White Ops Threat Intel at DEFCON 27

Members of the White Ops Threat Intelligence Team recently attended DEFCON 27, one of the highest profile cybersecurity conferences in the year. It’s an opportunity for the world’s hackers to come together and learn about the latest threats, prove their skill sets to their fellow hackers, and generally scare the pants off of the rest of the world with how much damage can be done in a very short period of time.

Below are the reports and musings from the Threat Intel team members who attended DEFCON 27:


The Taco Bell Cantina was the talk of the town. With a lavish interior and superior POS self-serve options it made my day much like the Olive Garden lifetime pasta pass card that might bless my wallet Thursday... but that's another story.

The Threat Intel team’s fearless leader and I received five-star treatment at a private third story cabana while attending the co-sponsored Intel471/Quoscient party on Friday. My most notable find there was Dan Young, a co-founder of Quoscient, who amazed me by identifying the same zero-day software weakness in a rather sensitive software. While there, I also got to bump fists with Mark Arena, the founder of Intel471, and found that he is just as down to earth as I am.

The piece I submitted to the Museum of Modern Malware got noticed. More than once, I was told it was the best thing seen at DEFCON this year. A photo of my piece can be found on @mikko’s twitter account. The piece was composed of showing 650k exposed database indices online. I even permitted some attendees to grace their fingers upon the terminal and search the archive of open and exposed databases that I had archived.

Unfortunately my travel to DEFCON was cut short this year due to a prior engagement on Sunday. I had to leave Saturday morning. Fearless Leader and I offered help to broken down cars, handed out some delicious jalapeno popcorn and breadsticks from a local baker who happened to be our Uber driver. We met with many old friends such as elkentaro, theviking, and Marcelle Lee. Both of us got to assist Marcelle Lee with a workshop called "CTF4NOOBS" at the Diana Initiative. Good fun was had by all.


A big highlight this year for me was the Museum of Modern Malware. White Ops collaborated on an awesome exhibit with a global roster of artists. The reception was excellent! One of my favorite moments was providing a guided tour to analysts who have personally analyzed some of the malware we were exhibiting. The exhibit also had a lot of attention from those wondering what White Ops is, and the exhibition was an excellent display of our mission to fight malware-distributing botnets.


In addition to the cool things others might have mentioned, I took a look at biohacking, which was new to me. I managed to look into some of the medical machines on display there and found a vulnerability in a diabetes insulin pump, which made me wonder if I could build a better device in the future. With some of my friends, we have built a fully-functional badge from start to finish, and I also took part in the capture the flag competition that takes place at each DEFCON.

During the event, I ran a small guerrilla workshop on malware analysis, looking at actual examples instead of sticking solely to the theory. It felt like a small concentrated session on dynamic analysis, decompiling, code analysis and modifications. Easily one of my favorite parts of the trip.

Also I have to shout out the Museum of Modern Malware, where I presented my technical installation of the Emotet malware in its captivating polymorphous shapeshifting moment. The concept of the museum was well received from the folks I spoke to (undercover). There was immense interest in doing it bigger next year.


It was a pleasure to attend DEFCON 27. It is always an amazing experience seeing how many people are interested in the hacker world. I was able to meet face to face with my friends in one place whom I normally would only interact with online. Other than the normal hangouts, I claimed six badges for my #badgelife, gotta catch ‘em all. It is a toss up between my two favorites, either Da’ Bomb or DC Darknet.

I was able to attend the Museum of Modern Malware #MoMal. Definitely an amazing experience. The artists that made some of the pieces were brilliant. Everyone that saw it mentioned to me how much they enjoyed it. I really hope more people are able to see the exhibit. Big shout out to EddieTheYeti for his piece on 3ve.

One of my favorite things asked about from people who have no clue what defcon is, let alone what hacking actually means, is are you afraid you will be hacked at defcon!? I laugh because I think I feel safer at defcon than in the real world. My reasoning is because the people there are doing the same things in the real world, you just don’t know it. At defcon, they at least will tell you if your security sucks and respect your privacy. In the real world, that is where you feel safest but you actually are not. Complacency is bad. Hack the Planet.