Heading to Blackhat: two aspirin and a glass of water coverage

It sure is a good thing that Blackhat and DEFCON are in Vegas. I'm not sure I could deal with security geeks, hax0rs, and script kiddies for a week straight anywhere else.

Here's a few tips on attending both conferences:

• There's parties going on every night - mostly vendors and some organizations. Ask around at booths and ask early - the parties usually fill up fast. I'll be hitting up at least the OWASP/WASC party.
• The double-edged sword of DEFCON: Often, talks that are occuring at Blackhat are also occurring at DEFCON. The relaxed atmosphere of DEFCON usually makes them much more entertaining, but becareful: rooms fill up really fast at DEFCON.
• Don't forget, Blackhat Briefings pass get's you into to DEFCON for free [as in beer]
• Trust nothing/no one: I know this should go without saying, but there's a Wall of Sheep for a reason. Keep your Wifi radios computers on at your own risk
  

As far as briefings, I usually have a few that I want to attend, and then bounce around from room to room looking for something interesting. Sometimes a talk is nothing like you expected it to be based on the description, and sometimes the rooms are just packed - have alternatives.

I'll probably spend my time in AppSec mostly, but here are a few I've got earmarked:

• Xploiting Google Gadgets: Gmalware and Beyond - Tom Stracener, Robert Hansen
• Encoded, Layered and Transcoded Syntax Attacks: Threading the Needle Past Web Application Security - Arian Evans
• Threats to the 2008 Presidential Election (and more) - Oliver Friedrichs
• Concurrency Attacks in Web Applications - Scott Stender, Alexander Vidergar
• Get Rich or Die Trying - Making Money on the Web, the Black Hat Way - Jeremiah Grossman, Arian Evans