Recommended sessions at Black Hat 2013 Conference

I have been attending the Black Hat Conference in Las Vegas for many years now and I have to admit that the event never fails to amaze me! In this blog post I will share some insights into how I select the best sessions at Black Hat and where you will find me this year. It is a bit of art and a bit of science in discovering the best sessions. Hopefully my years of experience will benefit you!

It must be the allure of Las Vegas and the desert’s dry climate but the location and the event has always fascinated me. Year after year even the conference’s content has held its own, even if other competing conferences were always around – DefCon – and came up in the last few years – BSidesLV.

One thing I always did before even boarding the plane to go Vegas every year for Black Hat is taking the time to take a look at the briefings’ schedule to select the sessions are worth the time to attend in every time slot in the two days of the conference.

Below is a sort of survival guide to the sessions among the barrage of people and voices around the conference.

Before going into the description of the selected sessions, I would like to point out the amazing Special Event called BlackHat Arsenal organized by my friend NJ Ouchn where the best security researcher and open source tool coders gathers to showcase their security tools in both defensive and offensive categories. Kudos NJ!

DAY 1

Starting from the morning after a good breakfast, I’ll leave it up to you if you would like to attend the keynote by General Alexander. There is too much drama surrounding this keynote and I’ll leave it up to your choice here.

For the 10:15 AM session, I’d give you two choices: either the “JAVA EVERY-DAYS“session or Methodologies for hacking embedded security appliances. These are two offensive security choices one more on the software side and the other on the hardware side.

For the 11:45 session, again I’d give you two choices: either the “Bypassing Windows 8 Secure Boot” or the “TLS secrets“.

For the 14:15 session, two choices: either the Passing the Hash session or the PDF Attacksession.

For the 15:30 session, again two choices: either the JS Static Analysis tool session or the “Why vulnerability statistics ..” from my friend Steve Christey.

For the last part of the day’s session, two last choices: either the “Pixel-perfect Timing attacks in HTML5” or the “How CVSS is dossing your patching policy“.

Then kick back with a drink during the networking sessions. Then dinner and get ready for the various party around Vegas. I am definitely going to the after parties…..Then sleep to get ready for DAY 2.

DAY 2

10:15 AM sessions. A choice of “Pass the Hash second session” or “Abusing Web APIs through scripted Android applications“.

11:45 AM sessions. A choice of “BOCHSPWN: Identify 0-day via system-wide memory access pattern analysis” or “Stepping P3WNS: ..

14:15 PM sessions. A choice of “‘) UNIION SELECT `THIS TALK` AS (‘NEW OPTIMIZATION AND OBFUSCATION TECHNIQUES’)%00” or “IMPLANTABLE MEDICAL DEVICES: HACKING HUMANS”.

15:30 PM sessions: A choice of “Post-exploitation operations with Cloud Synchronization”or “Exploiting Network Surveillance Cameras like a Hollywood Hacker”.

17:00 PM sessions. A choice of “OPTIROP: Hunting for ROP Gadgets in Style” or “Hacking like in the movies: ..”.

Have a great conference and see you around there!