Last updated at Thu, 04 Aug 2022 18:00:00 GMT

The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on.

But like many beloved in-person events, 2020 and 2021 put a major damper on this tradition for the security community, known unofficially as Hacker Summer Camp. Black Hat returned in 2021, but with a much heavier emphasis than previous years on virtual events over in-person offerings, and many of those who would have attended in non-COVID times opted to take in the briefings from their home offices instead of flying out to Vegas.

This year, however, the week of Black Hat is back in action, in a form that feels much more familiar for those who've spent years making the pilgrimage to Vegas each August. That includes a whole lot of Rapid7 team members — it's been a busy few years for our research and product teams alike, and we've got a lot to catch our colleagues up on. Here's a sneak peek of what we have planned from August 9-12 at this all-star lineup of cybersecurity sessions.


The week kicks off on Tuesday, August 9 with BSides, a two-day event running on the 9th and 10th that gives security pros, and those looking to enter the field, a chance to come together and share knowledge. Several Rapid7 presenters will be speaking at BSidesLV, including:

  • Ron Bowes, Lead Security Researcher, who will talk about the surprising overlap between spotting cybersecurity vulnerabilities and writing capture-the-flag (CTF) challenges in his presentation "From Vulnerability to CTF."
  • Jen Ellis, Vice President of Community and Public Affairs, who will cover the ways in which ransomware and major vulnerabilities have impacted the thinking and decisions of government policymakers in her talk "Hot Topics From Policy and the DoJ."

Black Hat

The heart of the week's activities, Black Hat, features the highest concentration of presentations out of the three conferences. Our Research team will be leading the charge for Rapid7's sessions, with appearances from:

  • Curt Barnard, Principal Security Researcher, who will talk about a new way to search for default credentials more easily in his session, "Defaultinator: An Open Source Search Tool for Default Credentials."
  • Spencer McIntyre, Lead Security Researcher, who'll be covering the latest in modern attack emulation in his presentation, "The Metasploit Framework."
  • Jake Baines, Lead Security Researcher, who'll be giving not one but two talks at Black Hat.
    • He'll cover newly discovered vulnerabilities affecting the Cisco ASA and ASA-X firewalls in "Do Not Trust the ASA, Trojans!"
    • Then, he'll discuss how the Rapid7 Emergent Threat Response team manages an ever-changing vulnerability landscape in "Learning From and Anticipating Emergent Threats."
  • Tod Beardsley, Director of Research, who'll be beamed in virtually to tell us how we can improve the coordinated, global vulnerability disclosure (CVD) process in his on-demand presentation, "The Future of Vulnerability Disclosure Processes."

We'll also be hosting a Community Celebration to welcome our friends and colleagues back to Hacker Summer Camp. Come hang out with us, play games, collect badges, and grab a super-exclusive Rapid7 Hacker Summer Camp t-shirt. Head to our Black Hat event page to preregister today!


Rounding out the week, DEF CON offers lots of opportunities for learning and listening as well as hands-on immersion in its series of "Villages." Rapid7 experts will be helping run two of these Villages:

  • The IoT Village, where Principal Security Researcher for IoT Deral Heiland will take attendees through a multistep process for hardware hacking.
  • The Car Hacking Village, where Patrick Kiley, Principal Security Consultant/Research Lead, will teach you about hacking actual vehicles in a safe, controlled environment.

We'll also have no shortage of in-depth talks from our team members, including:

  • Harley Geiger, Public Policy Senior Director, who'll cover how legislative changes impact the way security research is carried out worldwide in his talk, "Hacking Law Is for Hackers: How Recent Changes to CFAA, DMCA, and Other Laws Affect Security Research."
  • Jen Ellis, who'll give two talks at DEF CON:
    • "Moving Regulation Upstream: An Increasing Focus on the Role of Digital Service Providers," where she'll discuss the challenges of drafting effective regulations in an environment where attackers often target smaller organizations that exist below the cybersecurity poverty line.
    • "International Government Action Against Ransomware," a deep dive into policy actions taken by global governments in response to the recent rise in ransomware attacks.
  • Jakes Baines, who'll be giving his talk "Do Not Trust the ASA, Trojans!" on Saturday, August 13, in case you weren't able to catch it earlier in the week at Black Hat.

Whew, that's a lot — time to get your itinerary sorted. Get the full details of what we're up to at Hacker Summer Camp, and sign up for our Community Celebration on Wednesday, August 10, at our Black Hat 2022 event page.

Additional reading:


Get the latest stories, expertise, and news about security today.