Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:30 AM
Connect Directly

How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’

Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there's no better place to do it than Black Hat.

As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.”

Now, maybe I’m giving attendees a little bit of a hard time... But the reality is that the only network you can be confident you’re not going to get owned on is the one you’re not connected to -- and even that’s no guarantee.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

The problem with getting thousands of highly intelligent, highly skilled, information security professionals together in one place, is that you’ve just gotten thousands of highly intelligent, highly skilled, information security professionals together in one place. We may have changed our titles and maybe now we carry business cards, but hackers gotta hack and there’s no better place to do it than Black Hat. Black Hat attendees have access to some of the most highly sought-after training classes and speakers from all over the globe. They get to learn from the people who created the tools they use every day and wrote the books that helped them become professionals in the first place.

Now all that talent and technique has to go somewhere, and it often ends up being tested out on the Black Hat network. While a lot of the “malicious” traffic on the network can be attributed to exploration, demonstration, and plain old curiosity, that doesn’t mean that everyone on the network has your best interests in mind. A high concentration of infosec professionals seems to attract malicious hackers as well; they like to test the attendees and get a rush from owning the very people that should know better.

But what if you don’t know better? What if you’re new to all this and have somehow found yourself in the deep end? Don’t sweat it, I’ve got a few tips that will hopefully keep you connected without the side effect of bringing home an uninvited guest.

Calm Down
Seriously, calm the hell down. You’re lucky enough to be at one of the most exciting security conferences in the world, so enjoy it. If you spend the entire conference looking at your electronics in a deranged, paranoid state, you’re going to be miserable.

Opt Out
This is a rather severe approach, but if the idea of walking among all the hackers that Black Hat, B-Sides, and DEF CON bring to Las Vegas in a single week freaks you out to no end, just disconnect. Let everyone know that you’ll have very limited access to electronic communications, power down your laptop, turn off your phone, and chill. Let’s face it, there’s enough hype around the things that happen at these conferences that just telling someone you can’t be reached for a few days, or even a week, should be fine. If they give you a hard time, tell them to Google where you’re going.

If you can’t live without packets flowing through your life, then just take some precautions. When it comes to your devices, here’s what you should do… at a minimum.

  • When you’re not using your computer, shut it off: not sleep, not hibernate, off! Locking your computer and walking away is not an option. If it’s not in use, it’s in your hands, and it’s off. Got it?
  • Got Full Disk Encryption on that machine? Why not? Fix that before you come. I’m not mad, I’m just disappointed.
  • If it can be patched or updated, do it. I shouldn’t have to say this, really, but update and patch all of your devices before you come to Las Vegas. I see all the requests to Windows Update flying around the network throughout Black Hat. It’s actually one of the largest uses of bandwidth. Why wasn’t this done sooner? What it tells me is that you connected an insecure laptop to a public network and then decided to patch it. You’ve left a window of opportunity, and you should be ashamed.
  • Disable all the things. Turn off WiFi and Bluetooth, and not just on your laptop, but on all the other gadgets you brought with you as well. Limit your attack surface, know what transmits a signal and when it’s doing it. If you’re not using your phone, turn it off, or put it in airplane mode. You can check it periodically when the mood strikes, but limit the amount of time you’re available to attack.
  • So, you’re taking the plunge, and you’re connected to the conference WiFi. You better be using a VPN. Most corporate machines should come with some kind of VPN software already installed for when you’re reaching back to the home office, but if this is your personal machine, or you don’t want to be restricted by corporate filters, VPN services are cheap, and there are lots of options. 
  • Use two-factor authentication. This is another simple method to provide great security and not enough people are doing it. Use 2FA on all your accounts that support it. This means if you somehow get your login and password stolen, you still greatly shrink the window of opportunity for an attacker. Gmail, Twitter, and Facebook all support 2FA, so set it up before you take off for Vegas.

General Safety
There are things outside locking down your laptop that limit your exposure and are just good general behaviors to practice while moving around the hotel and conference area.

  • Don’t plug into anything. Okay, maybe you can plug into a power outlet, but if you see somewhere you think looks like a good place to charge your phone and it’s a USB port, leave it alone. I’ve seen “charging stations” that were specifically set up to get you to plug in, and own you. Charge your devices in your room or off your own power sources. Why is your battery low, anyway? Didn’t I tell you to turn your phone off?
  • Don’t plug anything in. You didn’t think I’d let this one sneak by did you? Every year we have people dropping random USB drives around the conference floor. At Black Hat USA 2015 someone was literally throwing USB drives into open classroom doors. It’s not just a story, it happens! So if you see a drive on the ground, do us a favor, pick it up and put it in the nearest trash can. Oh, and if you see the guy dropping them, throw him in there, too.
  • Avoid ATM Machines. Just consider all of the ATM machines in the hotels surrounding the conference area to be out of order. Several of them are always compromised and on one occasion a full-size ATM was rolled into DEF CON and left in the conference area. Seriously.
  • Use cash when you can. This may be considered slightly contrary to what I said above, but hear me out. When conducting financial transactions, use cash where you can. Just bring the cash with you from home or from an ATM off the strip. Skimmers are plentiful in Las Vegas, and especially during the week of Black Hat/DEF CON. I wince whenever I see a “norm” using an ATM or swiping their credit card in complete ignorance, it pains me somewhere deep inside.
  • Leave your company badge in your room. I often see people walking around with their company badge hanging off their belt at security conferences and I have no idea why. It’s incredibly common in the Expo Hall, but certainly not limited to there. Do your security team a favor and take off your badge, you’re not at the office, and no one’s impressed that you work for Microsoft. Off!

Black Hat is a blast and you’re lucky that your company sees the value in having you attend, so enjoy it. Now get out there and learn everything you can from the smartest speakers and trainers in our industry. Be smart and stay safe because the only thing you want to be compromised at Black Hat should be the demos on stage and your liver.

Reated Black Hat 2016 content:



Neil R. Wyler (a.k.a. Grifter) is an information security engineer and researcher located in Salt Lake City, Utah. Neil is currently with RSA as a threat hunting and incident response specialist. He has spent over 16 years as a security professional, focusing on vulnerability ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
User Rank: Apprentice
10/23/2016 | 7:44:35 PM
The Black Network Safe?
People those mostly looking any information in online but the black hat users getting such like information.
User Rank: Ninja
10/20/2016 | 10:14:18 AM
Identity theft
Staying safe is not something that the user should stop using a certain website or a tool for staying safe and secure. The web is a bad place as of now in terms like you never who is spying on your online activites. It is therefore advisable to stay safe from these hacking attempts and to secure your IP with PureVPN that provides encrypted online connection and also offers 5 plus multi logins so that is a plus. 
User Rank: Apprentice
10/1/2016 | 4:35:11 PM
Re: 2016
I totally agree with you getting exposed to cyber threats is very common these days and the best thing we can do is to go anonymous over the internet on all the devices, the best tool is a VPN service to safeguard your privacy and security and it also helps us to bypass all the geo-restrictions and gives us the power to access all the blocked websites from anywhere in the world.
User Rank: Apprentice
9/15/2016 | 12:08:30 PM
Stay safe and anonyme is The difficulty in 2016
User Rank: Apprentice
8/8/2016 | 9:41:09 AM
Re: Definitely beware ATMs
I wonder if anyone is selling RFID-security wallets that read the cards in them and send the data 'home'?
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/3/2016 | 5:18:07 PM
This is precisely my thinking and strategy whenever I attend an event at MIT.  I'm sure as shootin' not connecting to the network of the university with some of the brightest hacking minds in the world.

Actually, I don't ever connect to the network at any conference I go to.  It's just best practice -- and having 4G helps.
User Rank: Apprentice
8/2/2016 | 10:32:42 AM
The best wishes
Actually the article is informative enough! As for the first aid for your protection, it is vpn, which can help you to enhance your security and stay private when it is necessary for you. Some people say that it doesn't protect your system, but to be exact it is the only service which can try to do it and do it well. As for me, I prefer expressvpn  https://www.bestvpnrating.com/service/expressvpn the cost is rather high, but at the same time the result satisfies me.

As for the suggestion not to pay vie the net, nowadays it is impossible as it is the most convenient and the fastest way as you can avoid a lot of problems concerning queues.

On the whole, for staying secure you should just follow all the tips, as there is no flexible decision yet.
User Rank: Apprentice
8/1/2016 | 9:22:57 PM
Stay Safe
This reminds of when I was training rookies at the State prison where I worked as an Officer for 10 years. One asked how he could minimize the risk of being attacked by an inmate or inmates.  He wasn't too pleased when I replied, "Simple. Don't show up for work."

They got the picture.

Great post.
User Rank: Ninja
7/29/2016 | 4:03:26 PM
Re: General Consensus
Anytime I am at a security conference (or any IT conference for that matter), two features I turn off are wifi and bluetooth. I know too much, have done too much, and I am paranoid to the nth degree.
User Rank: Ninja
7/29/2016 | 1:24:59 PM
General Consensus
From most of the pen testers and white hatters that I have spoken to in the past they recommend not connecting as much as possible while at blackhat.
Page 1 / 2   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.