Announcement

Collapse
No announcement yet.

Black hat questions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Black hat questions

    plain and simple... my dad's company has some how gotten the idea in its head that i should go to black hat (and im not about to tell them no ;) ). that being said, im not sure which ticket to get. do i need just the breafings or the whole shabang?

  • #2
    Re: Black hat questions

    Originally posted by Vyrus View Post
    plain and simple... my dad's company has some how gotten the idea in its head that i should go to black hat (and im not about to tell them no ;) ). that being said, im not sure which ticket to get. do i need just the breafings or the whole shabang?
    Well, spell check is a good start... ;)

    I just go to the briefings; though if you see a training session that would help add that on as well. Though, usually I have found the training sessions somewhere else cheaper.

    Comment


    • #3
      Re: Black hat questions

      I can't speak in relation to other training, but I can attest to what I've observed.

      The briefings are what most folks attend at BH .. due to money contraints, work/time limits, etc. The briefings allow for your own custom track of a few hands worth of topics being discussed in training (plus more) and the ability to walk up and chat with some of the coolest folks in the industry amoung a crowd of industry norms that have their job because they needed a job.

      The training is not to be scoffed at. If you can afford the forementioned hurdles... Training is more specialized.. generally limiting to one or two topic scopes within a single track that you attend at a time. The clincher? Think of it like attending high school with THE Internets Jay Beale, Joe Grand, Jamie Butler, etc as your teacher for the session. You're no longer in a mass presentation environment with 100-300 other people, but in a classroom with 10-30 others that are (at least theoretically) interested in the same subject that you're there to master by getting it from an authority on the subject.

      Then there is Defcon, a funky loose bastardization of the two with higher emphasis on partying and enjoying the weekend; to my limited experience many of the same topics as the Briefings but in a more relaxed and broad presentation style.
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

      Comment


      • #4
        Re: Black hat questions

        haha...IrishMASMS



        Might I suggest research, and opening a book, or two?

        You might learn the names of a few fuzzers at the conference, but most of the info is only applicable to people who know what buffer overflows are, and at least know how to use windows group policy service(even loyal Linux, and BSD users know how to harden a windows box despite there prejudice.)

        If it's critical I'm sure it's about time for some of these cert jockeys around here to get put out to pasture. Maybe your daddy can give them a box of saltines, and lock them in the server room.

        Today will be the last day I can bless this community with my beholding opinions before I have to go back to the desert, and sit at a terminal every waking hour, so keep the post's coming. Quit ham n' eggin' with the conversing.
        Last edited by VAX_to_PBX; January 11, 2007, 12:55.

        Comment


        • #5
          Re: Black hat questions

          Originally posted by VAX_to_PBX View Post
          haha...IrishMASMS



          Might I suggest research, and opening a book, or two?
          Yes, those are great suggestions compared to spending the $$$ for the Blackhat training... but sometimes individuals need a more 'hands-on' or more of a presentation/lecture style to graps the subject matter. Perhaps for this fellow those training sessions would help; hence his question.

          Comment


          • #6
            Re: Black hat questions

            Yeah I was gonna suggest just spend a night reading Exploiting Software: How to Break Code

            It's hand down the best single reference to penetration testing. It has some illustration, but it's mostly easy to read material on tools, and architecture. Defiantly better than the majority of published books including most CS textbooks.

            In the end it takes someone with assembly language skills to properly secure a network since they learn pretty much everything on the road to learning assembler language. They don't really teach practical software engineering in most university's like ITT tech. Fore example ~CS345 supposedly teaches cryptanalysis, but the information is often broadened, and generic.

            It takes too much time to teach practical procedure of any kind in just a couple weeks.

            Comment


            • #7
              Re: Black hat questions

              wow, thnx guys. im a hardend defcon vet so since cash IS a factor i dont think ill be sprining for the traning but the breifings sound like fun :D

              Comment


              • #8
                Re: Black hat questions

                Originally posted by VAX_to_PBX View Post
                They don't really teach practical software engineering in most university's like ITT tech. Fore example ~CS345 supposedly teaches cryptanalysis, but the information is often broadened, and generic.
                Hmmmm, not sure if a university can be compared to ITT Tech - One provides more of an education, while the other is a degree factory. YMMV, IANAL, etc - and you decide which is which. ;)

                From what I have seen your statement is correct - neither present practical software engineering.

                Comment


                • #9
                  Re: Black hat questions

                  Originally posted by VAX_to_PBX View Post
                  Yeah I was gonna suggest just spend a night reading Exploiting Software: How to Break Code

                  It's hand down the best single reference to penetration testing. It has some illustration, but it's mostly easy to read material on tools, and architecture. Defiantly better than the majority of published books including most CS textbooks.
                  I disagree on this being the top reference for pentesting, even from a software perspective. While it's certainly good, I consider The Art of Software Security Assessment to be much more of a holy grail. It takes a look at security assessment as an integral part of the SDLC. Exploiting Software is most definitely an awesome book, but I found it to have less emphasis on the finding and more on the exploiting. While that's important, I think you need more of a basic understanding of not only how to find vulnerabilities but also why they exist in the first place.

                  On the topic of Black Hat, the trainings are top notch if a) it's in your budget for time and money and b) there is a training topic which fits your current security education needs and background. If it's over your head or doesn't apply to your company's focus, you're wasting not only your own time and money, but that of the others in the class as well.
                  the fresh princess of 1338

                  What did I do to make you think I give a shit?

                  Comment


                  • #10
                    Re: Black hat questions

                    Originally posted by Vyrus View Post
                    plain and simple... my dad's company has some how gotten the idea in its head that i should go to black hat (and im not about to tell them no ;) ). that being said, im not sure which ticket to get. do i need just the breafings or the whole shabang?
                    Imo, the briefings + DEFCON is well worth the time and money. As for training, I've only had 1 "less than optimal" experience out of 6 classes. To be fair, "less than optimal" meant that the instructors and I seemed to be at a similar skill level rather than me learning at the feet of the Master. It was still a lot of fun.

                    Another thing about training is that if you also stay for DEFCON, it becomes an entire week in Vegas at Caesar's Palace - an experience I'm fond of. You'll also meet people from all over the world. Hint: don't try to keep up with the Brits if you go partying with 'em - missing a morning of the briefings to a hangover would suck ;-)

                    If you want to get one of the BH block of rooms at Caesar's (you do), don't screw around and wait until the last minute (or last 8 weeks) to book your room. The one time I fucked off until June, I ended up staying at freaking Bally's. It was Not the same, and it blows walking through the strip in a pre-coffee state.

                    Surreal

                    Comment


                    • #11
                      Re: Black hat questions

                      Originally posted by Surreal View Post
                      Imo, the briefings + DEFCON is well worth the time and money. As for training, I've only had 1 "less than optimal" experience out of 6 classes. To be fair, "less than optimal" meant that the instructors and I seemed to be at a similar skill level rather than me learning at the feet of the Master. It was still a lot of fun.

                      Another thing about training is that if you also stay for DEFCON, it becomes an entire week in Vegas at Caesar's Palace - an experience I'm fond of. You'll also meet people from all over the world. Hint: don't try to keep up with the Brits if you go partying with 'em - missing a morning of the briefings to a hangover would suck ;-)
                      I wholeheartedly agree with the above information and Surreal is not kidding with the advice of not keeping up with the Brits, after one night a few years back I am almost sure the English are born with an extra liver, or they were playing George Clooney's prank by drinking water when I was drinking booze.

                      Another added bonus about attending Blackhat, everyone bathes!, there is no real gamey smell to the attendees (at least until the first day into DEFCON) Personally I think the access to the speakers is also a bit better at Blackhat, and there's a good chance of picking their brains over the catered Blackhat lunch at Caesars, or later at the Shadow Bar.

                      Also networking, networking, networking, and I mean really getting to know your fellow attendees, often without a sales pitch as I've gotten from over security conferences. An added bonus for those of you looking to for the coveted 'Spot the Fed' shirt, Blackhat gives you an excellent opportunity to scout the floor for prospects as they are wandering the halls with whatever agency they are working for printed on their nametag. Also allowing you to arrange a good time to meet with Priest privately @ Defcon as many Feds really like the "I am the Fed" shirt, but have orders not to get publicly outted on stage, or they'll be applying for a new job with the Border Patrol on Monday.
                      Nonnumquam cupido magnas partes Interretis vincendi me corripit

                      Comment


                      • #12
                        Re: Black hat questions

                        Im attending Defcon after never being able to go.. so I am thoroughly looking forward to it! Im not to sure on the training courses but like others have stated the briefings seem to be the best of both worlds!!

                        Im a Brit - but I cant drink that much so on the partying front I dont think im a subject matter expert :D
                        Mark

                        "Our greatest glory is not in never falling, but in getting up every time we do". - Confucious

                        Comment


                        • #13
                          Re: Black hat questions

                          Originally posted by reb00tz View Post
                          Im a Brit - but I cant drink that much so on the partying front I dont think im a subject matter expert :D
                          don't worry... there's a whole track dedicated to that subject at defcon. it's called "attacking and defending your liver" and consists of impromptu talks and hands-on trainings in multiple locations. events in this track are scheduled typically to run from ~13:00 to 05:00 each day, although impromptu unscheduled trainings have happened (with great frequency) outside these parameters.
                          "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                          - Trent Reznor

                          Comment


                          • #14
                            Re: Black hat questions

                            Originally posted by Deviant Ollam View Post
                            don't worry... there's a whole track dedicated to that subject at defcon. it's called "attacking and defending your liver" and consists of impromptu talks and hands-on trainings in multiple locations. events in this track are scheduled typically to run from ~13:00 to 05:00 each day, although impromptu unscheduled trainings have happened (with great frequency) outside these parameters.
                            I look forward to the training sessions ;)
                            Mark

                            "Our greatest glory is not in never falling, but in getting up every time we do". - Confucious

                            Comment

                            Working...
                            X