By Nate Christoffles   /   Aug 10th, 2016

Black Hat/DEF CON 2016 Highlights

Oh the joy! Last week one of our favorite times of the year came around again: Black Hat USA and DEF CON. For hackers, it’s right up there with Christmas, New Year and the Super Bowl. LMG’s team attended both Black Hat and DEF CON.

This year was particularly exciting, since we debuted a shiny new version of our Network Forensics class at Black Hat. LMG released a full day of new material, on Continuous Monitoring and Instrumentation. Sherri Davidoff, founder and CEO, and Senior Forensic Analyst David Harrison taught a packed room with over 50 students. The four-day class dove in-depth into topics such as traffic and flow record analysis, cloud network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics.

David Harrison teaches LMG's Network Forensics 4-day class at Black Hat USA.

David Harrison teaches LMG’s Network Forensics 4-day class at Black Hat USA.

 

Black Hat Network Forensics

Sherri kicked off the Day 4 Malware Network Forensics lecture with a dissection of the Jigsaw ransomware.

The class went great, and we’ve received a lot of positive feedback from those who attended. We also had a few guest speakers!

RSA Network Forensics

Sean and Scott from RSA’s team show off the Netwitness suite.

This year at Black Hat USA our Network Forensics class had a special surprise: the RSA team analyzed our class’ network activity using their professional Netwitness suite, and produced a network forensics report for the class. (Thanks, Grifter for hooking us up with RSA!) First, the class “made some noise” on the network—downloading pictures from lolcats, conducting port scans of our colleague Mike’s computer, and replaying packet captures. Some students also planted evidence that we didn’t expect! The Black Hat NOC had segmented the conference network by classroom, so our activity could easily be isolated and analyzed.

Sean Ennis and Scott Carter of RSA analyzed the network traffic and found some surprises! There was a computer on our local network which exhibited symptoms of a potential malware infection. They also found Kerberos authentication requests tunneled over port 53 (DNS), likely due to a replay of the Jigsaw Ransomware pcap that we released to the students.

“This year’s visit from RSA’s team and the Black Hat NOC was a wonderful example of how the Black Hat conference itself provides students with a real-world experience that you can’t get anywhere else,” said Sherri Davidoff, LMG’s founder and CEO.

Jeremy N. Smith, author of “Epic Measures,”also came and spoke to the Network Forensics class about his upcoming book on cybersecurity!

Black Hat Network Forensics, Batista's

The class at Batista’s for dinner!

I’ve walked around the office this week and heard some individual highlights from the trip and why different people enjoy attending.

Patrick Burns – Account Executive at LMG
(on Black Hat)

“I enjoyed the class dinner at Batista’s Hole in the Wall restaurant. Sherri and David were there, along with a third of the class, all drinking wine out of 6 ounce glasses, sharing buttery garlic bread, and telling stories about everything from finding malware to attending Black Hat parties. Discussions were great in class, but with the wine flowing as the night kicked off in Vegas, the students unwound and enjoyed each other’s company in an old Italian restaurant. LMG Security and Batista’s: both Black Hat traditions for a reason.”

Black Hat Batistas

Sherri with Brian Page of Fortinet (left) and Jeremy Smith author of “Epic Measures.” (right)

Sherri Davidoff – Founder and CEO of LMG
(on Black Hat)

 “It’s always such a privilege to teach at Black Hat. Students come from around the world to learn bleeding edge material. They’re at the top of their game and that pushes us, as instructors, to go above and beyond and expand the limits of our field. The classroom discussions are invaluable– we always make time for students to compare setups and share tips. I always learn a lot from our students, and they learn from each other.” 

 

As far as DEF CON goes, some of our pentesters had the unique opportunity to meet the one and only Mr. John McAfee. They were excited to say the least.

Defcon McAfee

LMG pentesters Ross (left) and Dan (right) meet John McAfee!

Dan Featherman – Senior Security Consultant at LMG
(on DEF CON)

“DEF CON provides a fantastic opportunity to network with other members of the security community. It allows us to learn from our peers and even impart knowledge on others. It’s also a good excuse for us introverts to congregate. Finally, DEF CON gives us a chance to hear (and see) security developments outside of our normal scope of testing.”

Some of the favorite talks attended by our team at DEF CON were:
“6 Degrees of Domain Admin” by Adaptive Threat
“Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools” by Wesley McGrew from HORNE Cyber
“Hacking Next-Gen ATM’s From Capture to Cashout” and “Hacking Hotel Keys and Point of Sale Systems…” by Weston Hecker from Rapid7

This year was a lot of fun for us. We all had a great time networking, learning new tips and tricks and relaxing a bit from the usual 9-5 hustle.

Until next year, thanks to everyone at Black Hat and DEF CON for putting on a couple of great conferences again!

Sincerely, MT Hackers

Black Hat Bellagio

Sherri and David checked out the Bellagio’s undersea exhibit with students after class was over.

About the Author

Nate Christoffels

Nate Christoffels is the Sales Team Manager at LMG Security.

CONTACT US