BlackHat Day 2 report!

Hi everyone, Scott Deacon here.  This is my first time blogging here!

Well my first BlackHat conference is slowly coming to an end (no sessions and one party to go), as a Program Manager in the MSRC I think venturing to Las Vegas and the Blackhat conference has definitely put me in good stead for the coming months, let me tell you a little about the last few days…and why I think this is the case.


But first a bit of background on my mini holiday in Vegas…


I’ve actually been in Vegas since Saturday evening, not only is this my first time at Blackhat (BH) but it also my first time in Las Vegas. Wow what a place! I’ve been to the Hoover dam, Valley of Fire and an untold number of tourist locations both on and off the strip – all before BH even started. My favorite is without doubt the fountains in front of the Bellagio hotel – what an awesome experience at night time with the music lights and fountains! My other favorite spot is the exotic car shop in the Forum shops complex attached to the Caesars palace hotel, I have never seen so many exotic cars in one place all for sale! Where else in the world can you walk a shopping mall and slip into one shop to buy a shirt and then duck to the next shop to buy a Ferrari F40– only in Las Vegas!


So onto the conference…


From my perspective the sessions I attended over the past 48 hours were a little mismatched with what I expected and what was delivered (Come on it was my first time…).  Overall I was a little disappointed; and it’s due to the fact I couldn’t get to more sessions, and sample more of the content.  I enjoyed the sessions, I just didn’t get the opportunity to attend more. Not too worry I guess I will have to read the 300+ page “Redbook” I received during registered.


So what were the highlights, and which sessions did I walk away having learned something or having made me think a little differently about how I do my job. The “Attacking Web Services session” on Wednesday really made rethink some of the traditional attack vectors we tend to consider when dealing with application vulnerabilities and how I can change my daily practices to better deal with potential vulnerabilities. The other great session was the “Art of File Fuzzing” that really highlighted the ease at which security researchers are now more than ever before automating parts of their vulnerability research – that traditionally took a look time to complete, focusing on fuzzing file formats that many of us on a daily basis use.


The most enjoyable session over the past two days was the “Defense Cyber Crime Center” session by Jim Christy, a session where CSI the TV show meets the reality of the digital world we live in! Excellent material and information on past cases was presented, the ingenuity and lateral thinking displayed by these guys is fantastic!


The best part about being at BH was meeting and talking with the security researchers who I deal with over email on a daily basis – great to put faces to names! It’s an awesome opportunity to meet and mix with people, who share similar interests. One thing that really struck me with the majority of people I met were their genuine comments on how Microsoft is now seen in the security community, in particular the fact we seem to be doing the “right thing”, (In the context of security in our products and the way we deal with the security vulnerabilities). It heartening to hear comments like this which makes me feel great to be part of the MSRC and shows that the effort we all put in does make a difference! I’m not trying to paint a picture of perfection, of course not all comments were of the positive nature, but I must say the good outweighed the bad.


We still have a way to go on our security journey, but it proves Microsoft is doing the right thing and we are making an impact – a big impact! I look forward to next years BH meeting with the community once again, consuming some great information and of course the social activities!

*This posting is provided “AS IS” with no warranties, and confers no rights.*