Gartner FAQ: What I thought about Black Hat USA 2017
So, what did you think of Black Hat this year?” and “Is Black Hat worth going to?” have been FAQs from colleagues and clients alike this week. So I thought I’d put a very brief summary together.IMO Black Hat USA continues to grow into a better version of the RSA Conference. Less vendor marketing nonsense. Fewer suited, disconnected executive types. Actual practitioners and ‘real’ people to talk to, both in terms of attendees and vendors. I spoke to a ton of people who almost unanimously said that ransomware is still their top worry. A lot of those people have started to realise the importance of ‘Operational IT” in their security strategies, and are thinking about how to automate or orchestrate some of the repeatable processes that are getting forgotten or overlooked.
The top 5 things I can still remember two weeks later:
- A cool exploit testing tool from Sophos. (SophosTester.zip – bottom of the page)
- “Threat hunting” through Alexa with Endgame. (Skip past the fluff to 00:53)
- Many examples, demos, and sessions using MS Office doc exploits on Windows 7 to gain access. (too easy)
- CrowdStrike opened up their malware database for malware researchers/incident responders. (gotta pay, though)
- A questionable Ozzy Osbourne impersonator.
Read the entire article here, FAQ: What I thought about Black Hat USA 2017
via the fine folks at Gartner