| 5 min read
Hello, con-goers! Are you contemplating which hacking conference to attend in the near future? We would like to share our ranking of the top 10 international conferences in offensive security.
10 - RSA Conference (since 1991)
RSAC is one of the most prestigious and massive events when it comes to IT security. The conference offers concurrent training sessions, keynotes, seminars and expos for about five days. And it gathers around 45,000 con-goers yearly in its several hosting locations around the world. We were fortunate enough to exhibit there last month. With so much going on, offensive security is not precisely in the spotlight. RSAC is more of a place where people learn about enhancing their cybersecurity posture in general. That being said, though, this event offers some "Sandboxes" (similar to what others call "villages") where there are presentations and live demos, and you can experience some hands-on learning, all of this focused on offensive security.
9 - Security BSides (since 2009)
Security BSides presents itself as the first grassroots, DIY, open security conference in the world. It offers a framework of tools for hackers and, as they say, any other group of organized individuals to host their own local event, which they call "Unconference Events." Although structured, these events are comparatively more laid back than the other ones in this top 10 list. For example, you may organize a session for the event (even come up with it the very same day) and schedule it for any available time. Or you may just show up and participate in the sessions.
But Security BSides also hosts larger, geographically and chronologically separated "Core Events." Up to 1,600 people attend these. Besides, all BSides events are traditionally gratis for all attendees, which makes them very appealing.
8 - Ekoparty (since 2001)
Targeting the Latin American information security community predominantly, Ekoparty is held every year in Buenos Aires. It is the largest conference for hackers in Latin America, offering a space for about 3,000 people to attend technical talks, workshops and challenges over the span of five days. Malware analysis, reverse engineering, pentesting, exploit writing, and static and dynamic analysis are among the many topics discussed and learned hands-on at this hacker conference. Ekoparty also hosts intensive training courses in the two to four days leading up to the main events. And in case you were wondering: Talks in Spanish are simultaneously translated into English, so don't fear that you won't understand a thing.
7 - ShmooCon (since 2005)
ShmooCon is an annual hacker convention that takes place in Washington, D.C. It is three days long: The first day is a single track of speed talks, whose topics range from not too technical information security issues (e.g., analyses of cyber incidents) to vulnerabilities in popular consumer devices, and advanced tools, techniques and procedures. The next two days, ShmooCon offers events in three tracks. Among these are many attractive activities, like quizzes parodying game shows and contests rewarding presentation skills and even artistic creativity. To give you an idea of the popularity of ShmooCon, last year, the 1,425 tickets offered to the general public sold out in 32.18 seconds.
6 - CanSecWest (since 2000)
CanSecWest is an advanced information security conference held in Vancouver and online. It features technical presentations in the course of three days. The days before, during and after the presentations, it offers training courses called "Dojos." These sessions focus on advanced penetration testing, exploitation and programming, among other skills. Every year, it attracts between 400 and 500 attendees. Remarkably, CanSecWest has been the context in which the Pwn2Own hacking contest is held. In it, contestants are challenged to exploit zero-day vulnerabilities in widely used software and mobile devices.
5 - TyphoonCon (since 2018)
TyphoonCon is an annual hacker conference held in Seoul that focuses on highly technical offensive security issues. It offers a space of two days for researchers to share their work with about 150 other attendees. Some of the topics addressed at the conference are vulnerability discovery, advanced exploitation techniques and reverse engineering. It also offers focused training sessions over the span of three days. If you can't see TyphoonCon's website, use a VPN to switch your location to the Asia region.
4 - Black Hat (since 1997)
Black Hat is a widely known cybersecurity event series that exposes the information security community with the latest research and tools. It is held in different parts of the world. A haven for offensive security, Black Hat offers technical hands-on courses on topics like penetration testing and vulnerability exploitation. It also offers presentations where attendees can get an update on vulnerabilities in widely used devices and bigger issues, like the latest threats to critical international infrastructure. Over 20,000 people attend Black Hat each year.
By the way, we'll give a demonstration of Makes, our open-source framework for building CI/CD pipelines and application environments, on August 10 and 11 at the Arsenal tool demos during Black Hat USA.
3 - DEF CON (since 1993)
DEF CON is one of the oldest and largest hacking conventions. Between 25,000 and 28,000 people attended in recent years. It is held annually in Las Vegas and offers talks where innovative tools may be introduced. DEF CON encourages the engagement of attendees by allowing anyone to host their own event within the conference. Apart from the talks, the conference also offers lots of activities, like several contests, demo labs, parties, gatherings, workshops (4-hour classes during DEF CON) and paid training sessions (for two days after the con).
2 - REcon (since 2005)
REcon is a computer security conference held annually in Montreal. It welcomes more than 34,000 attendees and 1,000 exhibitors. REcon's focus is on reverse engineering and advanced exploitation techniques. Training sessions are held for two to four days before the beginning of a single track of talks over the span of three days. Talk topics include hardware, software and protocol reverse engineering, finding vulnerabilities and writing exploits, novel data visualization for hackers and reverse engineers, bypassing security and software protections, attacks on cryptography in hardware and software, techniques for any of the above on new or interesting architectures, and wireless hacking.
1 - OffensiveCon (since 2018)
OffensiveCon is an international security conference held in Berlin featuring highly technical content focusing exclusively on offensive security. This year the turnout was about 1,200 attendees. This is the go-to hacker conference if you are interested in high-quality, deep technical talks. The topics discussed in the talks are vulnerability discovery, advanced exploitation techniques, cryptographic attacks and reverse engineering, among others. Days before the conference, you can attend technical training sessions. Then, the OffensiveCon has a single track of talks for two full days.
And that's our top 10 selection of hacking events. Of course, you can go to whichever conference best suits your skills and needs. We just hope that you find our selection useful!
If you want to receive our next blog posts, don't hesitate to subscribe to our weekly newsletter.
Recommended blog posts
You might be interested in the following related posts.
Introduction to cybersecurity in the aviation sector
Why measure cybersecurity risk with our CVSSF metric?
Our new testing architecture for software development
Protecting your PoS systems from cyber threats
Top seven successful cyberattacks against this industry
Challenges, threats, and best practices for retailers
Be more secure by increasing trust in your software