BlackHat 2017 visit and the chaos i caused

So, like many of you, i went along to the BlackHat 2017 at the Excel in London this week.

I’m going to break this down into two sections so its pretty clear.

Monday, i woke up, breakfasted, checked my calendar… oops ! BlackHat this week!!! woohooo!!

So i got out of the house, got on the train, got to excel and collected my badge… First thoughts… its damn quite here ! i mean, no milling crowds, so halls open, no stands… whats going on? I asked a security guard where the black hat venue was being held and i was told on the 3rd floor. Ooook.. up the lift i go, past security, which is laughable to say the least, a cursory bag check and i was in ( much like the Recent Nick Cave concert i went to… cursory.. i could of have several pipe bombs strapped to me and there was no metal detectors to catch me… shocking !! ) into a smaller conference hall with rooms off the side.

A few people milling about, generally chatting, grabbing coffee. scoffing food.. you know the type… engineers have a particular stance. This is odd i thought, BlackHat should be rammed with people…. down the far end i spy a large wall chart object that looks like a timetable. feeling a little self conscious now as i’m getting the feeling this is not the event i think it should be, i casually saunter down to the far end and look at the chart… active tutorial sessions!! instructor led sessions.. technical workshops… oh sheeit!! i just walked into the paid sections!!!

Ok, im here now, no one challenged me, play it cool rodders, play it cool…

So i grab a coffee 🙂 and sit down and scan through the BH website on my phone and see the courses…. Ahhh.. some nice ones i’d seen before, but couldn’t get my company to pay for….. i wonder..

i finished my coffee and went to one of the rooms and peeked inside…. several tables set up most with laptops and books on them… a few empty ones also. i really wished at this point i had brought my laptop, i could have so easily snuck into a paid course for free…. however looking at the projector screen and some of the printed materials, the course required some download content im sure would of had to be downloaded from the tutor site or at least a pass-worded area. Still, being able to listen to some of them that were really about advanced pen test techniques was cool, learnt a few things which ill try out of never few weeks.

 

Second part.. the main event

Arrived at excel on the Wednesday looking forward to the event, had a little breakfast in the river cottage place and then went in… again cursory bag check… i swear, one of these days i’m gonna try and sneak a dummy one in and see what they do about it.

Anyway, you can generally tell the quality of the events by seeing how many vendor stalls to how many freebies are given away and the quality of them.

Not that many stalls if i’m honest, i completed my first circuit coverage in less than 20 mins. Stalls like carbon black, darktrace, watchguardt etc… mainstream, not interested, been there see it done it, move along please. But a few indie stalls from companies i’d not seen before.. the place is like 1/4 the size of the Infosec show earlier this year, and 1/3 of the space was break out space.. so really not that much to look at… the arsenal stations were cool, but only one of them caught my attention to stand and watch.. and that was the python and java coded scripts to hook running app processes inside android ( yaah! ) and apple ( boo! ) devices.

Did another circuit looking for freebies

Stopped at a session where there was a presentation about methodologies on something or other to do with social engineering… yadda yadda.. boring. Started to feel like a wasted day was fast approaching… even a trip to the black hat shop didn’t fire up the juices. Ok, time to kick it in gear….

Every event i go to, its amazing how many people attend from the same professions and how many just act like stupid tourists and let their guard down. The vendors… they scan your badges and chat to you to get some presales qualifications out of the way… now whilst i’m immune to most sales directions, it does present an opportunity for a bit of chaos. Scanners i mentioned are generally little hand ones, scan the bar-code and record your interest… but i noticed they were all the same… hmmm… each one must be coded somehow to the vendor… i wonder…

I started looking for an opportunity… 5 mins later.. it appeared….Neustar and Fortinet stands right opposite each other. the situation arose when a two groups of people had just left both stalls at the same time, i managed to swipe the Fortinet scanners, spin around, three steps forward swap it with the Neustar scanner, three steps back span around and dropped it on the Fortinet booth… making it look like i was dodging people as i was moving through them, no one noticed…

So i stood back at the ZeroFox stall and watched what might happen.. sure enough, whilst i was swapping, the booth staff were replacing freebies, leaflets pens and all the other stuff ready for the next group.. neither noticed.. until one of them picked up the scanner and walked around the other side of the booth… i moved forward so i could see… the girl was scanning a delegates badge… nothing happened… didn’t expect to see red alarms and bells going off, but was interesting to see. I went back to the Neustar booth, said “look i’m in a hurry… can you scan me now and get one of your guys to contact me next week please….” guy grabbed the scanner and scanned me.. not even paying attention to the scanner… and i walked off. So.. a little bit of sabotage, but nothing bad happened.

Next i’m thinking OK that went well… lets see what else we can do…

Then i spied probably the vendors worst nightmare… the freeloader. This guy had a backpack, had vendor bags and i saw him walking past a booth, hand flashed out grabbed a metal water bottle and walked on without even looking at the stall…. oooh.. this could be interesting… so i followed him. For those of you who have done covert surveillance, you know its easy to follow someone through a crowd as long as you stay back a few feet and randomise your movement patterns, i followed and observed this guy on his shopping spree…  i noticed he only grabbed the better looking freebies, didn’t bother with pens or fidget spinners… but i saw him grab a t-shirt and stuff it in one of the carry bags just as he walked off the guy on the booth turned his back to him ( and me) and bent down to get something from behind the desk….opportunity !!!  scanner was on the desk and was within half an arms reach as i was following Mr Freeloader… as i walked past, i grabbed the scanner and took two large steps that brought me up behind Mr Freeloader. Plop! dropped the scanner into one of his bags on the left side on his shoulder and moved off to his right.. sure enough he felt something on the left and instinctively turned to look and check on the left, whilst i moved to the right out of his field of view and vanished into the crowd.

I circled the booth next to me and got to a vantage point where i could observe…. he was pawing through his bag looking and checking to make sure he hadn’t lost anything… then the most wonderful thing happened…. he pulled out the scanner and looked at it long and hard… in plain view of the stall i snatched it from where the guy was looking around as he couldn’t see the scanner and none of his colleagues had it.. and saw the guy, obviously a delegate, looking at the scanner, turning it over in his hands puzzled. He went to the Mr Freeloader, a few words were exchanged and the scanner was reclaimed. Mr Freeloader was really confused by this time, and was really wondering wtf just happened. He moved off. I followed.

I didn’t get another opportunity for a good 20 mins after this and Mr Freeloader had redistributed his bags and made it more difficult to get access, but sure enough, he dropped his guard and whilst he was talking to a vendor he put his bags down and sat on a stool talking to a vendor whilst being shown a little demo. I watched this for a while looking for an ‘in’ and got a little bored… but then another opportunity came that i swear was almost accidental in the making but absolutely hilarious to watch. During his demo, Mr Freeloader had been sitting on a stool and had been shuffling and moving and must have moved the stool so one of the feet had moved over one of the carry bag handles without him knowing it. When he was leaving, he just reached down to pick up the bags, just as another guy was making to slide into the now warm vacated stool… just as the guy was siting down, Mr Freeloader pulled his bags up and the loop around the stool leg must have tugged it as the stool moved backward by a few inches causing the next guy to sit down to stumble as his body realised there was nothing under his butt where the should have been on a downward motion. Arms waving, pinwheeling falling backwards.. crash to the floor.

Gravity as you know is a powerful and immutable force… whats is set in motion stays in motion until its acted upon by an equal or more powerful force.

No such chance.

Mr Freeloader standing there with bags in hand half wrapped around the stool trying to disengage it whilst this other guy was falling to the floor. Most people probably just reacted to the sudden motion or noise… i had been watching the whole thing, rapturously fascinated as this played out. Mr Freeloader had this expression on his face of pure horror as the guy on the floor started to get up. The vendors rushed to help the guy up and as they did, i swear i don’t know what made me do this, but i stepped forward and whispered to Mr Freeloader.. ” move!! run !! get out of here!! he found out last night his trophy wife is banging his best mate and he’s just about to explode on you!!! get through he crowd i’ll cover for you” Freeloader just turned and ran, i mean.. dodged, waddled, fast ducked and dived and zig-zagged around the booths, didn’t ask where why or how just reacted, thats probably the most hilarious social engineering I’ve ever done…. as i turned back to the guy who was now up and being brushed down by the booth vendors.. he was looking around a bit confused, i pointed towards Freeloader.. ” he went thatta way ” the guy didn’t chase freeloader.. to be fair he took it in his stride and carried on with the demo and laughed it off.

I turned and left the area, pretty much brought me back to the entrance. By this time i figured id seen everything to see, done a couple of risky moves but had fun… all in all i was in the hall for about 3 hours, not the best use of my time, but hey, a security guy who can’t react and take advantage of a situation isn’t worth the time.

 

So my summary of this event is, not many vendors as i would have expected to see.. Security is a big thing right now, so why wasn’t that hall packed with vendor booths?? answers on a post card please. Whilst some of the content was interesting, a lot of it was just too mainstream to be of practical use.. i mean mimecast.. pffttt.. same old same old.

I want to see new and more interesting stuff as these show, i was to see real demos of what their products do and not just read leaflets and talk to a sales guy who’s got no understanding of real life cyber ops. So listen up BlackHat, you need to up the game a little here or your just going to end up being another vendor led show run and dominated by the big guys.