Arsenal, The Essence of Black Hat

Black Hat Europe took place last week - here's why Arsenal is a valuable component.

Arsenal, The Essence of Black Hat

The past week I had the chance to attend Black Hat Europe for my first time and demo my tool. For this, I would like to thank @ToolsWatch team members in advance because the Arsenal is possible thanks to their dedicated passion over a decade of volunteering.

In this post, I'll try to highlight the peculiarities of the Arsenal compared to the Business Hall and the Briefings. The differences I will point out are the key reasons why the Arsenal does exist along with the Trainings, Business Hall and Briefings.

Black Hat

Black Hat events are the major series of security conferences in the world (located in USA, Europe, Asia) and one of the best opportunities to meet hackers, security researchers, security executives and security practitioners from all over the world.

My personal experience was amazing because I met tons of cool infosec people in just 2 days and despite being on my own at the conference, I haven't felt alone.

Arsenal vs Briefings

The Briefings are very technical presentations that have the ultimate goal of predicting upcoming trends in various infosec topics like hardware and software exploitation, privacy concerns, platform security, practical cryptography, and malware analysis. They are, therefore, the extraordinary achievements of months of research of a team of highly skilled and passionate self-employed, academic, professional hackers that are willing to share their results.

From an attendee's perspective (be it security practitioner, penetration tester, a security researcher in another IT security area, etc.), there is often an impressive steep learning curve to completely grasp the root cause of the vulnerabilities, their detailed exploitation steps and to reproduce it in a timely fashion on its own. This is understandable because it is unlikely that in few hours, without the proper preliminary knowledge, it is feasible to reach the same results of months of research of a team of very competent and motivated hackers ;-).

On the contrary, Arsenal tools are demoed with live commentary and are usually easier to understand because they normally weaponize already known issues or they nicely integrate many different useful features in one standalone security framework. Black Hat attendees can easily find in the Arsenal new inventiveness: be it for using a programming language they are not familiar with yet, be inspired by a tool architecture, grasp the insight of the projects and what they address or be exposed and get interested in an infosec topic completely new to them. Therefore, the major advantage compared to Briefings is that there is no barrier at all between the attendees and the presenter, which indeed can be spotted later as attendee itself of other tools presented at the Arsenal. The open-source tools can later be dissected by attendees giving them the chance to gain a complete insight into the project and feel free to contribute.

I believe that conveying research details (when possible) into an automated and well documented open source project has a major impact because a tool can be reused by many, carefully studied, improved and definitely will ease the process of uncovering similar vulnerabilities in different platforms. This is, in my opinion, the best expression of what is Knowledge Sharing.

Arsenal vs Business Hall

In the Business Hall, professional products from well-known security firms or fast-growing security startups are showcased. These solutions are mostly patented, have closed source code and normally are the results of millions of euros of investments.

Even if business products and open-source Arsenal tools tend to target a completely different market, in my experience are comparable to some extent. Due to their nature, open-source Arsenal projects may involve anyone interested to actively contribute with patches or fully new features whilst for business solutions opening a ticket will likely be the only way to request a bug fix or feature addition. Besides, the informal atmosphere of the Arsenal stands and the small number of committers are more likely to express Enthusiasm and inspire creativeness in the attendees.

Bottom Line

The Arsenal successfully portrays both the knowledge sharing and the enthusiasm aspects of Black Hat.

Black Hat wisely promotes this spirit by granting to Arsenal presenters a stand to demo their tool and the generous chance to fully access both the Business Hall and the Briefings.

If you are working on a security tool or concept and willing to open source it, the Arsenal is the best way to reach other security enthusiasts like you

You have your chance via the Call for Tools, don't miss that!

Black Hat Arsenal Europe 2019

The awesome gif used in this post is by Fabrizio Morra