. I’ve heard there will be a GSM interception demo at one of the talks, which will be hilarious if it works, so I’ll have to remember to stay off my phone during that one. For work, I’ll be attending the web application and coding talks; especially the Blitzableiter release, as we really need information on secure Flash and ActionScript coding.
What else is there? Oh right, the rest of DEFCON… I’m hoping to get into a few parties this year. I don’t drink, and try not to get into related predicaments, but the opportunity cost is far too great to pass up. The people you can meet just by hanging around the smoking area, even if like me, you don’t smoke, is awesome. Last year I met am ex-Air Force cyber warfare guy, a crazy German with a gambling problem, and a red team teacher and mentor. Okay, that last guy was drunk, but he turned out to be telling the truth and had some very good stories.
The plan for this year? Shed my newbie status and get out there.
