Thoughts on BSides Las Vegas 2016

John Skipper, Senior Consultant, Coalfire Labs

I recently attended “Infosec Week” in Vegas - Black Hat, BSides and DEFCON.  BSides is a high point every year.  This smaller Con has a plethora of perks which make it a “must attended” and also offers many of the same benefits or advantages or opportunities as Black Hat and DEFCON.

Initially, BSides may start out as a never-ending line to register and get in, but BSides actually limits the number of attendees. So once you are in, no more “Line Con.” This is one of the biggest advantages, in my opinion. The atmosphere is a lot calmer than that of larger conventions. At some of the conferences it is impossible to relax for a minute without leaving, but there is personal space at BSides. There are no hordes of people to fight through in order to pick up your swag, and there is time to speak in a normal “indoor” voice to the vendors.

Another favorite aspect about BSides is that many of the same talks which appear at Black Hat and DEFCON are at BSides. This year one of the highlights was “Six Degrees of Domain Admin – Using Bloodhound to Automate Active Directory Domain Privilege Escalation Analysis” by Andy Robbins, Will Schroeder and Rohan Vazarkar. This talk literally changed the way I do pentesting. They presented at Black Hat and DEFCON, but I was able to see their amazing presentation without fighting a crowd, or showing up an hour early at BSides. I walked in at 2PM when the talk was starting.

And this happens for every talk. There are some “closed door” talks which you need to show up on time for, but if you want to see it, you’ll be able to see it. Last year I attended the much anticipated “The Internet of … Mainframes?! WTF?” by Soldier of Fortran (He also presented at DEFCON). This was part of the Underground tract, so no recording and the door was closed, but again, I walked a couple of minutes early and got in without waiting in a line.

BSides also has its “extras” such as villages, competitions and other events. Last year they had a wireless village. While talks on topics such as SDRs were being presented, attendees were working on 802.11 and other RF projects. Also last year at BSides I obtained the HAM Technicians Class License (KE0FLP).  This year they continued the lock picking village stocked with Peterson pics and turning tools and friendly staff to guide those who are new to lock picking. And of course there are CTF events!  

If you are looking for the best of InfoSec week but want a relaxed atmosphere without a swarm of smelly hackers to fight through, BSides is your go-to conference!

John Skipper


John Skipper — Senior Consultant, Coalfire Labs

Recent Posts

Post Topics