Careers & People
7/10/2015
11:00 AM
Kerstyn Clover
Kerstyn Clover
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Black Hat For Beginners: 4 Tips

What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.

When I went to Black Hat USA for the first time last year, not only had I not ever been to any big conferences but I also had never been to Las Vegas. Black Hat veterans can probably imagine my culture shock as I tried to quickly acclimate to the information overload. If you haven’t been, hopefully you can learn from my experience.

Tip 1: Know where the restroom is before you need it. Not only is this a good rule in general, but I think it applies heavily to Black Hat. The conference area turns into a labyrinth when you only have a few minutes until your next talk and huge crowds of people are milling around. Last year I seemed to find all of the women’s rooms that were temporarily men’s rooms -- after I’d had four cups of coffee and had to wander the halls looking for other locations. Maps are your friends.

Tip 2: “Get yourself invited to as many parties as possible.” That’s quoted because those were specific directions from my manager. I initially laughed out loud. I didn’t realize it at the time, but the social events really are a great place to meet people and find interesting conversation. You might also find unique arrays of food and drink used by the hosts to attract attendees. Some vendors will give out tokens or passes to their events at the expo hall, but for others you’ll want to watch the Black Hat webcasts and emails for information!

Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.
Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.

Tip 3: Conversely, skip events if it’s what is best for you. I’m pretty extraverted, so my initial goal was to be out as much as possible to see all of the people, displays, and demonstrations. If you’re more introverted this may come naturally, but I realized I occasionally had to push myself to go back to my room and rest. The dry air, long days, and late nights can take a serious toll. One night I opted to make it an early evening with a hearty dinner, which helped a lot on the next day when I could forgo the headache medicine and actually stay awake through talks.

Tip 4: Take notes. If you’re picking up business cards or vendor documents, keep a pen handy and write down a summary of who you talked to and what you discussed. You may think you’ll remember those topics (I did, too), but I’m here to tell you from experience that you will not. Those memories will stay in Vegas, but when you want to follow up with that one person about that neat product you talked about at that fun party, your notes will be very helpful. It’s also a good idea to keep track of what talks you attended and any stand-out information to read more about later.

Black Hat USA is next month. Register here.

As a staff consultant on the SecureState Attack and Defense Team, Kerstyn works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.