Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. But fear not, Threatpost has your back. To help you get the least out of your time in the Saddest Place on Earth, we have assembled this incomplete guide for How to Fail at Black Hat.

  • Follow the crowds. Black Hat has grown from a small gathering of a few hundred researchers and hackers into a massive conclave of thousands of people involved in every aspect of security. They’re all smarter than you are, so if you see a long line somewhere, make sure you join it, especially if you can’t see the front of it and are unsure of what it’s for. It could be the line for the Addams Family Values slots or it could be the line to pick up a wristband that lets you stand in line to pick up a coin to stand in line for a vendor party. It’s a lose-lose!
  • Avoid meeting new people. The key to success in security, as in life, is to continue learning every day. There are a lot of sharp, clever people from around the world at Black Hat, but talking to them will only bog you down with new ideas and perspectives. You can get around this drag on your intellect by only talking to people you know who share your background and lines of thinking. They’ll reinforce your existing beliefs and prevent you from having to deal with the pain of having to rethink your position on government surveillance or veganism.
  • Wallow in your cynicism. If you’ve been to Black Hat before, it’s vital that you let everyone know how much better it used to be before it became “mainstream” and overrun by vendors and lamers. If you don’t say this loudly and repeatedly, people might think you’re there to learn and get better. That’s a slippery slope that can lead to actual personal growth. Beware!
  • Only attend talks by big-name researchers. The pool of talented, creative security researchers is really shallow, and all of the good ones have already emerged, so don’t waste your time going to a talk by some guy you’ve never heard of. I mean, what are the odds that a random researcher from, like, Argentina or New Zealand will have something interesting to say or a new concept to show you? Really low. So don’t even bother. Follow the crowds to the jam-packed talks by the Big Guys, which will be covered by every reporter in the industry, further reinforcing the wisdom of your decision and not at all making it redundant for you to be there.
  • Save the 10 bucks and use any open wireless network you can find. Vegas is a weird place. Lots of things are crazy expensive (gyms, bottled water, vegetables) and lots of others are ridiculously cheap or even free (buffets, Bud Light, second-hand smoke). You’ll want to save your money for the important things, so don’t waste it on wireless Internet access. There are plenty of free, unsecured networks available–some of which are helpfully named “Free Wifi.” Those are totally fine. After all, they wouldn’t have them available at a security conference if they weren’t safe.
  • Accept an offer of a free ride from Charlie Miller and Chris Valasek. These two security researchers do some of the more interesting work every year, and this year is no exception, with them tearing apart various vehicles to hack them and expose vulnerabilities that enable them to remotely control many functions governed by on-board computers. As Andy Greenberg at Forbes discovered, this can make for an exhilarating ride with random steering loss, ADD-like behavior from the gauges and fun brake failures. If you see Miller and Valasek in their Prius in the cab line at Caesars, hop in. They’ll even let you drive.
  • Go see Wayne Newton. It’s totally worth it. Trust us.

Categories: Social Engineering, Web Security