Another Unforgettable Black Hat & DEF CON Week
I landed in Las Vegas and checked into Circus Circus, a no-frills spot but close enough to DEF CON to make the walk easy. It felt like the right basecamp for a packed week. My 4th hacker summer camp!
Tuesday was about arrivals, badges, and parties. I picked up my Black Hat pass at Mandalay Bay and then made the rounds. Armis, Cloudflare, and Zero Networks with Seemplicity all hosted strong events. Cloudflare’s ice bar was the most unique, with furniture and glasses carved from ice. They handed out coats at the door, but it was so cold that thirty minutes was the limit. A fun start to the week and credit to all the hosts for putting together great events.
Wednesday started with the keynote from Mikko Hypponen, introduced by Jeff Moss, walking through three decades of malware history. The reminder that if it is smart, it is vulnerable will stick with me. He also noted that the best work often goes unnoticed, a fitting thought for cyber careers. The business hall was buzzing as always, though it felt like government presence was lighter this year. I was not able to get around as much as I hoped with other commitments pulling me away, but I still spoke with around thirty vendors. Many are layering LLMs on top of existing tools to help summarize alerts or trigger actions. Few big surprises, but I was impressed by the range of features and new business models taking shape.
I also worked the Microsoft booth for several hours, which is always a highlight. Talking with customers and peers, representing the brand, and just being in the mix makes the trip worthwhile. That evening I opted out of another round of parties and joined friends for dinner instead.
Thursday started with a DEF CON merch run. I met a young woman on her first solo DEF CON and we teamed up for the walk and the linecon. My two hundred in cash went quickly but I left with shirts for myself and a few for peers who could not spare hours in line. I held off on my badge until Friday and returned to Black Hat, missing Nicole Perlroth’s keynote. I did manage to catch Aarti Borkar and Sherrod DeGrippo presenting on how Microsoft tracks the world’s most dangerous hackers, followed by Chris Inglis with reflections on what has changed and what has not as technology evolved. In between I worked the booth again for several hours.
I kept the swag light this year. A couple shirts, the new CrowdStrike figurine, some threat actor playing cards, and even a bottle of hot sauce. Later I toured the Black Hat SOC and caught up with some folks from Corelight before heading out for the night. I had been waitlisted for the Microsoft MSRC party at Skyfall, but a small group of us managed to talk our way in. Las Vegas has always been a special place for me and my two brothers, both of whom fought long battles with cancer. I spoke to one of them last year from this same party, and standing there again brought back tough memories. Still, it turned into one of the best nights of the week. I met my favorite podcaster again, Jack Rhysider from Darknet Diaries, and left with stickers and a wristband. We closed the night with a small group of friends over burgers and shakes at In and Out.
Friday at DEF CON started smoothly. The Thursday rush was over and I walked right in for my badge. I volunteered at the AppSec Village for the day, which meant long hours on my feet but also a chance to hear a few talks. A presentation on an iTunes flaw and another on a Microsoft Entra exploit were both worth catching. Plenty of AI-themed talks popped up this year, though most stayed surface level. Volunteering was rewarding for the experience and the credibility, but it did cut into networking time and left me exhausted. That evening I checked out the Arcade party and drifted through a few others before heading out around 12:30.
Saturday began with a morning shift at the AppSec Village, followed by an informal presentation with peers at AIxCC and a quick round through the expo floor and villages before heading back for a nap. Saturday night has historically been the big DEF CON party night, but this year things seemed more spread out across Friday and Saturday. I had really enjoyed the VetCon party last year, but this time the smaller open venue with fewer activities felt like a letdown. Even so, I spent most of the evening there talking with people and later managed to slip into the Cyberdelia Rave. I also wormed my way through Illuminati, GothCon, and Day of the Dead before calling it a night around 12:30.
I had time to return Sunday morning, but exhaustion and work waiting back home made the call for me.
Another year in the books. I skipped the pre-events this time since costs are climbing and the extra day adds too much burnout. I will probably volunteer again next year, either at AppSec or another village. Black Hat is still the place for professional networking while DEF CON is where the community comes alive. At Black Hat I left with a stack of new LinkedIn connections. At DEF CON I left with stories, conversations, and a sense of being part of something bigger.
See you next year!