Black Hat Briefings (commonly referred to as Black Hat) is a

computer security conference A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Events Common activities at hacke ...

that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

ranging from non-technical individuals, executives, hackers, and security professionals. The conference takes place regularly in

Las Vegas Las Vegas (; Spanish for "The Meadows"), often known simply as Vegas, is the 25th-most populous city in the United States, the most populous city in the state of Nevada, and the county seat of Clark County. The city anchors the Las Vegas ...

Barcelona Barcelona ( , , ) is a city on the coast of northeastern Spain. It is the capital and largest city of the autonomous community of Catalonia, as well as the second most populous municipality of Spain. With a population of 1.6 million within ci ...

London London is the capital and List of urban areas in the United Kingdom, largest city of England and the United Kingdom, with a population of just under 9 million. It stands on the River Thames in south-east England at the head of a estuary dow ...

and

Riyadh Riyadh (, ar, الرياض, 'ar-Riyāḍ, lit.: 'The Gardens' Najdi pronunciation: ), formerly known as Hajr al-Yamamah, is the capital and largest city of Saudi Arabia. It is also the capital of the Riyadh Province and the centre of th ...

. The conference has also been hosted in

Amsterdam Amsterdam ( , , , lit. ''The Dam on the River Amstel'') is the capital and most populous city of the Netherlands, with The Hague being the seat of government. It has a population of 907,976 within the city proper, 1,558,755 in the urban ar ...

Tokyo Tokyo (; ja, 東京, , ), officially the Tokyo Metropolis ( ja, 東京都, label=none, ), is the capital and List of cities in Japan, largest city of Japan. Formerly known as Edo, its metropolitan area () is the most populous in the world, ...

, and

Washington, D.C. ) , image_skyline = , image_caption = Clockwise from top left: the Washington Monument and Lincoln Memorial on the National Mall, United States Capitol, Logan Circle, Jefferson Memorial, White House, Adams Morgan, ...

in the past.

History

The first Black Hat was held July 7-10, 1997 in Las Vegas, immediately prior to DEF CON 5. The conference was aimed at the computer industry, promising to give them privileged insight into the minds and motivations of their hacker adversaries. Its organizers stated: "While many conferences focus on information and network security, only the Black Hat Briefings will put your engineers and software programmers face-to-face with today's cutting edge computer security experts and 'hackers.'" It was presented by DEF CON Communications and Cambridge Technology Partners. It was founded by Jeff Moss, who also founded DEF CON, and is currently the Conference Chair of the Black Hat Review Board. These are considered the premier information security conferences in the world. Black Hat started as a single annual conference in

Nevada Nevada ( ; ) is a state in the Western region of the United States. It is bordered by Oregon to the northwest, Idaho to the northeast, California to the west, Arizona to the southeast, and Utah to the east. Nevada is the 7th-most extensive, ...

and is now held in multiple locations around the world. Black Hat was acquired by

CMP Media UBM Technology Group, formerly CMP Publications, was a business-to-business multimedia company that provided information and integrated marketing services to technology professionals worldwide. It offered marketers and advertisers services such as ...

, a subsidiary of U.K.-based

United Business Media UBM plc was a British business-to-business (B2B) events organiser headquartered in London, England, before its acquisition by Informa in 2018. It had a long history as a multinational media company. Its main focus was on B2B events, but its ...

(UBM) in 2005.

Culture

Black Hat is typically scheduled prior to DEF CON with many attendees going to both conferences. It has been perceived by the security industry as a more corporate security conference whereas DEF CON is more informal.

Purpose

The conference is composed of three major sections: the Black Hat Briefings, Black Hat Trainings, and Black Hat Arsenal. The Briefings are composed of tracks, covering various topics including reverse engineering, identity and privacy, and hacking. The briefings also contain keynote speeches from leading voices in the information security field, including Robert Lentz, Chief Security Officer,

United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national sec ...

; Michael Lynn; Amit Yoran, former

Director Director may refer to: Literature * ''Director'' (magazine), a British magazine * ''The Director'' (novel), a 1971 novel by Henry Denker * ''The Director'' (play), a 2000 play by Nancy Hasty Music * Director (band), an Irish rock band * ''D ...

of the

National Cyber Security Division The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Inf ...

of the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...

; and General Keith B. Alexander, former

Director of the National Security Agency The director of the National Security Agency (DIRNSA) is the highest-ranking official of the National Security Agency, which is a defense agency within the U.S. Department of Defense. The director of the NSA also concurrently serves as the Chie ...

and former commander of the

United States Cyber Command United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integr ...

. Training is offered by various computer security vendors and individual security professionals. The conference has hosted the

National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...

's information assurance manager course, and various courses by

Cisco Systems Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...

, Offensive Security, and others. Arsenal is a portion of the conference dedicated to giving researchers and the open source community a place to showcase their latest open-source information security tools. Arsenal primarily consists of live tool demonstrations in a setting where attendees can ask questions about the tools and sometimes use them. It was added in 2010. ToolsWatch maintains an archive of all Black Hat Briefings Arsenals.

Antics and disclosures

Black Hat is known for the antics of its hacker contingent, and the disclosures brought in its talks. Conference attendees have been known to hijack wireless connections of the hotels, hack hotel television billing systems, and in one instance, deploy a fake

automated teller machine An automated teller machine (ATM) or cash machine (in British English) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, fun ...

in a hotel lobby. In 2009, web sites belonging to a handful of security researchers and groups were hacked and passwords, private e-mails, IM chats, and sensitive documents were exposed on the vandalized site of

Dan Kaminsky Daniel Kaminsky (February 7, 1979 – April 23, 2021) was an American computer security researcher. He was a co-founder and chief scientist of WhiteOps, a computer security company. He previously worked for Cisco, Avaya, and IOActive, where h ...

, days before the conference. During Black Hat USA in 2009, a

USB Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers. A broad ...

thumb drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...

that was passed around among attendees was found to be infected with the

Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator pas ...

virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsk ...

, and in 2008, three men were expelled for

packet sniffing A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...

the press room

local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network (WAN) not only covers a larger ...

. In the past, companies have attempted to ban researchers from disclosing vital information about their products. At Black Hat USA in 2005,

tried to stop Michael Lynn from speaking about a

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

that he said could let

hackers A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

virtually shut down the Internet. However, in recent years, researchers have worked with vendors to resolve issues, and some vendors have challenged hackers to attack their products.

References

External links