OK, so we didn't exactly *Hack* the Blackhat conferences, but we did have some fun.
Apologies to DT in advance for crashing BH, but as you'll see we were just curious and no harm was done
Panthera, Deviant and Myself went over to Ceasars Palace on Thursday to look around at Blackhat. In past years they only checked badges for the talks, but the vendors area was available to anyone walking by.
We walked through the endless maze that is Ceasars Palace, and found our way to Ceasars Pavilion (the convention rooms). Blackhat is on the 3rd floor, accessible from the hotel via escalator to the 2nd floor, a straight, short walk, then another escalator to the vendor area with the conference talks in rooms along the right side. We were just interested in the vendor area.
We walked up and hopped on the first escalator, busy chatting among ourselves, only to notice security guards checking badges at the bottom of the escalator to the 3rd floor. All of us kept walking and chatting in the hopes of just walking past the guards like we were supposed to be there. That didn't work. The geriatric security guard stopped us and asked where our badges were. We told him we just wanted to check out the vendor area. He got all snotty and said 'no one without badges is permitted', which is fair, but we wanted to go see what was for sale and spend money, something that I'm sure the vendors would love to have us do. I'm not going to spend $1500 US for the honor of spending money at BH. Last time I checked that only worked in Nigeria.
Undeterred we moved to the side where we ran into an acquaintance of mine, Desiree. The 3 of us chatted to her about trying to get into BH and she informed us that the hotel rental cops had been real hard asses about making sure everyone had badges. She told us that yesterday one of the organizers, who didn't have a badge yet, was trying to get up to the con and they wouldn't let him by. One of the heads of BH came up (may have been Jeff Moss, I don't remember) showed his badge that said 'President, Blackhat Security', and told them to let the other guy up. They still refused until management was threatened to be called. All for a trade show?.
After chatting with Des for a while she went up (she had a badge) and we moved of. We ran into Dataworm, a fellow Canadian whom I'd met a couple days earlier. We chatted with him around the corner from the escalator, where he informed us of what we had already spotted and were trying to make our way too. The Elevator bank :) When we were out of sight of the guards we went for the elevators. We figured that if there was a guard, the worst they could do is deny us entry. We hopped onto the elevator and hit the button for the 3rd floor. *Ding*, doors opened, no guard. walk out of the elevator alcove, no guards. We found and exploited a vulnerability.
We checked out the vendors, saw some great deals on books, but knew I could get them cheaper at home. I chatted with the Symantec rep and told him about my trick of paying for Norton.com and how they had sent me the Velociraptor firewall, but without any instruction. I told him of my desire to be able to admin the thing and loan it to charity. He asked for my card and said he could see what he would do. (He came through BTW, with PDF's of the study guides for the $3000US course on how to run the thing. A very cool guy)
We poked around a bit more and ended up running in Kevin Mitnick. I'd met him before at Comdex last year so alot of the wonder of meeting him had worn off. He was just another guy in the security world now. Deviant got a picture with him while I looked at books, then I remembered that Deviant and I were looking for a team mate for Hacker Jeopardy. I asked Kevin if he was going to DC and if he had a team for Hacker Jeopardy. The reason I asked was 2 fold. First off I remember when Kevin Pulson got out of prison and came to DC, he had gotten on a Hacker Jeopardy team and it was quite nice to see him re-enter the community. I really wanted to see Kevin up there, so I decided to facilitate this by asking him. The 2nd reason was purely selfish. I wanted to win, and you might as well bring in someone who is likely to be the subject of some of the questions.
Kevin and I traded cards and he said he'd think about it since Winn Scwartau had asked him to be in the game in some capacity (I was hoping he didn't mean vinyl vanna :( )
Deviant was getting hungry and we'd seen everything we wanted to, so we decided to hit the food court. However, this time we made a conscious decision to take the escalator down. It was so funny to see the look on the guards face as we came down and waved to him. I wouldn't be surprised if he never figured out how we got up there
After lunch we decided to go back and do one last thing. We took the elevator again and still no guard. We had our photo taken by the 'Intrusion Detection' speech track sign. It just seemed appropriate.
We then went down the escalator and confused the security guard even more.
It was a fun little adventure for us. We got to see what we wanted to see, had a bit of fun finding a back way in. Only afterwards did we realize that they were only checking badges at the bottom of the escalator. We could have walked into any of the talks un-scathed! Not that we wanted to, but it was funny to note