Decisions and Revisions - The Ever Evolving Face of the Black Hat NOC

Conference:  BlackHat EU 2018



The presentation discusses incidents and challenges faced by security practitioners in protecting networks and provides insights on tools and strategies to improve network security.
  • The speaker discusses incidents where they had to protect the network from attacks and users from themselves
  • The presentation highlights the importance of encrypting traffic and not trusting other companies to protect your network
  • The speaker also discusses the challenges of using certain tools like BigFix and the need for security practitioners to be diligent in protecting their networks
  • The presentation also mentions the use of tools like Eka to improve network security and the importance of automation and visualization in making the job easier
The speaker shares an anecdote about walking into a classroom and telling users to stop doing something that could potentially harm the network. They also mention the use of Cookie Monster to identify rooms with issues. The speaker also shares an incident where they discovered a web shell with 600 commands connecting and receiving back and forth to a WordPress site on the open Internet.


This session is your chance to get up close and personal with the Black Hat NOC. We'll walk you through the process of deciding what equipment and services we deploy on the Black Hat network, and our reasoning around those decisions. We'll also discuss the changes we make when deploying and securing a network in the U.S., Europe, and Asia, and will share some of the behavioral differences we see in the attendees of those shows, both good and bad. And of course, there will be stories and stats! We'll provide a full debrief of the activity we experienced this year, what has changed since past shows, and what that means for our industry as whole.