Black Hat: Conclusion

Just like always, Black Hat was great. I got learn a bunch, and met a lot of interesting people. Most of the speakers were excellent, but some of them could use lessons in public speaking.

I did have an issue with a lousy training class, but the Black Hat staff quickly helped me change into one that was more technical. Apparently there was more than one class that was a total dud, and hopefully they will resolve it by next year. One thing that I would suggest is to have a scale of how technical the class will be. The training class that I had left looked good on paper, but after the first few minutes, I knew that it wasn’t advanced enough.

Thanks to Jeff, Ping, Nico, and all the other staff that helped me during the event. I hope to be back next year.

Black Hat: SWAG Edition

The vendor area seemed to grow a little bit more this year, and there was no shortage of SWAG from them. I am happy to see vendors showing up at a conference like this, as it allows us to talk to them in a more open environment.


I have no idea who printed the ‘I am InfoSec Sellout’ shirt, but I think it was an awesome idea. For those that don’t get the joke, InfoSec Sellout is a blog about computer security professionals selling out for money and other dark sided topics. A month ago, there were rumors flying around the web that David Maynor was the person behind the blog. David denied this, and the identity of the blogger is still unknown. It would have been very funny if all the press credentialed people got a hold of the shirt and all wore it one day.


I think Qualys‘ flashlight freebie wins in the creative category. It is not a normal flashlight, it shines their emblem ala batman.

Update: I removed the link to the Infosec Sellout blog since it is now full of porn ads.

Black Hat: Vendor Parties

A conference wouldn’t be complete if there weren’t vendor parties at night.

The best one I attended was the SPI Dynamics party at TAO. They had an open bar serving top shelf liquor, and they had an assortment of appetizers like sushi, lobster and shrimp dumplings, chilean sea bass, and kobe beef sliders.

Other parties that I heard of but didn’t get invited to:

  • Cisco party at Pure on Wednesday night.
  • E&Y party at Ghost Bar on Thursday night.
  • Microsoft party at Pure on Thursday night.

Speaking of the Microsoft party, I heard that it was a party for only exploit contributors. I know several people that contribute to them in other ways that got denied access.

Black Hat: SPI Dynamics Contest

After the Premature Ajax-ulation talk by Bryan Sullivan and Billy Hoffman, they announced a contest of who can place a SPI bumper sticker in the best, most creative place during the conference.

I wasn’t planning on participating in this event, but someone saw that I had a camera, and he needed help in his entry. I am not sure if he won or not, but I think it was a decent entry attempt.



Black Hat: Iron Chef


Another first time event was a competition between two groups of two, to identify as many vulnerabilities in jspwiki within an hour.


There were two commentators to explain was what going on. Looking at people find vulnerabilities in a web application is somewhat boring, but the commentators kept it interesting with funny interview questions.

In the end, each group found a handful of vulnerabilities, but Toshi’s team won because of their presentation skills.

Black Hat: Jennifer Granick moving to the Electronic Frontier Foundation


In the beginning of Jennifer’s talk to on disclosure and intellectual property law, she stated that she will be working for the Electronic Frontier Foundation (EFF) starting next month. Her reason for leaving Stanford is that she is done with creating good lawyers, now she wants to create better law. The crowds cheered as she told of the change.

Her new contact info will be and 415-436-9333 x134.