|
|
|
|
Viva Las Vegas!
Join us August 4–10 for a week of action at BSidesLV, Black Hat, DEF CON, The Diana Initiative, and more! We've got seven talks to take in and crews in every venue you'll want to visit during a fun-filled Hacker Summer Camp.
Hop aboard a helicopter ride over the Strip, join us at the House of Blues, make some noise at NoiseFest, and see if you can help us save our Yeti's arctic hacker lair from complete meltdown. It's going to be an epic week with lots of great adventures.
And, of course, we'd love to meet you 1:1!
|
|
|
|
|
|
|
|
|
|
August 4-6
BSidesLV
|
|
We're a gold sponsor at BSidesLV this year! Find our table near the entrance and exit of Middle Ground. We'll be the ones with the really tall Yeti, plus some very hackery swag... maybe even some special edition challenge coins.
Our technical peeps will also be on standby to tell you all about our new vuln scanning capabilities with Nuclei.
HD Moore (our CEO and founder) will also be hanging out after his talk to answer all your questions.
|
|
|
|
|
|
|
|
|
August 5-7
Black Hat USA
|
|
Who needs the show floor when you have an arctic hacker lair to retreat to? Escape the vendor madness and come explore literally the coolest experience at Black Hat.
We'll be set up next to Libertine Social across from Kumi in Mandalay Bay with an escape-room-style hacker challenge that will have you clamoring to reach the top of the leaderboard to claim coveted prizes.
Plus, join us for technical talks and the reveal of a cool new research-inspired tool!
|
|
|
|
|
|
|
|
|
|
|
House of Blues • August 5-6
The Cyber Lounge
|
|
Join us in the Cyber Lounge, co-sponsored with our friends at Morgan Franklin. Meet with colleagues, network, catch up on emails, or just recharge with free beverages, snacks, and fun giveaways. We'll also have demos and technical experts on hand to answer questions about all things exposure management and OT security.
Live music starts at 4pm each day, with lunches served at 12pm and 1pm.
|
|
|
|
|
|
|
|
|
Helo Facility • August 6 @ 7pm
VIP Helicopter Event
|
|
Get ready for an unforgettable night over the Vegas Strip! Join the industry's top cybersecurity leaders and influencers for a breathtaking helicopter flight with stunning panoramic views of the city lights. Enjoy a unique culinary experience, a full bar, networking, and flight simulators before and after your flight, as well as a chance to win some very special prizes.
This exec-level event requires approval. Request your jump seat before they're gone.
|
|
|
|
|
|
|
|
|
|
|
B-Side • August 7 @ 6pm
NoiseFest
|
|
We're bringing the noise back to Vegas with our friends at GreyNoise, and this year, we’re turning it up a notch...right on the Strip. After a long day of conference chaos, kick back with a drink, swap stories with fellow security pros, and connect with new and old friends. We'll be serving up tasty beverages and some light snacks.
This event is filling up fast — RSVP now to save your spot.
|
|
|
|
|
|
|
|
|
August 8-10
DEF CON
|
|
Connect with us at DEF CON as we roam the Villages making tinfoil hats, soldering badges, and hacking all the things. We'll be out and about, armed with some limited edition stickers, patch keychains, and coveted runZero nail polish... cause it wouldn't be DEF CON without all the swag.
Plus, catch our two talks: one on the main stage and one in the ICS Village.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
BSidesLV • August 4 @ 11am
Turbo Tactical Exploitation: 22 Tips for Tricky Targets
|
|
Join HD Moore as he delivers a series of rapid-fire, practical tips to help you spot valuable targets faster, pivot smarter, and skip the noise. From recon to lateral movement (and everything in between), these techniques are built for speed and getting the most out of every packet, port, and pivot.
Whether you’re on a red team or just want to better understand your exposure, you’ll leave with new ways to spot weak links fast — and exploit them even faster.
|
|
|
|
|
|
|
|
|
|
|
BSidesLV • August 5 @ 1pm
Panel Discussion: What Should CVE Be When It Grows Up?
|
The CVE Program is a pillar of the cybersecurity ecosystem. Over the past 18 months, the CVE Program and U.S. National Vulnerability Database have faced funding challenges, while the EU has launched its own vulnerability database. In June, Congress called for a formal audit of the program.
This panel will explore the future of the CVE Program, how it should effectively communicate its value to policymakers, and how to preserve its role without fracturing the broader vulnerability disclosure ecosystem.
|
|
|
|
|
|
|
|
|
Diana Initiative • August 4 @ 3pm
Forging Strong Cyber Communities in Uncertain Times
|
|
HD Moore and Nicole Schwartz explore what it really takes to create and foster robust cybersecurity communities and why we should all get involved in these important initiatives — now more than ever.
HD will share insights from developing the open-source Metasploit Project, drawing parallels with the enduring principles of in-person community building that Nicole and her fellow board members rely upon to grow and sustain The Diana Initiative. Real talk guaranteed!
|
|
|
|
|
|
|
|
|
|
|
Black Hat Arsenal • August 6 @ 11am
Arsenal Talk: Akheron Proxy – Interchip communication serial proxy
|
|
Matthew Kienow and Deral Heiland will be at Black Hat Arsenal Station 9 diving into Akheron Proxy, a serial communication proxy application tool designed to connect and proxy serial communication between microprocessors on a hardware circuit board.
See how to capture, decode, replay, and fuzz serial communications flowing between microprocessors on an embedded device circuit board in real time.
|
|
|
|
|
|
|
|
|
Black Hat • August 7 @ 2:30pm
Vulnerability Haruspicy: Picking Out Risk Signals from Scoring System Entrails
|
|
Dig into the strengths, weaknesses, and absurdities of CVSS, EPSS, and SSVC, comparing them to the reality of how security teams actually handle vulnerabilities.
Tod will explore where these models help, where they mislead, and whether any of them are any better than rolling the proverbial dice. Plus, we'll be unveiling a new tool to help you stay on top of the dynamic and sometimes surprising nature of these scoring systems!
|
|
|
|
|
|
|
|
|
|
|
DEF CON • August 9 @ 3pm
Shaking Out Shells with SSHamble
|
|
Secure Shell (SSH) is finally fun again! After a wild two years, including a near-miss backdoor, clever cryptographic failures, unauthenticated remote code execution in OpenSSH, and piles of state machine bugs and authentication bypass issues, the security of SSH implementations has never been more relevant.
This session is an extension of our 2024 work and includes new research as well as significant updates to our open source research and assessment tool, SSHamble.
|
|
|
|
|
|
|
|
|
DEF CON ICS Village • Aug 9 @ 3pm
There and Back Again: Detecting OT Devices Across Protocol Gateways
|
Join Rob King, our Director of Applied Research, for a discussion on legacy protocols that are still widely used in the OT world and how devices that speak them are often hidden behind protocol gateways.
Rob will also share creative methodologies for discovering devices on the other side of these gateways safely and effectively. Come jump down the OT rabbit hole with us in the ICS Village!
|
|
|
|
|
|
|
|
|
|
|
|
Are you the ultimate Master Hacker?
|
|
Zeti, the runZero Yeti, headed to Las Vegas early, but it’s too hot in the desert for Yetis. So he built an arctic hacker lair. Unfortunately, a bad actor claims to have infiltrated the control system and is threatening a total meltdown.
We're hoping a few good hackers will accept our mission to help save Zeti's lair. And win some amazing prizes and bragging rights along the way. There will be ciphers and clues to stump even the most skilled.
Come join us for the fun in Mandalay Bay outside of Libertine Social and see if you can claim the title of Master Hacker!
|
|
|
|
|
|
|
|
|
|
|
runZero, Inc. is located remotely around the country, but headquartered in sunny Austin, TX, USA.
|
|
|
|
|
