Not that my opinion counts for much.
But here are some general trends and impressions from BlackHat 2016.
BH is so much more commercial now and “business”. People in suits everywhere. Sponsored parties, sponsored workshops, sponsored sessions, sponsored everything.
- RansomWare → Attacking hospitals
- Car Hacking
- AD: several pentest frameworks; “owning” the corporate AD is the start of the pentest, not the goal!
- Interest in TLS / crypto as Internet moves to encryption. Wassenaar.
- AWS hacking / persistence; DFIR in virtualized environments.
- Passwords: Views on reusable pwds have shifted radically. Basically: just don’t!
- Http(2) / QUIC: Widely deployed.
- attacks: Protocol is immature. Has significant attack surface. More attacks will be uncovered as HTTP/2 “native” servers are deployed + applications leverage the flexibility of the protocol.
- straight signature-based detection of malware will become increasingly less useful at perimeter because of binary nature of HTTP/2, compression, encryption, flexibility.
- Malware / RE: but new emphasis on hiding malware in documents, detecting malware in documents
- Win10 internals: Heap internals, Virtualization function, enhanced security function
- OAuth bugs: OpenID Connect solves a lot of OAuth problems re AuthN
Still some interest but no longer the latest “big deal”:
- Big data / ML. Only in some tools presented. Apparently no longer the “big deal”.
Jeff Moss’ remarks
Jeff Moss' introductory remarks bear repeating.
6400 people in the Keynote main room. Also overflow!!
“Speed” becoming more NB. Changes the way we need to think about security. Eg
- time to remediate: days not weeks
- Speed to market, reconfigure networks