Well, here I am again. I’ve been coming to BlackHat/Defcon for over a decade now. And this is my 4th year teaching a class I call “Application Security: For Hackers and Developers”. In my class we cover source code auditing, fuzzing, reverse engineering, and exploit development.
These skills are needed by hackers so that they can find and exploit bugs. But I believe that developers should also have at least one course in their career on these subjects– even if they won’t be doing much of the four activities on a daily basis. Why? Because once you see how offensive researchers dig into your C/C++, find bugs, and use a debugger and some python to twiddle bits and inject a payload – it brings a whole new appreciation to why things like size checks in front of mallocs are not just boring, but important for safe code.
Anyhow, as I was picking up my badge today on the 4th floor of Caesars, I bumped into some other trainers. Folks like Moxie, Dave K., Andrew L., Michael E., and more. Whenever I look at the BlackHat course listing, I want to take them all! Most on the list are top notch – well worth the time and money.
As for me, each year I’ve enjoyed teaching. It’s a lot of work putting together a class worthy of BlackHat. But it’s fun to meet the brilliant students that make the Vegas sojourn. I get to watch them become excited about the subjects, always learn something myself, and make great personal contacts. In terms of boarder industry impact, training is just part of the overall puzzle. But it is an important component not to be underestimated.