… So I've finally recovered from Hacker Summer Camp and the resulting Con Flu.
I've long been interested in what happens at Black Hat and DEF CON, watching every video from the conventions that I could find over the years. And this year I was lucky enough to go to both (on the company dime), as a consequence of being head of the security competency group at Bouvet East.
It was such a great experience; From talking to a CTO of a Cambridge hardware security company in our upgraded seats across the Atlantic ocean, to experiencing the madness that is the Las Vegas strip on the weekend!
Some of my personal highlights of Black Hat include Ian Coldwater and Duffie Cooley's talk about abusing Kubernetes defaults, the one about Pre-auth RCEs on SSL VPNs, Apple's expanding their bug bounty program, and learning about Microsoft messing up their jwt authentication, allowing anyone access to everybody else's inboxes on "new UI" Outlook. The NOC report was pretty funny too.
… oh, and the Time AI stuff!
I mean:
"Using the infinite variations within music composed real-time by artificial intelligence, TIME AI generates encryption keys as unique as your own iris"
Talk about crypto snake oil!
DEF CON was also great; The badge, the first ever AppSec village, Patrick Wardle's presentation about Mac malware, Bruce Schneier's "Information Security in the Public Interest"-talk, Hacker Jeopardy, Whose Slide Is It Anyway – and of course "Adventures In Smart Buttplug Penetration (testing)"!
I just wish I hadn't missed Azuki's (Yan Zhu) DJ set.
Sure hope I'm able to go back next year!
Edit: Since returning from Vegas, I've written about both Black Hat (original Norwegian, English Google Translation) and DEF CON (original Norwegian, English Google Translation) for the Norwegian site Kode24.