Blackhat Vs Defcon in a Nutshell – 2016

The two names “Blackhat” & “Defcon” rings the bell as the scariest hacker conference for people around the world. People from various disciplines in security with their best researches are invited to speak at the event with room full of security savy folks.  Its often said that these two conferences receive 1000’s of applicants and its one of the hardest job to identify the best.

I have been attending these events for  a while and few did ask me about the difference between the world’s most scary conferences. Hence I decided put together a small post about Defcon and Blackhat hoping to help new attendees to make a decision.

In short Blackhat & Defcon are two different security conferences that takes place in Las Vegas each year where security experts from around the world present their best work , meet their fellow security folks, party and hack all night, learn something new and take the pride of being one of attend at the coolest  conference. Basically a hackers paradise !

IMG_6718

                                                                                VS

IMG_6738 (1)

Blackhat : This is more of a corporate style event where you will see presenters in business casual clothes,lot of expensive security trainings takes place during the week, briefings ( security talks) , lot of vendor display and parties(all night parties) takes place at the event. Typically first 2- 4 days will have trainings ( you need to preregister for this), then Blackhat briefings takes place.  ( Blackhat briefings are actual security talks that takes place for last 2 days of Blackhat event) In parallel to briefings you will also see vendors and vendor talks with lots of free goodies in exchange for your contact information( Expect a lot of sales emails). You will also get an opportunity to meet a lot of cool folks/network at the Blackhat night parties which are usually very cool. If you get a chance to get sponsored for briefings make sure to attend the vendor booths and get tokens /passes to the vendor parties. The parties are worth it with free alcohol and may be food. It can be fun with many ways. Great place to meet a lot of great security folks as well.
Typically the cost for trainings are very expensive.( All Security trainings are expensive ). Briefings alone starts with approx. 1800+ early and it increases over time upto approx. 2500$. Students & professors have some discount if registered early. If you are a presenter you get the ticket free. If you get a vendor to sponser then it may turn out free for you. If you are member of OWASP , EFF or any such you may get some discount ( typically 200$ on briefings). You get a option to buy Defcon badge ( +$240)when registering for Blackhat and its highly recommended.

IMG_6686

If you happen to go only for briefings, its worth it if you have the patience to sit for all the talks and meet people. If you are paying from your pocket not sure if these are really worth it but I have paid for myself in the past. The value is hard to weight for the amount you pay but you may end up meeting your prospective employer if you are looking for one. But definitely a great networking event if you plan this in advance.  You also will witness some of the coolest hack demos during Blackhat briefings which often ends up on the news headline on CNN, MSNBC and so on 🙂

Downside : Expensive if your company doesn’t pay. During Blackhat 2016 two of the good tracks were full on the second day and even after paying 2000 + bucks lots of attendees were unhappy for this. I happen to witness this myself because I was one of them who couldn’t attend the talk.

Overall a fantastic event with lot of things happening at this event. Focus of what you want to do and plan it accordingly in advance which will make this event worth the time and money.

IMG_6766

Defcon : This is the real hacker party. Costs only $240 for all 4 days. The last day of Blackhat briefings and 1st day of Defcon usually overlaps. If you happen to come only for Defcon get ready to stand in a long queue for the badge and wait for hours. This has been a crazy tradition and people enjoy to get the cool hacking badge which is a suspense till you receive it. With security getting noticed the number of attendees have increased exponentially and expect lines everywhere.

Remove all your corporate style dresses and come with full black tshirt or whatever you like, like a hippie , body full of lights, with hackable devices, with a awesome mohawk or anything you wish. Keep in mind that you are entering the hacker warzone where the best crazies are around and want to hack anything and everything . AND YES ITS LEGAL HERE. 🙂  Try not to connect to Defcon network unless you have a laptop which is open for experiments.

Defcon Talk !

 

You have awesome talks, demos, biohacks, Capture the flag, hack cars, lock pick village, experiment soldering and create cool PCB devices which talks and more. Dream it  and you make it. People are there to help you to acheive it. You will find geeky, nerdy and cool folks all over. Its an awesome crowd with hackers, the best pool of brilliant minds in the world. There is so much energy here ( minus the crowd) that you will enjoy it. As a first timer or for a college student this can be a fun event. So much happens here at the same time, so pick your battle of what you want to do.

IMG_6863

Defcon !

Every penny is worth spent here. I have been coming for almost 10 years and I do find this an awesome place to see and hear something new. Lately they also have some good trainings which is valuable as much as expensive trainings but you need to do some struggle to get into one of those.( Basically wait early mornings on the first day and hope you are the top 50 to get registered )

So if you have money or sponsor go for both. If you want great corporate networking polished event – Blackhat it is. If you dont care about any of networking and want to enjoy the event when no sponsor is involved go attend Defcon ! You cant go wrong !

Either case meet loads of people, learn cool hacks and have fun ! All of us can make world an awesome place.

Author @arun25

Share Button

Windows 10 – Evil to the Core for Privacy and pain for the users

Blue screen Windows 10 Last evening I left my desktop running the whole night on a photoshop job. Today morning my desktop was showing “blue screen of death ” with a message and a hung desktop. “Your PC ran into a problem and needs to restart, we’re just collecting some error info, and then we’ll restart for you” Microsoft […]
Share Button
Continue reading →

The Eleventh HOPE conference attracts audience from a broad areas of interest at New York City

HOPE SECURITY CONFERENCE NEW YORK MST The most admired and well known hacker convention “HOPE” which takes place every two years in the heart of New York City attracted some of the greatest security experts from various disciplines. Hope – 2016  (The Eleventh HOPE) had some of the great speakers from various areas of security and tons of hacker talks about how […]
Share Button
Continue reading →

The mobile game ‘Clash of Kings’ was hacked and 1.6 million user info exposed

Clash-of-Kings Pic The Clash of the Kings is one of the most liked game on the mobile environment with more than 100 million downloads but recent hack exposes its 1.6 million gamer information exposed. The hacker exploited outdated vBulletin software(forum’s) and the vulnerability  dates back to late 2013 which includes easily exploited security flaws. The exposed data includes usernames, […]
Share Button
Continue reading →

Pokemon Go servers down by DDoS attack- OurMine claims credit

Pokemon-GO-iOS PokemonGO was released two weeks back and its already making names all over the world. Last weekend Pokemon was targeted by a group of hackers named “OurMine” took the site down with massive DDoS. The users might have had difficulty logging to the Pokemon and the company displayed the messaged a below. In a post of Ourmine , the […]
Share Button
Continue reading →

T-mobile insider employee steals 1.5 million customer information and sells the dump to make quick money

Tmobile Data Breach Its been Tmobile  been unlucky last year  by a massive breach and now by an internal employee who sold more than 1.5 millionCzech Republic customer data. As per the local media MF DNES, it is unknown how much of name, e-mail address, account number and various other information the marketing database contained. T-Mobile Czech Republic […]
Share Button
Continue reading →

Information of customers of 14 companies being sold on Dark Web

malware_yahoo After the TalkTalk incident when data of over 1.2 million customers was stolen and leaked online; The Mail has reported that 14 other companies are also victims of similar attack. The Mail has also reported in its news item that the stolen data is being sold on “Dark Web” that can be accessed from a […]
Share Button
Continue reading →

Credentials of 13 million users breached from 000Webhost, a free webhosting company

000webhost The Lithuanian 000Webhost is one of the most popular free webhosting services and has over 13.5 million users. It ranks among the top search results in Google and is quite popular for its services. However, according to a report from Forbes, the login credentials of these users, that includes their usernames, passwords, email addresses, last […]
Share Button
Continue reading →

More than 20 countries were infected with adware mobile malware – Kemoge

kemoge1 In September, researchers at FireEye Labs discovered a group of malicious adware created by a company based in China and Singapore called NGE Mobi/Xinyinhe. On October 7, FireEye detected a similar adware family capable of completely taking over Android based devices. Researchers have named it kemoge after its CnC domain aps.kemoge.net. It is believed that […]
Share Button
Continue reading →

YiSpecter malware can infect non Jailbroken iOS devices

YiSpecter Palo Alto Networks has detected a malware capable of attacking even those non-jailbroken iOS devices. The researchers have named the malware as YiSpecter. It follows unique methods that involves exploiting private APIs in iOS and infecting them. Private APIs are undocumented by Apple and, therefore, avoid being detected. Apple’s App Store has around 100 such […]
Share Button
Continue reading →