Tales from the Black Hat NOC: Attendee Attacks, Loud and Proud

We are approaching the end of Black Hat‘s training days. It’s an interesting time when the expo floor still sits quiet, but the Black Hat network is as noisy as ever – as seen by the RSA volunteers working inside the Black Hat NOC.

The majority of this noise is being generated by teachers and students, demonstrating or practicing techniques, both new and old. This, however, doesn’t do anything to prevent the RSA Netwitness Suite from lighting up like a Christmas tree.

So, what sort of “gifts” did the Black Hat attendees put in front of that tree this year?  Here’s just a small sample from yesterday’s “noisiest” traffic to give you an idea…

I <3 Grifter Incident:

• My favorite investigation from yesterday. 1.23 GB of content transferred in just a few minutes will make you think twice about overlooking that ICMP traffic.

It’s not the first incident that’s made us smile in the Black Hat NOC – after meeting attendees over the past few days, I’m confident it will not be the last.

Scantastic Incidents:

• Scanning alerts have blown up in the Black Hat NOC alert queues. Both inbound and outbound, it seems that everyone is just wanting to reach out and touch each other. Who knew there would be so much love?

I hope you’ve enjoyed the glimpse into the incident queue. Fortunately, it’s time for me to head over for my next shift – I’m sure they will have all sorts of new goodies for me today. I look forward to sharing them with you again soon. Until next time,

Your RSA Black Hat NOC Team

The post Tales from the Black Hat NOC: Attendee Attacks, Loud and Proud appeared first on Speaking of Security - The RSA Blog and Podcast.