Unified Gathering of Adversaries at Black Hat's Network Operations Center, Pursuing a Collective Agenda

Unified Gathering of Adversaries at Black Hat's Network Operations Center, Pursuing a Collective Agenda

Building a Fortress of Cybersecurity: Inside the Black Hat Network Operations Center

The Black Hat Network Operations Center (NOC) is a critical hub at the annual Black Hat security conference in Las Vegas, responsible for maintaining the security of one of the most challenging networks in the world. This year, the NOC, located in an unremarkable meeting room inside the Mandalay Bay hotel, is manned by a dedicated team of professionals, including Black Hat Neil "Grifter" Wyler, who has been part of the NOC for nearly 20 years.

The NOC's primary role is to ensure a secure yet permissive environment for offensive security training and research. To achieve this, the NOC team works closely with vendors, instructors, security teams, and law enforcement, coordinating complex offensive security activities while maintaining network stability and security.

Daily intelligence-sharing calls with security teams across the Las Vegas Strip, including major casinos and local police, help the NOC stay informed about ongoing threats, incidents, and attack patterns that may affect the conference network and the wider local environment.

The NOC's constant monitoring for malicious activity is aided by advanced technologies such as Network Detection and Response (NDR) systems enhanced by AI and machine learning, which accelerate alert triage and threat detection. The NOC also serves as a live testing ground for emerging cybersecurity technologies and tools, with major vendors deploying cutting-edge solutions to handle sophisticated threats during the event.

Vendors often volunteer their own staff to help out in the NOC, and organizers pick the best tools for the job through testing days. The NOC crew also writes their own code, which they find to be a fulfilling part of the job. Many vendors are keen to get on board with the NOC and show off their products during testing days, and in some cases, they fix problems identified at the show.

The NOC network visualization screen, developed using vibe coding tools and data from past Black Hat events from around the world, provides a real-time view of the conference network's activity. The NOC volunteers, who work in five or six-hour shifts, also use their own code to develop new tools, such as the network visualization screen.

Grifter stated that the NOC allows for immediate response to any potential network or security issues. The NOC crew puts a lot of work into developing their own tools, and in some cases, they have had to intervene when an attendee was in physical danger, as personal documents were being transmitted across the network in the clear.

The NOC was built in just three days and was streamed on Twitch for people to watch and send questions. Volunteers have an ensuite napping area to rest between their shifts, ensuring they stay alert and focused throughout the conference.

It is important to note that vendors cannot buy their way into the NOC, and selection criteria are strict. The NOC is entirely separate from the hotel's own NOC due to the large demands and security concerns of the conference.

In summary, the Black Hat NOC is a critical operation that facilitates a highly secure yet permissive environment for offensive security training and research, while simultaneously protecting the network and coordinating threat intelligence across the region.

[1] Black Hat USA 2022, Black Hat Network Operations Center, https://www.blackhat.com/us-22/business/network-operations-center.html [3] Black Hat USA 2022, Black Hat Network Operations Center, https://www.blackhat.com/us-22/business/network-operations-center.html

1. The Black Hat Network Operations Center (NOC) in Las Vegas utilizes open-source software for some of its key tools, including the network visualization screen developed using vibe coding tools.
2. The Black Hat NOC is a significant entity in the technology and cybersecurity industry, providing a secure environment for offensive security training and research during the annual Black Hat security conference.
3. The NOC team works closely with a variety of entities in the banking-and-insurance, finance, and travel industries, as these sectors are often the target of cyberattacks.
4. Given the critical role of the NOC, it strictly follows selection criteria to ensure only top-quality hardware, software, and digital solutions are deployed within the network.
5. Alongside advanced technology such as AI-enhanced Network Detection and Response (NDR) systems, the NOC team also writes their own code to develop new tools, similar to practices in the data-and-cloud-computing and business sectors.
6. The NOC operates as a testing ground for emerging cybersecurity technologies and tools, attracting vendors who wish to showcase their products during testing days and collaborate in addressing sophisticated threats.
7. Grifter, a long-time NOC member, mentioned that beyond network security, the NOC has intervened in situations where an attendee's personal data was at risk, indicating a connection to the lifestyle and privacy aspects of technology use.

Read also: