Blackhat is coming in about a month and a half. Normally I don’t even talk about conferences until a week or so before I arrive, but Blackhat is a bigger event than most and there’s almost always a lot more going on there than the other cons. So, for those who are interested, here’s what I know and here’s what I’ll be attending.
Firstly, although Dan Kaminsky’s speech deoesn’t look like it, I talked with him last night, and he will actually be doing a pretty relevent speech to a lot of the stuff I talk about here, specifically anti-DNS pinning and fingerprinting applications. Definitely worth sitting through, even though I’d love to also see Jon Callas’ speech on traffic anaylsis - so I may have a spy go to that speech to take notes for me.
Of course I’ll be attending Jeremiah Grossman’s talk on Intranet hacking without JS - I maaay also make a special guest appearance during the talk if I can get some demo code together in the next month. No promises. If people really twist my arm I may sign some books too.
If I had to pick one of the two speches that Billy Hoffman will be doing I’d probably chose the one on web worms because I think that is far more cutting edge and new, as only a few web worms have surfaced. Although at the same time as that speech is Ariel Waissbein’s speech on ways to dynamically stop attacks using morphing web applications (a topic near and dear to me). So as a result I’ll probably end up going to Billy’s other talk on Premature Ajax-ultation instead of the worm one. I gotta show my support!
I’ll definitely be going to Widow Snyder’s talk on Making and Breaking the browser. If nothing else it’ll be interesting to hear her take on it. However, I also want to hit Stephen Patton’s power talk on social networking data mining, so I might float back and forth between those two talks.
I’ll probably hit up Scott Stender’s talk on blind security testing instead of David Byrne’s talk on anti-DNS pinning, because I don’t think there’s anything new in that speech, even though it’s definitely on-topic. After that David Coffey’s speech on creating a shoestring application security practice might be fun. I always like doing things on the cheap.
Lastly, if I’m not totally burnt out on Blackhat I’ll probably go to Rohyt Belani’s talk on the difficulty of intranet forensics (another topic near and dear to me because we are getting into more expert witness gigs). Plus I think Rohyt will give a good talk because it’s all anecdotes.
And when the doors close is when the party begins - namely the Breach sponsored OWASC/WASC party. If you haven’t already RSVP’d you may have trouble getting it as I heard 200+ people have already asked to come. I don’t have any idea how they are going to fit that many people into the Shadow Bar, so they may have to end up moving it, or spilling out onto the casino floor. If anyone hears about any other good parties, please let me know. Anyway, it’ll be fun and I hope to see a lot of you there!