Technology Blog

Inside BlackHat 2014 – Mid-show report


BH2014.pngIt’s August and things are heating up – well at least they were supposed to heat up but due to a rare August rainfall, things were actually kinda cool. And speaking of cool, we’re back in Vegas baby for BlackHat 2014. Some interesting changes for this year’s show – most notably after a two year absence Aruba was back once again providing secure Wi-Fi coverage for all show attendees. Another noticeable change was the venue; this year BlackHat moved to Mandalay Bay which means much more walking for all attendees.


And speaking of more, this year we brought a full arsenal of AP 225 802.11ac APs (over 120 of them), 7200 series controllers with AppRF technology, S-Series switches, AirWStaging2.pngave and ClearPass. We connected it over a full gig pipe courtesy of the Mandalay Convention center to give users the most bandwidth ever at BlackHat. To ensure deployment aesthetics met with our new venue, our deployment team engineered a fashionable mount for the APs. With everything in place, we were ready for the masses to connect.


Initially, the training sessions were pretty quiet; only about 600 or so users on the Wi-Fi network and nothing out of the ordinary as far as attacks. Interestingly, the majority of connected devices were OS X / MAC devices with a lot of encrypted traffic (HTTPS / IPSEC / SSL). Also, again this year like in previous years we offered a general PSK protected network and a more secure network using EAP-TLS and certificates.


During the training we had a good mix of attendees on both the PSK and secure network but were getting questions about our certs. Users were concerned we were getting too involved with their devices. Thanks to Edward Snowden, no one wanted to take a chance of big brother gathering information about their sessions and tracking them, so we opted instead for a PEAP-based protected network, letting ClearPass auto-generate random passwords instead of issuing certs.


With all the tweaking out of the way, we were ready for the first full day of briefings, sessions and workshops. Let’s see what’s happening . . .

  • We peaked today at 1,000 users
  • User split looked like this: 63% on the PSK network and 37% on the PEAP network
  • Fastest client performance seen today: 545 MbpsIMG_0547.PNG
  • Most popular devices/OS’s: OS X, iPhone, Android (plethora of device manufacturers)
  • Facebook & Twitter showing up as top social media destinations
  • Top attacks detected: Block ACK Attack, Valid Client Misassociation attack, Unencrypted Data Frame, and Power Save DoS attacks
  • Rogue and interfering devices/networks: 603
  • Best or most common interfering SSIDs/Networks:

  1. BlackHat XX (insert a number)
  2. FreeHugs
  3. Chupacabra
  4. AllYourWirelessBelongToMe4G
  5. HoneyBadger
  6. iwillhackyou
  7. comeBackWithaWarrant
  8. And a past favorite – PrettyFlyForWiFi

All in all, we’ve had a pretty productive day. Good traffic in the NOC and great conversations among those who wanted to know more. We’ll have a full show report with even more stats after shows end, so stay tuned . . .

Tags (2)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.