DEFCON 26 and Black Hat 2018 start up later this week. Again, I’m not going, but I do feel like I’m inching closer to making a return. Full-timers from my group have been sent to Black Hat in the past, so who knows what’s going to happen next year?
What would I do if I was there? A quick skim of the Black Hat briefings schedule doesn’t show a whole lot that really jumps out at me. I’d probably just be hitting targets of opportunity, with a few exceptions:
- “Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops” by Celeste Paul and Josiah Dykstra, because cognitive stress under pressure is something I’m interested in and has wider implications.
- “Reversing a Japanese Wireless SD Card – From Zero to Code Execution” by Guillaume Valadon.
- “Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community” by Christian Dameff and Jay Radcliffe, for obvious reasons.
- “Open Sesame: Picking Locks with Cortana“, with Amichai Shulman, Ron Marcovich, Tal Be’ery, and Yuval Ron. The lockpicking in this case looks less like actual physical lock sport: “In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code.”
- “Applied Self-Driving Car Security” because Charlie Miller and Chris Valasek.
What about DEFCON 26? After the jump…
Thursday: very little interests me, though I might go to “Wagging The Tail – Covert Passive Surveillance And How To Make Their Life Difficult” with Si and Agent X just out of curiosity.
Friday:
Either “Welcome To DEF CON & Badge Maker Talk” or sleep late, depending on my mood.
At 10:30, “Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems” with m010ch_ could be interesting: I’ve always had a general interest in Knox boxen and other things of that ilk.
I really don’t see anything interesting between 11:00 and 13:00 Friday, and the only thing that jumps out at me at 13:00 is “Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear” with zenofex.
At 14:00, “Revolting Radios” with Michael Ossmann and Dominic Spill. I have to see this, or at least the slides: “We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals.”
At 15:00, “Weaponizing Unicode: Homographs Beyond IDNs” is relevant to some work stuff (further, deponent sayeth not).
That pretty much wraps up the day, as far as what I’d be interested in. Starting Saturday:
There’s not a whole lot that I find interesting until 12:00, then we have a plethora of riches: three panels at once!
“Building Absurd Christmas Light Shows” with Rob Joyce.
“You’d better secure your BLE devices or we’ll kick your butts!” with Damien “virtualabs” Cauquil because Bluetooth, and “BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed “BtleJacking” that provides a way to take control of any already connected BLE device.”
And “Ridealong Adventures—Critical Issues with Police Body Cameras” with Josh Mitchell because this could have relevance to the Citizen’s Police Academy stuff I’ve been doing.
The rest of the day seems kind of slow, though I might go to “Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices” at 14:00 with Dennis Giese just for giggles. I’d also think about “All your math are belong to us” with sghctoma at 15:00, but it’s been a long time since I touched Mathematica.
And that takes us to Sunday. At 10:00, maybe “For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems” with Leigh-Anne Galloway and Tim Yunusov, but I’m not sure how interested I am in PoS systems.
I also might go to “Breaking Smart Speakers: We are Listening to You” with Wu HuiYu and Qian Wenxiang at 12:00, but I don’t have any smart speaker hardware so it would be more of an academic exercise.
“Hacking BLE Bicycle Locks for Fun and a Small Profit” with Vincent Tan at 14:00 sounds good – hey, Bluetooth!
And then the closing ceremonies are at 16:30.
I expect to be pretty tied up next weekend, so DEFCON coverage Saturday-Sunday might be scanty. I will do what I can, and try to do the usual roundup and links posts throughout next week. In the meantime, if you’re a presenter who wants some linky love for your presentation, or feels like I’ve give you short shrift, or wants to give me a preview of your work, contact me or leave a comment here.