While summer invokes nostalgia of beaches, volleyball, and sunscreen for many, white hats look forward to a different kind of trip every summer. Every summer brings the anticipation of what is known as "Hacker Summer Camp" to mind. This year did not let us down. For those of you who are not familiar with this, Las Vegas is the scene of what amounts to the largest gatherings of hackers and InfoSec enthusiasts in the world. Three big conferences, BSides Las Vegas, BlackHat and DEF CON all take place over the course of a week in late July / early August. This year's events took place during the week of August 1st, 2016 starting with BSides Las Vegas. I was fortunate enough to be able to attend BSides Las Vegas and DEF CON.
BSides Las Vegas is an amazing conglomeration of everything security from CTF (Capture the Flag) competitions with the Pros vs. Joes event to the Lockpick Village and The Hacker Pyramid and other interesting contests run by the vendors that participate. Vendors that participate are more interested in what you have to offer them as opposed to what they can sell you. Most, if not all, the vendors participated in the Hire Ground track which offered extensive help to those wanting to find work or simply hone their resumes and interviewing skills.
The talks are categorized into well-defined tracks that each have an underlying theme. Each talk is recorded and can be found on YouTube. I was fortunate to be accepted to give a talk this year in the Proving Ground track. My talk can be found here if you are interested. In addition to my talk, there were more than 100 other talks and panels given by some amazingly talented people spread throughout seven different tracks. One of the tracks was made up entirely of workshops and classes. The best part is that everything is 100% free! That's right, just show up and get a badge and away you go. Some of the topics include: What Snowden and I have in Common - Reflections of an ex-NSA Hacker
- Jeff Man Calling All Hacker Heroes: Go Above and Beyond
- Keren Elazari Better Password Security & Cyber Security Awareness
- Lorrie Cranor & Michael Kaiser How to Travel to High-risk Destinations As Safely As Possible
- Ryan Lackey How to Securely Build Your Own IoT Enabling Embedded Systems: From Design to Execution & Assessment
- Jens Devloo, Vito Rallo & Jean-Georges Valle (Workshop) PowerShell Fu - Hunting on the Endpoint
- Chris Gerritz Improving Your Personal Value Proposition to Take That Next Step in Your Career
- Scott Takaoka & VerSprite Hire Ground Opening Remarks
- Jack Daniel
These are but a few of the great talks and workshops presented at BSides Las Vegas. Some talks are quite sensitive in nature, are given under strict security and not filmed or recorded in any way. Aside from the talk content and insight, this conference is small enough for more one-on-one interaction and discussion away from the tracks. It is often in these dialogues that you learn the most and expand you network of contacts and colleagues.
There are also a multitude of social events including a pool party, the Super Soaked Hackers water balloon fight benefiting Hack4Kids, the ever exciting Hacker Pyramid and various auctions benefiting EFF and BSides Las Vegas.
I arrived a day early so that I could participate in the practice in the speaker practice session on Monday afternoon. Tuesday and Wednesday were filled with time attending talks, presenting, visiting the many vendors and learning tables, interacting with people I hadn't seen since previous events and socializing. You have to be somewhat organized and plan ahead so that you can maximize your time and get the most out of the time spent. I will still be going back and reviewing the videos of talks that were of interest but conflicted with others commitments. What you learn at an event like this is far more than you might expect. Digesting everything and putting it use means going back later and reviewing or rehashing talks and extracting those pearls that make your life in InfoSec easier.
Attending conferences like BSides Las Vegas helps expand your vision and view of the world, helping you better understand what is trending in the world of InfoSec. This year was my second time attending and I already plan on returning next summer.
If you are a regular DEF CON or BlackHat attendee, make plans to come a few days early and check out BSides Las Vegas. The costs are minimal. You will be pleasantly surprised. I will discuss my DEF CON adventures in an upcoming post.