Hey y’all! It’s just about that time again. The annual pilgrimage to the sweaty, sparkly hive of cybersecurity of Hacker Summer Camp is upon us. And I’m super stoked to get back out there to see my old friends, make a few new ones (possibly Klingon or Vulcan, since it’s running opposite Star Trek Las Vegas again), and deliver a thrilling and mysterious talk about scoring systems and other omen-readings.
And check it out, I’m not the only runZero nerd hitting the stage. We’ve got six talks happening across BSidesLV, The Diana Initiative, Black Hat, and DEF CON. Holy frijoles.
August 4 @ BSidesLV: Turbo Tactical Exploitation, 22 Tips for Tricky Targets – HD Moore speedruns through practical exploitation tips faster than you can say SYN/ACK/SYN-ACK.
August 4 @ The Diana Initiative: Forging Strong Cyber Communities in Uncertain Times – HD Moore and Nicole Schwartz share what it really takes to build and sustain infosec communities that don’t suck. No toxic positivity LinkedIn nonsense, but real talk and battle-tested advice
August 6 @ Black Hat USA: Akheron Proxy, Interchip Communication Serial Proxy – Matthew Kienow and our pal Deral Heiland demo a tool that proxies microcontroller traffic over serial lines, with all the replay and fuzzing bells and whistles.
August 7 @ Black Hat USA: Vulnerability Haruspicy, Picking Out Risk Signals from Scoring System Entrails – That’s me! I’ll be slicing open CVSS, EPSS, and SSVC, spilling their guts all over the Black Hat stage, as well as inspecting the latest like LEV, AIVSS, and more!
August 9 @ DEF CON: There and Back Again, Detecting OT Devices Across Protocol Gateways – Rob King leads a tour of ancient protocol lands, revealing how to spot hidden devices lurking on your (or someone else’s) network.
August 9 @ DEF CON: Shaking Out Shells with SSHamble – HD Moore returns to the DEF CON stage with an update to SSHamble, with fresh research on SSH bugs, backdoors, and the weird stuff lurking in our favorite remote admin tool.
Vegas is going to be hot, weird, exhausting, and amazing, and I can’t wait.
Of course, we’re up to much more than sharing our latest research on stage. If you’re looking to hang and/or score some very neat branded swag, keep an eye on our Summer Camp plans which will have the latest spacetime coordinates, as well as links to the more exclusive, invite-only events we’ll be hosting through the week.
It’s going to be a busy few days, and I’m kind of already exhausted just thinking about it. But in a good way. Let’s say.
Update (July 30, 2025): We've confirmed two more panel slots. Who needs sleep?
- August 5 @ Black Hat USA: Self-Funded Security: Bootstrapping Your Way to Success in Cyber – HD Moore joins a panel to share how to grow a cybersecurity company, including using open-source work and community ties, both ethically and without huge capital investments.
- August 5 @ BSidesLV: What Should CVE Be When It Grows Up? – TodB joins a panel to discuss the challenges facing the CVE program, and what you can do to help.
