Didier Stevens

Monday 27 April 2009

Quickpost: Black Hat Europe 2009

Filed under: Hacking,Quickpost — Didier Stevens @ 5:46

Black Hat Europe 2009 is over for more than a week now, and my laptop has undergone yet another lobotomy.

My training by Saumil Shah was excellent! Highly recommended if you want to learn exploit development without reversing.

I didn’t attend a lot of briefings, the subjects were less interesting to me than past years. But I did a lot of networking, I met many interesting people. I had lunch with Moxie Marlinspike, the author of SSLStrip. He has interesting viewpoints: did you know he started to develop SSLStrip in 2002? It’s only because he was done experimenting with it that he decided to disclose! And we share a common interest in CRASS.

Thanks to everybody I met at BH, the networking was excellent! I estimate I distributed 50 of my PDF stickers 😉 . You gave me a lot of ideas that will require even more time to develop. Like past years, I got a new stego idea but this time, I’m reserving it for Brucon‘s hacker challenge. You’ll have to wait for October for the disclosure.

This was the last Black Hat Europe in Amsterdam, next edition will be in Barcelona (Ero’s town). Did you know that regular security bloggers can get press access?

This year was also the first time I had a 2D-barcode on my badge:


The above picture doesn’t actually show my real barcode, but one I made for this post. My real barcode contains my business coordinates. A hint if you want to find out what’s on this one: it’s a PDF417 barcode (this PDF stands for Portable Data File, not Portable Document Format).


  1. Great to meet you at Blackhat. Looking forward to BruCON

    Comment by ChrisJohnRiley — Monday 27 April 2009 @ 7:23

  2. Hi Chris, it was nice meeting you too. And thanks to Twitter I could meet many people like you IRL.

    Comment by Didier Stevens — Monday 27 April 2009 @ 8:21

  3. too many PDFs these days and each one of them is scary to some extent, barring adobe. (They are just in halloween mood)

    Comment by N — Monday 27 April 2009 @ 9:21

  4. I like the encoded text!

    Comment by Nick — Monday 27 April 2009 @ 11:26

  5. SQL injection or shell code, that is the question!http://DidierStevens.com @ Black Hat Europe 2009

    Comment by Bryan — Tuesday 28 April 2009 @ 17:45

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.