Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/10/2015
11:00 AM
Kerstyn Clover
Kerstyn Clover
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Black Hat For Beginners: 4 Tips

What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.

When I went to Black Hat USA for the first time last year, not only had I not ever been to any big conferences but I also had never been to Las Vegas. Black Hat veterans can probably imagine my culture shock as I tried to quickly acclimate to the information overload. If you haven’t been, hopefully you can learn from my experience.

Tip 1: Know where the restroom is before you need it. Not only is this a good rule in general, but I think it applies heavily to Black Hat. The conference area turns into a labyrinth when you only have a few minutes until your next talk and huge crowds of people are milling around. Last year I seemed to find all of the women’s rooms that were temporarily men’s rooms -- after I’d had four cups of coffee and had to wander the halls looking for other locations. Maps are your friends.

Tip 2: “Get yourself invited to as many parties as possible.” That’s quoted because those were specific directions from my manager. I initially laughed out loud. I didn’t realize it at the time, but the social events really are a great place to meet people and find interesting conversation. You might also find unique arrays of food and drink used by the hosts to attract attendees. Some vendors will give out tokens or passes to their events at the expo hall, but for others you’ll want to watch the Black Hat webcasts and emails for information!

Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.
Kerstyn (bottom right) and her newfound friends from Black Hat & DefCon last year.

Tip 3: Conversely, skip events if it’s what is best for you. I’m pretty extraverted, so my initial goal was to be out as much as possible to see all of the people, displays, and demonstrations. If you’re more introverted this may come naturally, but I realized I occasionally had to push myself to go back to my room and rest. The dry air, long days, and late nights can take a serious toll. One night I opted to make it an early evening with a hearty dinner, which helped a lot on the next day when I could forgo the headache medicine and actually stay awake through talks.

Tip 4: Take notes. If you’re picking up business cards or vendor documents, keep a pen handy and write down a summary of who you talked to and what you discussed. You may think you’ll remember those topics (I did, too), but I’m here to tell you from experience that you will not. Those memories will stay in Vegas, but when you want to follow up with that one person about that neat product you talked about at that fun party, your notes will be very helpful. It’s also a good idea to keep track of what talks you attended and any stand-out information to read more about later.

Black Hat USA is next month. Register here.

As a staff consultant on the SecureState Attack and Defense Team, Kerstyn works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26030
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2021-26031
PUBLISHED: 2021-04-14
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2021-27710
PUBLISHED: 2021-04-14
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system funct...
CVE-2021-28484
PUBLISHED: 2021-04-14
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send i...
CVE-2021-29654
PUBLISHED: 2021-04-14
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.