7 days. 3 security analysts. 2 conferences. 4 presentations. 3 tools. An exciting week in Las Vegas lies behind our usd HeroLab colleagues Florian Haag, Nicolas Schickert and Matthias Göhring. They had the chance to present the in-house developments "FlowMate", "sncscan" and "CSTC" at Black Hat USA 2023 and DEF CON 31 and to exchange ideas with other experts about the latest cyber security trends. Back in Neu-Isenburg they share their experiences and their highlights:
How did you experience the conferences Black Hat USA 2023 and DEF CON 31?
Matthias: Think of it like this: Las Vegas is a crazy city anyway. Then on top of that, you have two conferences with tens of thousands of participants. Both offer a huge variety of topics, booths, talks and tool presentations, but at the same time they are like day and night: BlackHat is an industry conference with a focus on cyber security, where vendors present software solutions, thus revealing trends and developments for the industry. DEF CON, on the other hand, is a hacker conference. Here you can feel the culture and scene characterized by individuality, curiosity and fascination for all forms of technology, the eager sharing of knowledge and digital sovereignty.
Florian: It's like Matthias says. As a pentester, you know both conferences, of course, and like many of my colleagues, I've been following the presentations and new developments of Black Hat and DEF CON online for many years. But it is something completely different to experience the unique atmosphere on site.
Nicolas: I can only agree with my two colleagues. What I would like to add is the concept of the Villages at DEF CON. It's great. Despite more than 30,000 participants, they offer a great opportunity to dive deep into IT security and hacker topics in small groups with like-minded people. I can only recommend attending these conferences - as well as the events that are offered in addition to the actual conferences.
What were your personal highlights?
Nicolas: For me, it was quite impressive to experience both conferences live and to meet people on site that you usually only know from videos. The fact that we contributed something ourselves by presenting our tools made me feel much more part of the community and the conference.
Florian: I feel the same way. My highlight was definitely the unique chance to present FlowMate in the BlackHat Arsenal, the DEF CON DemoLabs as well as in the AppSec Village together with CSTC. This makes me very proud! It is a special acknowledgement for all the work we put into the tool. During the rest of the time, we had the opportunity to attend talks on the latest research in IT security and got deep insights into upcoming attack vectors and relevant topics for the coming months and years.
Matthias: For me, too, it was clearly the presentation of our tools and the positive feedback we received for them. But very close behind: The many conversations with very interesting people. The community mindset of sharing knowledge to collectively contribute to #moresecurity is truly inspiring.
How can we picture the presentations? And how was the feedback on the tools?
Nicolas: The presentations in the BlackHat Arsenal are very dynamic, because interested people can join at one of the eight stations at any time, listen to a presentation and ask their questions afterwards. Originally, the tools we presented arose from concrete problems and necessities that we had encountered in our everyday work. Thus, the development and use of the tools have been useful for us at usd HeroLab from the very beginning. Now to receive additional feedback at the conferences that our tools also offer added value to the entire community made us very proud.
Florian: At DEF CON, the exchange with the participants was much more extensive, both in the DemoLabs and in the AppSec Village. Here we had separate rooms and a table where we presented our tools in detail. The feedback here was very good overall as well. Afterwards, some interested people even approached us with detailed questions about the general functionality or one or two edge cases. We were also able to take home ideas for future features that might be interesting for some participants.
Is there also an opportunity to learn more about the tools for those interested that were not able to attend the conferences?
Matthias: In the meantime, our tools are Open Source and published on GitHub. The CSTC has been available for a while and can therefore already be found in the BAppStore (in the "Extensions" tab of BurpSuite). We are also planning to publish more information in the medium term as blog posts in our LabNews or as videos on our YouTube channel. All our tools are under active development, so we welcome feedback, issues or even code contributions in the form of pull requests from the community.