Sophos Cloud Optix
Las Vegas in general, and the Black Hat conference in particular, really do seem larger-than-life, as you can see in the video I made at the outset of the event.
Same sort of thing for the conference papers themselves, with eleven parallel streams. I’ve stuck almost entirely to the Exploitation and Reverse Engineering streams, with occasional forays into Malware Fingerprinting and Bug Collecting.
One of the most obvious things to come out of the Exploitation stream is how much time the exploit-finding guys have compared to malware analysts. Tools to deal with malware automatically need to be really quick – we typically have minutes, or very occasionally, hours, to deal with new items of malware.
In contrast, exploit finders enjoy the luxury of tools which run for hours, and sometimes days, to automate some parts of the exploit-finding process. Indeed, this is a luxury they require, since finding new exploits is, fortunately, pretty hard.
I’ve learned a lot in two days, notably about a range of interesting open-source tools for security operations and research, such as BitBlaze (for crash analysis), Virt-ICE (a debugger-enabled virtual machine system) and Nmap (the network scanning tool).
By the way, Fyodor, the creator of Nmap, is now the proud owner of a DECODEME T-shirt.
So, is there a larger-than-life lesson to be learned from Black Hat? Yes, and here it is: we really can aim for cybervictory. The number, and quality, of people worldwide who are not only interested in but committed to computer security is impressively large.
Cybercriminals, watch out!