Light Dark
July 13, 2015 By Douglas Bonderud 3 min read
Intelligence & Analytics

When August arrives in Las Vegas, hackers roll into town. Each year, two major conferences — DEF CON and Black Hat — take place in Sin City and feature some of the most cutting-edge research and training in the InfoSec field. The lesser-known BSides conference happens at the same time, giving IT security professionals a wealth of choice in a city known for taking more money than it gives. But which conference really pays off, and what’s the best bet for Vegas 2015?

DEF CON: The Original

DEF CON was the first hacking conference hosted in Las Vegas and is the brain child of security expert Jeff Moss, also known as “The Dark Tangent.” According to the conference’s official website, it began as a closing party for Platinum Net, a Fido-based hacking network headquartered in Canada. When the organizer disappeared and left Moss holding the bag, he decided to host the party anyway and invited many other hacker friends — thus, DEF CON was born. This year, DEF CON 23 is set for Aug. 6–9 at the Paris Hotel and Bally’s Hotel in Las Vegas.

Much of DEF CON focuses on the practical application of hacking techniques. While the conference has grown from one track to five and now includes a greater emphasis on research, the core of the gathering has always been about events such as capture the flag and exploring the community aspects of hacking culture. Federal law enforcement agents regularly attend the conference, although in recent years, Moss has asked them to call a timeout. The con’s hacker roots are still very much evident when it comes to registration and payment: Everything is done at the door, and the $230 entry fee is taken in cash to prevent any online collection of payment card data.

Black Hat: The Spinoff

Black Hat, meanwhile, is a spinoff from the original DEF CON and was also founded by Moss. This year, Black Hat will be held at the Mandalay Bay Convention Center from Aug. 1–6. The cost is approximately 10 times that of its progenitor, but the con has a much different focus split into distinct areas: briefings and trainings. Briefings are designed as a place “to learn the very latest in information security risks, research and trends.” Leading researchers take the stage to share their discoveries and in some cases report on vulnerabilities they have uncovered in major pieces of enterprise software, which occasionally raises the ire of vendors. Trainings, meanwhile, are “hands-on attack and defense courses” that offer actionable insights on everything from penetration testing to exploiting Web apps and designing SCADA systems. Black Hat also supports the work of the Electronic Frontier Foundation (EFF).

BSides: The Newcomer

BSides is the newest hacker conference to arrive in Las Vegas; this year, it’s being held Aug. 6–7 at the Tuscany Suites. According to the BSides website, their Sin City event is typically attended by 1,000 to 1,500 people, a fraction of those heading to DEF CON and Black Hat. But their mandate is different: Instead of focusing on speakers with insight about current InfoSec challenges or existing vulnerabilities, BSides wants to attract researchers willing to give their take on the next big thing in cybersecurity and threat intelligence. Billed as a conversation rather than a talk, there’s no fee to attend this self-described “grass roots, DIY, open security conference.”

Why Three?

Many security professionals considering a trip to Las Vegas this year have the same question: Why hold three conferences in the span of a week? BSides makes the point that it’s not trying to compete with either DEF CON or Black Hat, but simply wants to offer another venue for ideas and information, giving attendees of the other two conferences somewhere to go if they need a change of pace. Black Hat and DEF CON, for their part, focus on two sides of the InfoSec coin: how hackers are leveraging current opportunities to push the limits of technology and what companies can do to mitigate these emerging risks.

Making the Choice

So what’s the best choice for 2015? It depends on company needs. If laser-focused training and actionable security insights are the priority, opt for Black Hat — and register early. If an interest in hacker culture as a way to enhance existing IT policies is the goal, try DEF CON, and come with cash. And if the goal is to get a handle on the next big thing in cybersecurity through collaboration rather than typical convention style, opt for BSides.

No matter the choice, however, go prepared for hot weather, hotspots and the hottest InfoSec topics.

 |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature