My impression of BlackHat USA 2022 and DEFCON 30

BlackHat USA 2022 took place in Las Vegas’s Mandalay Bay Convention Center on the 10h and 11th of August. Whereas this is the usual location for BlackHat USA, it was my first time visiting this edition, although it wasn’t my first visit to Las Vegas. In this blog I will share my impression of the conference, the friends I met, and the COVID situation at hand.

A group picture of the Arsenal presenters
A group picture of the Arsenal presenters

Table of contents

BlackHat USA

The conference’s organisation was impressive to say the least, especially given the venue’s enormous size. From my side, I had contact with the Arsenal’s organisation, more specifically Toolswatch’s Faisal and BlackHat’s Lisa Hatley-Nasr, were easily approachable, friendly, and very accommodating.

The release of DotDumper, an automatic unpacker for DotNet Framework targeting files, was a great success! I’m really happy with the community’s response, as I worked on this project for Trellix for over a year. The audience during my two runs of the presentation was very interested, along with interesting questions. Some of the suggestions I got via messages online in the days afterwards sparked my interest, and after some brainstorming I came up with some additional features that I hope to implement in the near future.

A photograph of me during the release presentation of DotDumper
A photograph of me during the release presentation of DotDumper

The quality of the briefings was high, as were the published tools in the Arsenal. The size of the business hall, often named Swag Central, was enormous. All major vendors within the cyber security space were there, always open to have a chat. An interesting booth was set up by CISA, where CISA Jen was giving away Rubik’s Cubes. The community involvement by such a government agency shows the interest and willingness to collaborate with both the US domestic and international industry.

The Arsenal banner in the business hall
The Arsenal banner in the business hall

Simon and Daniel from Punk Security, whom I met at BlackHat Europe 2021 and atHack 2021, published an updated version of SMBeagle. Their vision to provide solutions in an industry which often relies on fear is something I hope others will adapt to as well.

Additionally, I met up with Intel471‘s Nick, whom I know from the time when he lived in The Netherlands as well. As he’s moved abroad, it was several years already since we had seen each other in real life. We had a great time hanging out, both during lunch as well as during the pool party his employer organised.

My previous visits to Las Vegas made me aware of the city’s party life, although I wrongly assumed that was more so with regards to shows. Pool parties and access to private penthouse suites provided ample opportunity to meet up with people, and enjoy a beautiful view of the city, both during the day and at night, as can be seen on the two pictures below.

Daytime view of Las Vegas
Daytime view of Las Vegas
Nighttime view of Las Vegas
Nighttime view of Las Vegas

During one such event, I met Sergei and Sean from OALabs, as well as ProofPoint’s Pim. Technical topics, intertwined with hilarious banter, were the main topic, which is quite literally what I had both hoped and expected. Overall, I had a great time meeting people old and new!

At last, the COVID-19 situation at BlackHat was left to individual choices. The signs around the conference highly suggested wearing a mask. Based on my observations, a large minority of the attendees wore masks. I have not had any remarks regarding the mask I wore, and everybody I spoke to was respectful and professional. Overall, the event felt relatively safe, especially for those who are vaccinated. That is not to say that some of those who get infected, have long(er) lasting symptoms, as I experienced in 2020.

BlackHat's sign to encourage attendees to wear masks
BlackHat’s sign to encourage attendees to wear masks

DEFCON

DEFCON 30, titled Homecoming, was my first time attending the annual conference. The villages were spaciously set-up, making it easier to social distance from other attendees. This, together with the mandatory masking rule, made the event feel safe. Even though there are quite some attendees reporting back with COVID after BlackHat and/or DEFCON, I feel as if it could have been way worse. I’ve seemingly not been infected, as I have no symptoms as of now.

The "Welcome to DEFCON 30" sign
The “Welcome to DEFCON 30” sign

DEFCON’s talks are uploaded on YouTube at a later date, which is why I didn’t attend the talks which will soon be online. I mainly visited areas which weren’t broadcasted, and met-up with people. I spent an afternoon with Arnau. We had a lot of fun chatting about our experiences within IT security, ranging from researching topics to giving trainings.

My main observation at DEFCON is the length of the queues. When comparing it to CCC, held annually in Germany in late December, due to the similar size and amount of attendees, the main difference is the ticket sales. Whereas CCC limits the ticket sale to avoid queues within the venue, DEFCON does not have such a restriction. This makes the conference somewhat easier to get into, which has a downside on its own.

I felt that the duration of the queues, which could be hours to enter a single talk or village, was too much to enjoy the complete conference. A shorter wait, such as the 30 minutes we waited before going into the Blue Team Village’s pool party wasn’t too long, however per other attendees I spoke who arrived roughly 20 minutes later than I did in the queue, their waiting time was nearing a two hour wait.

At the pool party, I met up with Sam, S├ębastien, and pcapng, where we had a lot of fun and listened to Dual Core’s performance in the background.

An upward view of the hotelrooms located next to the pool, avoiding people in the pictures for privacy reasons
An upward view of the hotelrooms located next to the pool, avoiding people in the pictures for privacy reasons

To summarise, I feel like DEFCON is surely worth the visit, but the queues did form quite the impediment during my visit. Meeting up with folks made the trip surely worth it!


To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.