Last week I told you about my training experience at Black Hat 2015. Now it is time to talk to you about the briefings and the business hall.
The Black Hat briefings are what other conferences usually call talks or sessions; that is 30-60 minute long talks. One general observation is that the decision on how large the room was for each session seemed random. Some briefings were in huge rooms with almost no attendees and vice versa. There were three briefings that stood out to me.
First there was a briefing on entropy usage and management. Apart from the eye opener on how much entropy is consumed in situations you don't expect it to be used it was a great reminder that a lot of people who think they understand cryptography actually don't.
Then there was a briefing on hacking a rifle that also has gotten some attention in Wired. Again it was interesting to see how security ignorant people try to create something secure. And try hard. But then due to ignorance miss some fundamentals of security creating a system that fairly easily can be compromised. In all fairness, in order to do the more serious exploits the researchers needed to do a lot of work but for something as lethal as a weapon I think we can demand a more secure system than what is needed for this blog for example...
Last but not least was the last briefing I attended on how the Black Hat network was setup and managed. This was interesting since the Black Hat network is one of the more hostile networks you can connect to since a lot of people want to try out the latest things they have learned and at the same time the network cannot restrict traffic. Traffic can't be restricted since it might be part of a training class, briefing or demo.
Finally some words about the business hall where companies demoed their products. While I had a lot of interesting conversations in the business hall there were two problems there for me. First of all the vast majority of products demoed do not fit my need. Most things were targeted at IT departments that build the infrastructure for a company and then monitor the same and protect the users within the enterprise. And then not surprisingly most people in the booths weren't technical. On the few occasions where I had technical questions I was at best routed to the most technical person in the booth and most of the time they couldn't really answer my questions.
At least I now know better to expect next year and I'm sure I'll be back because it was a good trip all in all.