Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:30 AM
Connect Directly

How To Stay Safe On The Black Hat Network: Dont Connect To It

Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there's no better place to do it than Black Hat.

As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.”

Now, maybe I’m giving attendees a little bit of a hard time... But the reality is that the only network you can be confident you’re not going to get owned on is the one you’re not connected to -- and even that’s no guarantee.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

The problem with getting thousands of highly intelligent, highly skilled, information security professionals together in one place, is that you’ve just gotten thousands of highly intelligent, highly skilled, information security professionals together in one place. We may have changed our titles and maybe now we carry business cards, but hackers gotta hack and there’s no better place to do it than Black Hat. Black Hat attendees have access to some of the most highly sought-after training classes and speakers from all over the globe. They get to learn from the people who created the tools they use every day and wrote the books that helped them become professionals in the first place.

Now all that talent and technique has to go somewhere, and it often ends up being tested out on the Black Hat network. While a lot of the “malicious” traffic on the network can be attributed to exploration, demonstration, and plain old curiosity, that doesn’t mean that everyone on the network has your best interests in mind. A high concentration of infosec professionals seems to attract malicious hackers as well; they like to test the attendees and get a rush from owning the very people that should know better.

But what if you don’t know better? What if you’re new to all this and have somehow found yourself in the deep end? Don’t sweat it, I’ve got a few tips that will hopefully keep you connected without the side effect of bringing home an uninvited guest.

Calm Down
Seriously, calm the hell down. You’re lucky enough to be at one of the most exciting security conferences in the world, so enjoy it. If you spend the entire conference looking at your electronics in a deranged, paranoid state, you’re going to be miserable.

Opt Out
This is a rather severe approach, but if the idea of walking among all the hackers that Black Hat, B-Sides, and DEF CON bring to Las Vegas in a single week freaks you out to no end, just disconnect. Let everyone know that you’ll have very limited access to electronic communications, power down your laptop, turn off your phone, and chill. Let’s face it, there’s enough hype around the things that happen at these conferences that just telling someone you can’t be reached for a few days, or even a week, should be fine. If they give you a hard time, tell them to Google where you’re going.

If you can’t live without packets flowing through your life, then just take some precautions. When it comes to your devices, here’s what you should do… at a minimum.

  • When you’re not using your computer, shut it off: not sleep, not hibernate, off! Locking your computer and walking away is not an option. If it’s not in use, it’s in your hands, and it’s off. Got it?
  • Got Full Disk Encryption on that machine? Why not? Fix that before you come. I’m not mad, I’m just disappointed.
  • If it can be patched or updated, do it. I shouldn’t have to say this, really, but update and patch all of your devices before you come to Las Vegas. I see all the requests to Windows Update flying around the network throughout Black Hat. It’s actually one of the largest uses of bandwidth. Why wasn’t this done sooner? What it tells me is that you connected an insecure laptop to a public network and then decided to patch it. You’ve left a window of opportunity, and you should be ashamed.
  • Disable all the things. Turn off WiFi and Bluetooth, and not just on your laptop, but on all the other gadgets you brought with you as well. Limit your attack surface, know what transmits a signal and when it’s doing it. If you’re not using your phone, turn it off, or put it in airplane mode. You can check it periodically when the mood strikes, but limit the amount of time you’re available to attack.
  • So, you’re taking the plunge, and you’re connected to the conference WiFi. You better be using a VPN. Most corporate machines should come with some kind of VPN software already installed for when you’re reaching back to the home office, but if this is your personal machine, or you don’t want to be restricted by corporate filters, VPN services are cheap, and there are lots of options. 
  • Use two-factor authentication. This is another simple method to provide great security and not enough people are doing it. Use 2FA on all your accounts that support it. This means if you somehow get your login and password stolen, you still greatly shrink the window of opportunity for an attacker. Gmail, Twitter, and Facebook all support 2FA, so set it up before you take off for Vegas.

General Safety
There are things outside locking down your laptop that limit your exposure and are just good general behaviors to practice while moving around the hotel and conference area.

  • Don’t plug into anything. Okay, maybe you can plug into a power outlet, but if you see somewhere you think looks like a good place to charge your phone and it’s a USB port, leave it alone. I’ve seen “charging stations” that were specifically set up to get you to plug in, and own you. Charge your devices in your room or off your own power sources. Why is your battery low, anyway? Didn’t I tell you to turn your phone off?
  • Don’t plug anything in. You didn’t think I’d let this one sneak by did you? Every year we have people dropping random USB drives around the conference floor. At Black Hat USA 2015 someone was literally throwing USB drives into open classroom doors. It’s not just a story, it happens! So if you see a drive on the ground, do us a favor, pick it up and put it in the nearest trash can. Oh, and if you see the guy dropping them, throw him in there, too.
  • Avoid ATM Machines. Just consider all of the ATM machines in the hotels surrounding the conference area to be out of order. Several of them are always compromised and on one occasion a full-size ATM was rolled into DEF CON and left in the conference area. Seriously.
  • Use cash when you can. This may be considered slightly contrary to what I said above, but hear me out. When conducting financial transactions, use cash where you can. Just bring the cash with you from home or from an ATM off the strip. Skimmers are plentiful in Las Vegas, and especially during the week of Black Hat/DEF CON. I wince whenever I see a “norm” using an ATM or swiping their credit card in complete ignorance, it pains me somewhere deep inside.
  • Leave your company badge in your room. I often see people walking around with their company badge hanging off their belt at security conferences and I have no idea why. It’s incredibly common in the Expo Hall, but certainly not limited to there. Do your security team a favor and take off your badge, you’re not at the office, and no one’s impressed that you work for Microsoft. Off!

Black Hat is a blast and you’re lucky that your company sees the value in having you attend, so enjoy it. Now get out there and learn everything you can from the smartest speakers and trainers in our industry. Be smart and stay safe because the only thing you want to be compromised at Black Hat should be the demos on stage and your liver.

Reated Black Hat 2016 content:



Neil R. Wyler (a.k.a. Grifter) is an information security engineer and researcher located in Salt Lake City, Utah. Neil is currently with RSA as a threat hunting and incident response specialist. He has spent over 16 years as a security professional, focusing on vulnerability ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
User Rank: Apprentice
7/28/2016 | 2:26:46 PM
Hey mate,

Thanks for your kind information but I would also suggest all the user to use best VPN to Stay Safe on the Black Hat Network because VPN always protect our identity and it's completely safe to surf web by using VPN.

You can find the list of VPNs by google this query "Best VPN for USA"






User Rank: Apprentice
7/28/2016 | 4:40:09 PM
Re: Thanks!
I would also suggest that you turn off your Google Now / Siri and Alexa.

Disable these while at Blackhat / DefCon as it has been demonstrated that all of them are suseptable to High Frequency signals that can be used by hackers to dump your contacts list/ history and direct your device to infected websites
User Rank: Ninja
7/29/2016 | 1:23:11 PM
Re: Thanks!
This is a good tip. Even when locked this mechanisms can access data within the phone. It may be beneficial for the companies that provide these virtual assistants to scale back some of their access while locked.
User Rank: Ninja
7/29/2016 | 1:24:59 PM
General Consensus
From most of the pen testers and white hatters that I have spoken to in the past they recommend not connecting as much as possible while at blackhat.
User Rank: Ninja
7/29/2016 | 4:03:26 PM
Re: General Consensus
Anytime I am at a security conference (or any IT conference for that matter), two features I turn off are wifi and bluetooth. I know too much, have done too much, and I am paranoid to the nth degree.
User Rank: Apprentice
8/1/2016 | 9:22:57 PM
Stay Safe
This reminds of when I was training rookies at the State prison where I worked as an Officer for 10 years. One asked how he could minimize the risk of being attacked by an inmate or inmates.  He wasn't too pleased when I replied, "Simple. Don't show up for work."

They got the picture.

Great post.
User Rank: Apprentice
8/2/2016 | 10:32:42 AM
The best wishes
Actually the article is informative enough! As for the first aid for your protection, it is vpn, which can help you to enhance your security and stay private when it is necessary for you. Some people say that it doesn't protect your system, but to be exact it is the only service which can try to do it and do it well. As for me, I prefer expressvpn  https://www.bestvpnrating.com/service/expressvpn the cost is rather high, but at the same time the result satisfies me.

As for the suggestion not to pay vie the net, nowadays it is impossible as it is the most convenient and the fastest way as you can avoid a lot of problems concerning queues.

On the whole, for staying secure you should just follow all the tips, as there is no flexible decision yet.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/3/2016 | 5:18:07 PM
This is precisely my thinking and strategy whenever I attend an event at MIT.  I'm sure as shootin' not connecting to the network of the university with some of the brightest hacking minds in the world.

Actually, I don't ever connect to the network at any conference I go to.  It's just best practice -- and having 4G helps.
User Rank: Apprentice
8/8/2016 | 9:41:09 AM
Re: Definitely beware ATMs
I wonder if anyone is selling RFID-security wallets that read the cards in them and send the data 'home'?
User Rank: Apprentice
9/15/2016 | 12:08:30 PM
Stay safe and anonyme is The difficulty in 2016
Page 1 / 2   >   >>
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, C...
PUBLISHED: 2021-05-07
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK v...
PUBLISHED: 2021-05-07
Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipar...
PUBLISHED: 2021-05-07
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
PUBLISHED: 2021-05-07
LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.