Huge crowds and hundreds of exhibitors flocked to Las Vegas for Black Hat USA from Aug. 5 to 10, with ExtraHop having a major presence at the event.
While Black Hat hasn’t yet released the number of attendees, the crowds were large, echoing the record attendance of Black Hat Asia in May. A lot of attendees wore black, of course, some wore cowboy hats, and there was even a guy wearing a kilt. (There’s always someone.)
Into the Black Box
ExtraHop brought a new version of its Black Box experience to Black Hat, building on the success of its Black Box presence at RSA Conference in April. In the giant cube, attendees engaged in an immersive experience representing the activities happening on their organizations’ networks. ExtraHop also hosted a “Magic Mixer” at the booth, featuring magician and mentalist John Rotellini.
Up to the Challenge
In keeping with the Black Box theme, ExtraHop offered attendees a 15-minute threat hunting challenge based on data from real attacks. Attendees had to stop a Kerberos golden ticket attack by leveraging the powerful combination of ExtraHop Reveal(x) and CrowdStrike Falcon®. Attendees completing tasks in the challenge earned points toward winning an Xbox Series X.
Heading Off Ch@os
ExtraHop Chief Risk, Security, and Information Security Officer Mark Bowling, in a presentation called “The Law vs. Ch@os,” talked about the 2000-2002 investigation that led to the 2002 arrest of Joseph Konopka, aka Dr. Ch@os. At the time, Bowling was an FBI agent, while Konopka, a systems administrator in Wisconsin, led a group of young men calling themselves the Realm of Ch@os.
Konopka used video games and music he pirated to lure young men into the group, Bowling said, and after long evening gaming sessions, the group would go out, burn dumpsters and knock out power to electric substations in northeast Wisconsin. The group was also responsible for other vandalism as well as attacks on Internet service providers.
Through a series of seemingly unrelated pieces of intelligence, Bowling learned about Konopka and the Realm of Ch@os. Bowling interrogated Konopka, received a full confession, and was building a criminal case against him when the suspect fled Wisconsin. Konopka was arrested in 2002 for trespassing in a steam tunnel under the University of Illinois at Chicago. He was storing the ingredients for making cyanide gas in a closet in a tunnel under Chicago, and he was the first U.S. citizen charged under the counterterrorism Patriot Act, passed after the 9/11 attacks. He served 16 years in prison.
More than 20 years later, Bowling still wonders why Konopka ran away after their original encounters in Wisconsin. Bowling had considered recommending a light sentence in exchange for Konopka assisting the FBI in its fight against computer hacking, but his possession of cyanide materials added new charges against him.
“He was one of the three or four most intelligent and capable people I had ever interviewed,” Bowling told the Black Hat attendees. “I would hire him today, if I thought I could trust him.”
Lightning Strikes
ExtraHop hosted more than two dozen lightning talks at its booth, featuring technology partner CrowdStrike and topics such as zero trust in the enterprise, threat hunting in network traffic, and generative AI cybersecurity threats.
In addition to CrowdStrike, guest speakers included experts from AWS, Exabeam, Gigamon, Cisco, Cribl, ServiceNow, and Mandiant. Below, Ted Pan, senior technical marketing manager at CrowdStrike, speaks about unifying endpoint and network detection for extended detection and response (XDR) capabilities.
If you missed ExtraHop at Black Hat, check out or demo. ExtraHop will also be back in Las Vegas Sept. 18 to 21 for Fal.con, a big conference from CrowdStrike.