My impression of BlackHat Europe 2022

BlackHat Europe 2022 took place on the 7th and 8th of December in London. This edition, I spoke about DotDumper. In this blog, I will talk about the briefings and the arsenal, meeting friends old and new, and the taken COVID measures.

Table of contents

Briefings and the Arsenal

Whereas the (size of the) venue was the same as in 2021, the business hall itself was three to four times larger. Last year, the world was starting to open up after the COVID lockdowns had restricted traveling and gathering significantly, which impacted the number of attendees and vendor booths alike. This year, many more vendors had booths, and the pathways were filled with attendees.

At the ToolsWatch Arsenal, I presented DotDumper twice, once on the first day, and once on the second day. The audience was engaged and asked several relevant questions. If all goes as planned, future updates for DotDumper loom on the horizon of 2023!

Additionally, one of the more interesting briefings I went to, titled “Fail Harder: Finding Critical 0-Days in Spite of Ourselves“, covered the trials and tribulations of Douglas McKee and Philippe Laulheret. Both work at Trellix, within the same overarching Advanced Research Center as I am. Douglas is the Director of Vulnerability Research, and Philippe is a senior researcher within Douglas’ team.

Additionally, there were many more briefings and arsenal talks I attended, but that’d too much to summarise here, without this blog become stale and somewhat boring.

Meeting friends old and new

This edition, I met the folks from ToolsWatch, NJ, Faisal, and Rachid, as well as Lisa from BlackHat. Lisa took home some Kruidnoten home, as it was still the season!

Some of the friends I made at previous editions, such as Simon and Daniel from Punk Security who presented dnsReaper. My time in London was spent together with Bramwell, who stayed in the same hotel near the venue. Having met a few weeks prior at BlackHat MEA 2022, we had great fun hanging out during the day. His presentation about SHAREM was insightful and useful to know about when analysing shellcode. The truffle flavoured Kruidnoten I gave to Bramwell were well received, after all, who doesn’t like Kruidnoten?

As two of my coworkers, Douglas and Philippe, were at the conference as well, we went out for dinner together. We had an absolute blast, and it was great to get to know them both, in-person, after a year and a half of working at the same company. We had (or rather, I, but I’ll shift blame by pretending we all had trouble) a bit of a tough time finding the restaurant’s entrance, as it was somewhat hidden away in a parking lot. Arguably, my research skills do not translate too well in the real world.

Last, but certainly not least, I met someone who works at a major enterprise who prefers to remain anonymous. It was great to talk about some DotNet related things, as this is an interest of mine (DotDumper comes from somewhere).

COVID measures

This is, likely, the last time this topic will be covered, as real life gatherings have an inherit COVID risk nowadays. Masking always has been accepted and respected at BlackHat events, and I presume this will remain exactly so in the future.

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.