A few months ago, in light of the ongoing pandemic, fears that hacker summer camp was going to be cancelled were realized. However, festivities still continued for many conferences in a new, albeit virtual format. Last week, the Black Hat USA conference and DEFCON ran virtually, BSides Las Vegas was cancelled and the Diana Initiative pushed back a few weeks.
I attended briefings at both Black Hat USA and DEFCON, and gave a talk at the DEFCON Red Team Village on election security. I also posted last week about the briefings I was most looking forward to during Black Hat. All in all, Black Hat and DEFCON did a great job, and huge props to our infosec community for helping to pull this off.
Black Hat kept to its more buttoned-up style, with professional, well-lit keynote presentations from Matt Blaze and Renee DiResta. The core focus for many of the briefings was on election security, which was of course timely and intriguing. Other interesting topics included hacking the supply chain and creating a clone of oneself using AI.
Our continued shift towards “remote everything” evolved some briefings into a much more topical conversation, like with Michelle Wolfe’s talk on EdTech being the ultimate APT. This talk spoke to what type of society we are creating by normalizing the constant surveillance of our young students online learning experience. The ethical implications of our rush to adopt new, cool tech were on full display.
We also got an interesting look into how emerging industries in places like sub-saharan Africa are handling cybersecurity and adapting established, worldwide viewpoints on security to fit their unique circumstances. I want to give a shoutout to this talk in particular, as that unique and diverse perspective of a region that doesn’t get a lot of coverage was particularly enlightening -- I would definitely recommend catching the on-demand version if you can.
Of course, the vendor game in the business hall was as strong as it could be given the circumstances. Cybereason held a fun T-Shirt design contest, and I enjoyed checking out some of the hands-on demos, creative swag, and sponsored sessions in the exhibition hall. If you’re looking for some hands-on action, be sure to check out the Cybereason Capture the Flag that kicks off this/next week! Here’s the link to register.
DEFCON kept its community-centric attitude by making the entire event free, no registration required. Though the virtual setup was missing some of the raucous audience, mischievous atmosphere, and LINE-CON we all know and love, there were plenty of interesting talks and free-flowing Discord conversation. If anything, there were simply too many talks to attend and too little time, between the main track and so many villages. I highly recommend checking out the DEFCON Twitch and reviewing the many, many impressive talks.
I spoke on election security during the DEFCON Red Team Village with the talk, Trust, But Verify: Maintaining Democracy in Spite of Информационные контрмеры. Be sure to check out the talk for more information on past and present election security threats.
While Virtual Hacker Summer Camp can’t match the immersion and chaos of the real thing, I enjoyed the array of impressive talks without the horrendous Las Vegas summer heat. It was a joy to at least have some event to mark the occasion, even if it couldn’t be in person this year. In particular, I appreciate that DEFCON was free to the public so that anyone could attend and learn. While I’m sure we’ll see many more exciting virtual events on the horizon, here’s to hoping for a return to our regularly scheduled programming and a week of in-person hacker summer camp next year.
Interested in learning more about election security? Read my white paper on why and how the private sector should be contributing.