Tucked away from the glamour of the vendor booths giving away t-shirts and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.
The Arsenal is the brainchild of NJ Ouchn, a well-known security expert and creator of ToolsWatch. His unrelenting passion for using freely-available tools during penetration testing engagements has evolved into what is really a conference within a conference and, for some, the main reason for coming to Las Vegas.
This year's Arsenal, which NJ managed with the help of Rachid Harrando, the CEO of NETpeas, hosted the authors of 54 tools coming from countries all over the world. To make things even more interesting, some of the tools were unveiled at the Arsenal and attendees had the opportunity to engage the developers immediately. There was something for everyone: from attacking VoIP, forensics to mobile hacking and beyond.
All the presenters I've talked to have nothing but praise for both NJ and the Arsenal. Dan Cornell, CTO at the Denim Group, told me that this is something he looks forward to every year because it is a great way to get his work in front of a critical audience of security experts.
"I've always been impressed with how well-run the event is – both with support from NJ as well as the Black Hat conference organizers. I enjoy the questions the most because they give us a great window into both new features we need to build as well as how we need to communicate about ThreadFix's current capabilities," Cornell said.
Georgia Weidman, CEO at Bulb Security, believes her Smartphone Pentest Framework wouldn’t have gotten any notice at all had it not been for the Arsenal. "Open source security tools are the backbone of security research these days, so having a place for them is a great service to the attendees of Black Hat as well as the writers of the tools," she said.
Bahtiyar Bircan, a security consultant and author of the Heybe Penetration Testing Automation Kit, said that the interaction with security practitioners at the Arsenal gave him new ideas and he encourages everyone to participate.
The Arsenal is essentially a breeding ground for cooperation and fresh ideas lacking corporate gimmicks. What routinely happens after the conference is that projects start to work together and integrate with each other, increasing their value exponentially, ultimatively increasing not only the value of the tools, but also elevating the profile of the developer. I've heard that a developer presenting this year was offered a full-time job right then and there.
Next time you're at Black Hat, make time for the Arsenal. It was the highlight of my week and I'm sure it will inspire you as well.
Photos are a courtesy of Black Hat.