Careers & People

7/10/2015
11:00 AM
Kerstyn Clover
Kerstyn Clover
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Black Hat For Beginners: 4 Tips

What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.

When I went to Black Hat USA for the first time last year, not only had I not ever been to any big conferences but I also had never been to Las Vegas. Black Hat veterans can probably imagine my culture shock as I tried to quickly acclimate to the information overload. If you haven’t been, hopefully you can learn from my experience.

Tip 1: Know where the restroom is before you need it. Not only is this a good rule in general, but I think it applies heavily to Black Hat. The conference area turns into a labyrinth when you only have a few minutes until your next talk and huge crowds of people are milling around. Last year I seemed to find all of the women’s rooms that were temporarily men’s rooms -- after I’d had four cups of coffee and had to wander the halls looking for other locations. Maps are your friends.

Tip 2: “Get yourself invited to as many parties as possible.” That’s quoted because those were specific directions from my manager. I initially laughed out loud. I didn’t realize it at the time, but the social events really are a great place to meet people and find interesting conversation. You might also find unique arrays of food and drink used by the hosts to attract attendees. Some vendors will give out tokens or passes to their events at the expo hall, but for others you’ll want to watch the Black Hat webcasts and emails for information!

Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.
Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.

Tip 3: Conversely, skip events if it’s what is best for you. I’m pretty extraverted, so my initial goal was to be out as much as possible to see all of the people, displays, and demonstrations. If you’re more introverted this may come naturally, but I realized I occasionally had to push myself to go back to my room and rest. The dry air, long days, and late nights can take a serious toll. One night I opted to make it an early evening with a hearty dinner, which helped a lot on the next day when I could forgo the headache medicine and actually stay awake through talks.

Tip 4: Take notes. If you’re picking up business cards or vendor documents, keep a pen handy and write down a summary of who you talked to and what you discussed. You may think you’ll remember those topics (I did, too), but I’m here to tell you from experience that you will not. Those memories will stay in Vegas, but when you want to follow up with that one person about that neat product you talked about at that fun party, your notes will be very helpful. It’s also a good idea to keep track of what talks you attended and any stand-out information to read more about later.

Black Hat USA is next month. Register here.

As a staff consultant on the SecureState Attack and Defense Team, Kerstyn works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.