So, I’m finally back from a very long week in Vegas. How long you ask? well, here are some numbers that start to reflect how it felt:
Number of days in Vegas: 6+1 (un-planned extra day due to a missed flight)
Number of conferences attended: 3.5 (BlackHat, BSidesLV, Defcon, and IOAsis counts as a 1/2 con…)
Number of talks given: 2 (in the same day… BlackHat + BSidesLV)
Number of shipments to my room at Caesars: 3 (shirts, phone, and locks which ended up unused due to my failure to run the lockpick sessions at IOAsis 🙁 )
Volunteer gigs: 2 (BSidesLV and Skytalks)
Average hours of sleep per night: 3 (and that’s really stretching it)
Number of nights I went to sleep after sunrise: 2
Average number of parties visited per night: 3 (Freakshow skewed the numbers as there was NO reason to leave that place…)
No. of phones I came in with: 1
No. of phones I left with: 3 (Thank you NinjaTel!)
Average no. of meals per day: 1 (I know… but Alcohol does not count as food unfortunately)
Gallons of booze consumed: probably illegal in some states.
No of friends I caught up with: not enough. And the ones I did manage to catch up with needed much more time 🙁
Hangovers: 0 (keep drinking -> no hangover to deal with…)
Miles walked: waaaaay too many
Weight lost/gain: 3.5lbs lost. Guess that’s the result of adrenaline rushes, parties, Infected Mushroom, long walks in the hallways, not much food, and lots of alcohol.
Overall this was personally the best Vegas trip I’ve had. I did take up a little too much on myself that I should have (as a couple fo friends duly noted, and excused me for some fuckups due to that), and I wanted to meet so many more people that I managed to somehow miss this year.
Nevertheless, some of the experiences were priceless – like having a chat with Infected Mushroom and finding out that Erez used to run a BBS back in the days, and that (although I don’t like to mention my darker days of hacking) we “knew” the same scenes. Having the opportunity to help out with BSidesLV and being amazed again by our community and what it can achieve. Being inspired by so many people, and learning constantly. These are the things that really make up the week of BlackHat/BSides/Defcon for me. It’s not necessarily the talks, but the socializing and the opportunity to pick people’s brains on a personal basis which makes it worthwhile to get to the levels of exhaustion that this week takes you to.
Guess it’s time to wrap up and figure out what timezone my body is on…
Lucky for me there are other people who write new content that somehow relates to this blog so I have a chance to point to them and say “cool stuff, look there!”.
My good friend Itzik Kotler has just written a blog post about bypassing DLP systems using some of our elements from last year’s DefCon talk (and BSides, and Hashdays, and Brucon, you get the idea…). It features some awkwardly written code (yours truly) and some wickedly useful evasion techniques (still mostly unhandled :-)).
It is truly one of the highest indicators for me that we are on the right track in making some change in the defensive paradigm, especially in light of the newly added defense track for BlackHat. An opportunity to capture the attention of a large and high-visibility audience while putting a harsh mirror in their faces is something that I have been looking forward to do for some time.
So there you go – Vegas this year is shaping up to be really interesting. With BSidesLV (in which I’m also involved as a volunteer and mentor) running along BlackHat, and the 20th DefCon, you really can’t miss it.
So, as if I didn’t have enough flights this year, here is where you can find me and hang out / grab a beer / talk shop / hack:
BSidesLV (August 3-4). If you are in Vegas in August, this is THE place to be. I’ll be running a couple of talks there – one with my colleague Itzik Kotler on VoIP botnets, and another on advanced data exfiltration. I’ll also be on the PTES panel, and will help out with the conference security.
DefCon (August 5-7). I’ll also be presenting at DefCon with Itzik on VoiP botnets.
Brucon (September 19-20). Seriously one of the best cons out there. And you get to enjoy the Belgian beer. What can go wrong? 🙂
Hashdays (October 26-29). First time for me at this conference. Friends who attended in the past can barely be reached for comments. This year’s badge will blow away any badge you have ever seen in a con. Oh, and the lineup is sick!
GovCERT.NL symposium (November 15-16). This is one of the best CERT teams I have had a chance to know (people-wise as well as professionally), and I’m really excited to have a chance to work with them again on some of the more burning issues in national level security.
SecurityZone (November 28-30). Finally – Latin America. Again – my first time at this conference. Looking at the speaker lineup this should be really fun, and the opportunity to mix in with the local Colombian security scene should be terrific!
Bottom line – really excited to have a chance to attend and speak at all these cool conferences. This year’s con selection has been focused on events that I’m familiar with and know are really good, and some new events with people I know and trust to run a top-notch conference (a policy that haven’t failed me yet…).