BlackHat Middle-East and Africa (MEA in short) is the successor of last year’s unofficial (yet official) BlackHat edition called atHack. Just like atHack, the conference took place in Saudi Arabia’s Ridyadh. I presented five talks on three different topics: a look back on the wipers of 2022, DotDumper, and my own Binary Analysis Course! The latter two topics were presented twice during the conference.
This blog will go into the differences compared with other BlackHat editions, the briefings and the arsenal, the friends I made along the way, and a brief note on the taken COVID measures.
Whereas BlackHat is currently held in four places in the world (Singapore, Las Vegas, Riyadh, and London) using a single formula, there are some regional differences. While these a, based on my observations, generally minor, there were some noticeable differences in the inaugural MEA edition. Before diving into them, I want to preface this by saying that I like both set-ups.
The briefings are generally held in a separate area, where each briefing is held in a different room. The Arsenal is usually set-up in a square within the Business Hall. The lay-out in Riyadh was different, as the briefings are also held within the Business Hall, on a stage with seats for attendees. The walls surrounding the briefing stage were slightly higher than hip height, allowing passing attendees to stop and listen in. The four briefing stages were spread throughout the Business Hall. Additionally, an Executive Summit stage was set-up for executive speakers.
The Arsenal consisted of four booths, which had (contrary to the usual set-up) some seats, and were set-up in a line along one of the pathways. This initially made me wonder if the interactive element of the Arsenal would remain, which was very much the case.
As stated before, I feel like the changes in lay-out and set-up were positive, but I also enjoyed the “traditional” lay-out and set-up. I hope that attendees and speakers share their opinions with the organisers as I did, as this can only improve the conference’s quality for the better.
This edition I met NJ, one of ToolsWatch‘s founders, along with Rachid Harrando, another founder of ToolsWatch. Alas, Faisal, a founding member too, couldn’t make it. We had a great chat about the Arsenal they organise. Additionally, I spoke with Fares Sahnoune and Luke Hallewell from Informa, who helped to organise this edition of BlackHat, and shared with me how life in the Middle-East has been for them so far.
This was my first briefing at BlackHat, and I am happy with the result. The recording will become public sometime in the future, but the Trellix blog I wrote got picked up by DarkReading, who summarised the exact points I wanted to highlight in the blog.
The two Arsenal presentations about DotDumper exceeded my own expectations, both in terms of the audience as well as the insightful questions from people. After my previous presentation at BlackHat USA 2022 where the tool was first unveiled, I received comments over time from people across the world, who stated that they use the tool on a regular basis, and that it’s saving them a lot of time. This is exactly in-line with my intentions, which makes me happy.
My final two Arsenal presentations were about my Binary Analysis Course, which I’ve worked on for the past few years. The step-by-step nature of the course, with a focus on free and open-source software, makes it the perfect start for anyone who wants to learn as they practice.
The quote below was sent to me via chat, a few days after the conference ended. I feel like it requires not further elaboration as to why I am overjoyed.
Hi Max!! I watched a demo of your course at the Black Hat event, and went and started to go through it. Its actually one of the best courses for binary analysis out there. Everything is very comprehensively explained. And it's very fun to follow along. Wanted to deeply thank you for taking out the time to make this course. Simply awesome work. You are a legend! Thanks a lot!
Although the current course’s progress is slow, there is still work being done in the background, and plans are still made for new content.
Much like last year, the hospitality was overwhelming. Together with Lavakumar and Sukesh (who I met at BlackHat Asia 2022), I joined the 971sec dinner at a rooftop bar. As a member of the 971sec group (albeit living in Europe), it was great fun to meet-up with people in-person again. The rooftop bar was, coincidentally, the same as last year. The food was even better than I remembered. Alas, Rami could not make it as he fell ill just prior to the conference.
The morning thereafter, I had the most hilarious breakfast with Mazin and Milad, while I learned more about their work and life in the Middle-East. It was also good to meet Mohammed Aldoub again, who I gave some Kruidnoten, traditional Dutch seasonal cookies. Additionally, I shared Stroopwafels and Gevulde Speculaas with many people I met.
During the conference, I had several conversations with Bramwell, who presented ShellWasp, ranging from malware analysis, to how life was at home. As luck would have it, we were both on the flight back from Riyadh to Amsterdam. Amsterdam was my destination, while it was merely a lay-over for Bramwell, but we had a good time chatting when waiting for the gate and during the flight.
There were many more people I met at the conference, more than I can list in this blog. As such, I’d like to state that I enjoyed meeting everybody, and hopefully until next year! We will stay in touch!
At last, the COVID measures for the event. Masks were allowed at the event, though not necessarily encouraged, nor discouraged either. People kept a respectful distance and there were plenty of hand sanitisation stations. Personally, this was the first event I attended without a mask, as I had contracted COVID just two weeks before this event. Even if I had not recently contracted COVID, I would have felt safe within the venue too.
To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.