July is our favourite time of year, when thousands descend into Las Vegas for Blackhat/Defcon, or more commonly referred to as ‘Hacker Summer Camp’. This year, our camp councillors have been working hard to bring you all our latest creations.

BlackHat Training

We’re running our usual training at BlackHat, and as usual have been working hard to build new courses and update others. Here’s a list:

• BLACK OPS HACKING FOR PENTESTERS – MASTER LEVEL
• PENTESTING ENTERPRISE INFRASTRUCTURE – JOURNEYMAN LEVEL
• SECDEVOPS: INJECTING SECURITY INTO DEVOPS (NEW)
• TACTICS, TECHNIQUES AND PROCEDURES FOR HACKERS

We’re pretty excited about the new SecDevOps course, which reflects what we’ve learned about transitioning old-style project pentesting into an agile world.

BlackHat Arsenal

If you know us, you’ll know building open source hacking tools is what we do. Thanks to the ToolsWatch crew, two of those tools (both by Chris le Roy) will be demo’d with major updates at Arsenal:

• KWETZA
• RATTLER

Defcon 25 Talk

We’re happy to be back speaking at Defcon this year on the work Saif has done on his memory corruption via GDI objects techniques. He’ll be discussing his MS16-098 Win8.1 x64 priv esc exploit using Bitmaps GDI object exploit primitive. As well as releasing a new exploit for Win7, using a newly discovered GDI object abuse technique . The talk will be a how-to for exploitation with GDI objects.

Defcon Demo Labs

Grifter has been working hard on Demo Labs, and we submitted two tools in support. Both have been under active development and will have some surprises for their DC 25 release.

• Ruler
• Universal Serial aBUSe

CFP Review

Finally, it was an absolute honour for both Daniel and myself to be on the BlackHat and Defcon CFP review boards respectively. It was humbling to see how much hard work and great ideas went into the talks, and organising these cons. Huge respect to the various crews.