How to Become a Black Hat Arsenal Master

How to Become a Black Hat Arsenal Master

From the perspective of a Black Hat Arsenal speaker Michael Boelen give us the chance to know what to expect and how to be ready for the your presentation at the Black Hat Arsenal and be an Arsenal Master.

To give an idea to our audience about the Arsenal, we found Michael Boelen available for an interview. Michael, can you introduce yourself?

[MB] Sure! Living in the southern part of The Netherlands, 34 years old, and open source developer of security tools. I’m the original author of rkhunter, the malware scanning tool for Linux and UNIX systems. The second program in line is Lynis. Same platform, yet with the purpose to do an in-depth security scan, and help out with system hardening. I have now been a few times to the Arsenal, so it is my pleasure to share some of my insights.


For those unfamiliar with the Arsenal, can you explain what it is?

[MB] The well-known security conference Black Hat, has a corner named the Arsenal. At several desks, there are presenters showcasing their tool, framework, or solution. Everything is live, and people can join at any time, and ask questions. The interesting part is that every few hours a new set of presenters show up and start with their demo. This way you can learn all day about new tools and meet new presenters. Also good to know is that the presented materials have to be open source and security related. So you see passionate people with live demos, no commercial pitches.


Who is the typical visitor of the Arsenal?

[MB] Most of the visitors are a mixed set of professionals. While less formal than other parts of the conference, you will definitely see techies attending the demos. Surprisingly enough also security managers and security officers attend. After all, every company has the need for a toolkit. The Arsenal provides a nice set of options to get your kit filled up. I have seen some of them getting interested in the technical side, even though they would not use it directly. Some shared that they would bring the idea home, and share it within their organization.


Live Demos?! What can go wrong?

[MB] People who present on a regular basis, know they should be careful with giving a live demo. After all, the internet connection might fail, or tools refuse to do things they did before. Most of us know this as the demo effect. While sometimes things won’t work, the Arsenal demos are much more relaxed. You decide what you want to cover in the demo, and repeat it as often as you want. And if something goes wrong, it might even be a great learning moment for both the presenter and attendees.


What should you bring with you?

[MB] First of all you, should bring a notebook with you. Depending on where you normally live, you might want to bring the right power adapter or power converter with you. You will meet a lot of people during your presentation, so I suggest to bring business cards. Even if they are simple cards with your name and email address on them. Some other presenters forgot to do so, which is a missed opportunity to stay in touch with attendees. Because some of them might become users, or even contributors to the project. So put enough cards in your notebook bag. What I also found very useful is to make small cards of the tool you are presenting. At least include the name of the tool, and some of the highlights (purpose, audience, usage). I learned this lesson myself after seeing several people taking pictures with their phones of the monitor. You make it easier for attendees to remember your project when sharing a card. With all the briefings and presentations, you need more than an initial impression. Your card might just be the small token to be remembered later on.


What do you think is the best way to present your tool or project?

[MB] With the Arsenal you will have a defined amount of time, but you can repeat the demo as much as you want. So I would go for a short demo, so people can see things in action. Because people swoop in and out, they need to be hooked in less than a minute. They might continue to the next presenter otherwise. If you have any hardware parts related to your project, bring them. Most of the attendees have seem to be attracted to that.


What other tips would you give first-time Arsenal presenters?

[MB] Besides bringing cards, and a short repeatable demo, get to learn the other presenters. There is a really good atmosphere between the Arsenal presenters and the open source projects. So look them up before you go to Black Hat, and read about their projects. This way you will quickly recognize their faces and start a great chat with others. And best advice of all: enjoy your time and share your great work with the world.


michael-boelenMichael Boelen specializes in the field of Linux and UNIX security. He worked before as a consultant for several big companies, including T-Systems, Philips, and ASML. In 2013 started the security firm CISOfy, to support companies with their auditing, hardening and compliance needs. Michael is the author of several open source security tools, like Rootkit Hunter (rkhunter) and Lynis. Other work includes supporting the CIS benchmarks, organizing the Dutch NLUUG conference, and writing articles. He is a regular contributor to the Linux Audit blog, and can be found on Twitter: @mboelen




Thank you so much Michael, we appreciate this interview and your time to let people know how is the Black Hat Arsenal!

MaxiSoler @maxisoler