Black Hat USA — LLMpedia

Contents

Black Hat USA is an annual technology security conference held in Las Vegas, Nevada, featuring vendor exhibits, technical briefings, and hands-on training aimed at computer security professionals, information technology practitioners, and risk management specialists. Founded in 1997, it has become a major event alongside DEF CON, RSA Conference, and ShmooCon for disclosure of vulnerabilities, tool demonstrations, and public debates involving CERT Coordination Center, National Institute of Standards and Technology, and private sector actors like Microsoft, Google, Apple Inc., and Cisco Systems. Attendance and media coverage often bring together researchers from institutions such as Massachusetts Institute of Technology, Stanford University, Carnegie Mellon University, and companies including Amazon (company), Facebook, CrowdStrike, Palo Alto Networks, and Kaspersky Lab.

History

Black Hat originated in 1997 with founders associated with DEF CON culture and independent security researchers from L0pht and other hacker collectives. Early years saw presentations in venues tied to Las Vegas and collaborations with security consortia such as FIRST and OWASP. Growth in the 2000s paralleled the rise of large vendors like Symantec and McAfee (company), and the conference became a locus for disclosures impacting products from Intel, AMD, Oracle Corporation, and Adobe Systems. Post-2010 expansion included acquisitions and corporate structuring under event organizers related to Informa PLC and closer ties to governments via speakers from U.S. Department of Defense, National Security Agency, Department of Homeland Security, and international bodies like European Union Agency for Cybersecurity. Notable milestones include high-profile disclosures connected to platforms from Google LLC, Apple Inc., Microsoft Corporation, and infrastructure incidents involving Apache HTTP Server and OpenSSL. Over time Black Hat developed relationships with academic venues such as University of California, Berkeley and University of Cambridge through speaker affiliations.

The event combines vendor exhibitions with a formal program of briefings and panels, organized into tracks similar to those at RSA Conference (United States), CanSecWest, and BSides. Major components include keynote sessions featuring leaders from MITRE Corporation, GCHQ, Europol, and executives from IBM, Accenture, Deloitte, and Ernst & Young (EY). The exhibit hall hosts booths from security vendors such as Trend Micro, FireEye, Fortinet, and Check Point Software Technologies alongside startups supported by Y Combinator and accelerators like Techstars. Panels often feature participants from Electronic Frontier Foundation, ACLU, Center for Internet Security, and think tanks like RAND Corporation and Brookings Institution. The conference schedule is coordinated with adjacent events including DEF CON and regional editions such as Black Hat Europe and Black Hat Asia, creating a circuit that draws attendees from RSA Conference (APJ) and Cybertech.

Black Hat offers vendor-neutral and vendor-specific trainings delivered by instructors from SANS Institute, NCC Group, Mandiant, and independent researchers tied to Google Project Zero and university labs such as CMU CERT. Course topics span exploit development for platforms from Windows NT, Linux kernel, and Android (operating system) to defensive practices using frameworks like MITRE ATT&CK and standards from NIST. Hands-on labs simulate incidents resembling historical cases like Stuxnet analysis and exploit chains similar to disclosures involving Heartbleed and Spectre and Meltdown. Briefings present peer-reviewed work by authors affiliated with Princeton University, Harvard University, ETH Zurich, and corporate research groups at Intel Corporation and Qualcomm.

Black Hat has been the venue for contentious disclosures and debates involving entities such as NSA, CIA, and private vendors. Controversial episodes include disclosure coordination disputes reminiscent of cases with CVE assignments and vendor responses from Microsoft, Apple Inc., and Oracle Corporation. The conference has faced criticism related to dual-use research similar to controversies around Stuxnet and Vault 7, and policy debates involving Wassenaar Arrangement export controls, with input from advocacy groups like Electronic Frontier Foundation and Center for Democracy & Technology. Security incidents at or near the event have drawn attention from Las Vegas Metropolitan Police Department and Federal Bureau of Investigation, while debates about researcher vetting have involved ethics boards at University of Oxford and University of Cambridge.

Black Hat has influenced vulnerability disclosure norms, shaping coordination among vendors such as Microsoft Corporation, Google LLC, Apple Inc., and infrastructure projects like OpenSSL and Linux Foundation initiatives. The conference fosters recruitment pipelines connecting attendees to companies including CrowdStrike, Palo Alto Networks, FireEye, Cisco Systems, and consulting firms like Accenture and Deloitte. Research presented at Black Hat has fed into standards and mitigations advocated by NIST, MITRE Corporation, and ISO/IEC. It also affects public policy through interactions with lawmakers in United States Congress, regulatory agencies such as Federal Communications Commission, and international bodies like European Commission and United Nations Office on Drugs and Crime. The event's ecosystem supports startups, venture firms like Sequoia Capital and Andreessen Horowitz, and accelerates tool adoption among enterprises including JPMorgan Chase, Bank of America, Walmart, and Amazon (company).

Category:Computer security conferences