Hacker Summer Camp: What to Expect from BSides, Black Hat, and DEF CON
The security industry is converging in Sin City this week for the annual hacker summer camp, with three conferences that promise to deliver a wealth of knowledge and networking opportunities. From password cracking to AI vulnerabilities, the world's largest collection of security pros will gather at the Tuscany Hotel, Mandalay Bay Convention Center, and Las Vegas Convention Center to share their expertise.
BSides Las Vegas: A Celebration of Security Research
The BSides summer camp kicked off on Monday and runs until Wednesday. With over 200 security conventions held around the world each year, this one is the biggest and most anticipated. The conference features a range of talk tracks showcasing new research, including a specific three-day schedule devoted to finding solutions to one of computing's oldest security challenges: passwords.
This year's password track promises to be exciting, with talks on custom rigs used to crack 936 million passwords with 92 percent accuracy. Stacey Schreft, the former deputy director for research and analysis at the US Treasury Department's Office of Financial Research, will also share her insights on how security problems could trigger the next big financial crisis.
For those looking to break into the industry or advance their careers, BSides has a jobs track with advice from four senior security execs. The conference also features a Capture the Flag competition and festivities in the evening, making it an event not to be missed.
Black Hat: A Platform for Unpleasant New Hacks
Located at Mandalay Bay, Black Hat's main conference days are August 6 and 7. While there are training sessions on IT skills starting on August 2, the core of the talks is about unpleasant new hacks and vulnerabilities in hardware and software.
This year's lineup includes a keynote address from Mikko Hyppönen, who is leaving his 34-year tenure at F-Secure to work on drones after being spurred by the Ukraine war. The talks will cover an Apple zero-day, ways to bypass Windows Hello's authentication systems, and even a discussion on satellite vulnerabilities and how to exploit them.
Senior government officials, past and present, will also take the stage to share their insights on policy and practice in the field. However, attendees are warned to avoid the Expo Business Hall on Wednesday between 1600 and 1700 PT, as it turns into a "Booth Crawl" with free food and drink.
DEF CON: The Original Hacker Summer Camp
DEF CON is the original hacker summer camp, started in 1993 in a few hotel rooms by an 18-year-old Jeff Moss. Today, it hosts tens of thousands of visitors paying more than $500 a head to listen to talks, take part in hacking and gaming competitions, and visit over 30 "villages" dedicated to everything from ham radio to military hacking demonstrations.
DEF CON is known for its hands-on approach, with talks on vulnerabilities, interesting ways to crack systems, and war stories that advise on what not to do. The convention also features a car hacking center that Tesla is fond of, a social engineering village that is both fascinating and terrifying, and a lock picking village where attendees can meet some of the best in the business.
The annual AI Cyber Challenge run by DARPA will take place at DEF CON, with teams competing for months to find vulnerabilities, install fixes, and generate reports under time pressure. The final event promises to be exciting, with a winner who will likely receive lucrative job offers.
Networking Opportunities
While all three conferences offer valuable networking opportunities, DEF CON stands out for its inclusive atmosphere and strict code of conduct. Red-clad "goons" will help attendees find their way around the show and ensure that everyone is having a good time.
Black Hat has become more focused on sales and networking, but still delivers high-quality security talks and training. BSides is useful for seeing what's up and coming in the security industry, with a range of talk tracks showcasing new research and a jobs track to help attendees break into the field or advance their careers.
Stay Tuned
The Register will be onsite at all three conferences, bringing you regular reports on the latest news, trends, and insights from the security industry. If you have any recommendations or suggestions, feel free to add them to our comments section below!