Review Black Hat & Defcon 2019

Black Hat

Black Hat is a pretty commercial conference, tickets for two days cost more than 2000$, if you want to attend the briefings. There are also trainings, costs vary and are much higher. The content qualitiy is usually very high, the attendees vary from consultants, CISOs, developers, and all kind of IT security professionals. There is a big crowd with about 17000 attendees in 2017.

The Black Hat is being held at the Mandalay Bay.

The briefings are picked by a review board in a call for papers process. Researchers present their top work, often campaigned weeks before the conference. 
In the business halls all kind of vendors are present and giving away loads of swag for attendees and also throwing parties. 

Keynote

Black Hat USA 2019 Keynote: Every Security Team is a Software Team Now by Dino Dai Zovi

Arsenal

I am mainly at the Black Hat for the Arsenal. It is a great opportunity for developers to present their work at booths that are also located at the business hall. For the last three years I could thankfully present AVET (AntiVirus Evasion Tool), which is giving presenters a briefings pass. The tools are also picked by a review board.

A short thread

Defcon

Defcon is the “real” hacker event in Vegas and is completly different as Black Hat (although both have the same founder). Black Hat and Defcon overlap one day, Defcon is four days. Costs for 2019 were 300$, qualitiy of the talks is also high and more fun might be included (like talks about phreaking). More offensive security stuff seems to be included here.

This year the event was spread over four hotels including four presentation tracks, several villages (areas with talks and hands-on for several topics), parties, CTFs, movies and so on. It was said that about 30000 people attended defcon in 2019, so everything was pretty crowded and also a bit confusing. Walking between the different spots can take between 10-20 minutes.

Defcon is meant to be a hacker con, which is true. Also, there is a strong drinking culture present, fist time speakers must drink a shot (and attendees demand it loudly).

There is also a media server which is worth a look.

Conclusion

If you have the chance to attend Black Hat/Defcon you should give it a try. It is great to connect and develop your skills and I have met some great people and made new friends.
For people who want to advance their career it is definetly great, but if it is your first conference you might consider to go to a smaller event. The atmosphere in Las Vegas is somewhat special, whith the hotels, the casinos and the tourists around.

Short Review: x33fcon

x33fcon is a nice & small conference in Poland, Gdynia near to Gdansk.

“Welcome to x33fcon, a new gathering for IT security professionals and enthusiasts. It’s a new event where blue and red teams meet to exchange views and ideas, share experiences, and discuss the latest security challenges in the industry.”
From: https://www.x33fcon.com/

The ticket price is low (also if you plan to travel there privately), the content was really professional and interesting, a bit more than someone might expect when you see the size of the con. Kudos to the organizers for getting so many interesting speakers and talks. Besides the talks there is also a CTF and workshops, after the conference trainings take place. There is also some great food for lunch, in the breakes there is coffee and small snacks. The breakes are long, so you have some time to talk with speakers and other folks around. Seems to be that ATT&CK is the hot topic currently, at x33fcon alone they had three talks about that. 

From my point of view as a Red Teamer some more talks about breaking stuff on exploitation level would have been great. x33fcon is a great conference, the only critics from my side is that the attendees are being filmed in every talk from any perspective possible. At other conferences they ask when making photos or filming, maybe that might be an idea when not filming the whole audience.

Besides the conference Gdynia, Gdansk and the beaches around are really nice:

Conclusion: Highly recommended.