Every year security experts from around the world gather in Las Vegas for what is lovingly called Hacker Summer Camp. The trio of B-Sides, BlackHat and DEFCON security conferences combine for a week in the blisteringly hot Nevada desert packed full of briefings, research and tools released to the security community. Coupled with the hacks, hijinks and pranks that take place each year it’s a trip that can’t be missed.
This year was no different in that it brought along a whole new swath of vulnerability presentations, many concentrating on the ever growing IoT space. Experts showed how almost all Bluetooth locks are insecure (seriously, don’t buy them), released Bluetooth man-in-the-middle frameworks for hacking on IoT devices and showed how to hack into popular drones used for aerial photography. Tool releases like CANSPY for talking to CAN buses found in the latest generation of automobiles (DEFCON featured an entire Car Hacking Village and series of talks). Sessions on malware research and forensics showed the ever growing presence of state sponsored attacks and a need for tools to accelerate forensic process.
Attending these conferences isn’t just about the talks though. It’s a chance for researchers in all sectors of security to get together, meet and show off their latest innovation or compare notes. It’s a chance to meet with the people we collaborate with on forums, chat and through open source tooling we use daily. We were fortunate to meet with DomainTools users and get their direct input on how they use Iris every day in their SOCs and in their research. We were even more fortunate to see our tools used for research by multiple speakers—further proof that Iris can be leveraged to easily and effectively parse through our trove of historicalized Whois and DNS records to find meaningful connections between data points.
Thank you to everyone that spoke, presented or came to speak with us during the week. We look forward to to another full year of developing our tools and enlarging our data set so we can provide the security community with the best possible investigation platform. See you next year, hackers.