Black Hat Briefings (commonly referred to as Black Hat) is a

computer security conference A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Common activities at hacker conven ...

that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in

information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...

ranging from non-technical individuals, executives,

hackers A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bugs or exploits to break ...

, and security professionals. The conference takes place regularly in

Las Vegas Las Vegas, colloquially referred to as Vegas, is the most populous city in the U.S. state of Nevada and the county seat of Clark County. The Las Vegas Valley metropolitan area is the largest within the greater Mojave Desert, and second-l ...

Barcelona Barcelona ( ; ; ) is a city on the northeastern coast of Spain. It is the capital and largest city of the autonomous community of Catalonia, as well as the second-most populous municipality of Spain. With a population of 1.6 million within c ...

London London is the Capital city, capital and List of urban areas in the United Kingdom, largest city of both England and the United Kingdom, with a population of in . London metropolitan area, Its wider metropolitan area is the largest in Wester ...

and

Riyadh Riyadh is the capital and largest city of Saudi Arabia. It is also the capital of the Riyadh Province and the centre of the Riyadh Governorate. Located on the eastern bank of Wadi Hanifa, the current form of the metropolis largely emerged in th ...

but has also been hosted in

Amsterdam Amsterdam ( , ; ; ) is the capital of the Netherlands, capital and Municipalities of the Netherlands, largest city of the Kingdom of the Netherlands. It has a population of 933,680 in June 2024 within the city proper, 1,457,018 in the City Re ...

Tokyo Tokyo, officially the Tokyo Metropolis, is the capital of Japan, capital and List of cities in Japan, most populous city in Japan. With a population of over 14 million in the city proper in 2023, it is List of largest cities, one of the most ...

, and

Washington, D.C. Washington, D.C., formally the District of Columbia and commonly known as Washington or D.C., is the capital city and federal district of the United States. The city is on the Potomac River, across from Virginia, and shares land borders with ...

in the past.

History

The first Black Hat was held July 7-10, 1997 in Las Vegas, immediately prior to

DEF CON DEF CON (also written as DEFCON, Defcon, or DC) is a Computer security conference, hacker convention held annually in Las Vegas Valley, Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include comp ...

5. The conference was aimed at the computer industry, promising to give them privileged insight into the minds and motivations of their hacker adversaries. Its organizers stated: "While many conferences focus on information and network security, only the Black Hat Briefings will put your

engineers Engineers, as practitioners of engineering, are professionals who invent, design, build, maintain and test machines, complex systems, structures, gadgets and materials. They aim to fulfill functional objectives and requirements while consider ...

and software

programmers A programmer, computer programmer or coder is an author of computer source code someone with skill in computer programming. The professional titles ''software developer'' and ''software engineer'' are used for jobs that require a program ...

face-to-face with today's cutting edge computer security experts and '

'." It was presented by DEF CON Communications and Cambridge Technology Partners. It was founded by Jeff Moss, who also founded DEF CON, and is currently the Conference Chair of the Black Hat Review Board. Black Hat started as a single annual conference in

Nevada Nevada ( ; ) is a landlocked state in the Western United States. It borders Oregon to the northwest, Idaho to the northeast, California to the west, Arizona to the southeast, and Utah to the east. Nevada is the seventh-most extensive, th ...

, and is now held in multiple locations around the world. Black Hat Briefings was acquired by

CMP Media UBM Technology Group, formerly CMP Publications, was a business-to-business multimedia company that provided information and integrated marketing services to technology professionals worldwide. It offered marketers and advertisers services such a ...

, a subsidiary of U.K.-based United Business Media (UBM) in 2005 which was then acquired by Informa Tech in June 2018. After a corporate reorganization in 2025, Black Hat Briefings was moved to the Informa Festivals division.

Components

The conference is composed of three major sections which include briefings, trainings, and arsenal.

Briefings

The Briefings are composed of tracks, covering various topics including

reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...

, identity and privacy, and hacking. The briefings also contain keynote speeches from leading voices in the information security field, including Robert Lentz,

Chief Security Officer A chief security officer (CSO) is an organization's most senior executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and re ...

United States Department of Defense The United States Department of Defense (DoD, USDOD, or DOD) is an United States federal executive departments, executive department of the federal government of the United States, U.S. federal government charged with coordinating and superv ...

; Michael Lynn;

Amit Yoran Amit Yoran (December 1, 1970 – January 3, 2025) was an American businessman, most notable as the chief executive officer of Tenable, Inc. from January 2017 to December 2024. He was also a member of the board of directors of the Center for Inte ...

, former

Director Director may refer to: Literature * ''Director'' (magazine), a British magazine * ''The Director'' (novel), a 1971 novel by Henry Denker * ''The Director'' (play), a 2000 play by Nancy Hasty Music * Director (band), an Irish rock band * ''D ...

of the

National Cyber Security Division The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical In ...

of the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior, home, or public security ministries in other countries. Its missions invol ...

; and General Keith B. Alexander, former

Director of the National Security Agency The director of the National Security Agency (DIRNSA) is the highest-ranking official of the National Security Agency, which is a defense agency within the United States Department of Defense, U.S. Department of Defense. The director of the NSA ...

and former commander of the

United States Cyber Command United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integra ...

Trainings

Training is offered by various computer security vendors and individual security professionals. The conference has hosted the

National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...

's information assurance manager course, and various courses by

Cisco Systems Cisco Systems, Inc. (using the trademark Cisco) is an American multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develops, m ...

, Offensive Security, and others.

Arsenal

Arsenal is a portion of the conference dedicated to giving researchers and the

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

community a place to showcase their latest open-source information security tools. Arsenal primarily consists of live tool demonstrations in a setting where attendees can ask questions about the tools and sometimes use them. It was added in 2010. ToolsWatch maintains an archive of all Black Hat Briefings Arsenals.

Notable incidents

Black Hat had historically been known for the antics of its hacker contingent, and the disclosures brought in its talks. In the past, companies have attempted to ban researchers from disclosing vital information about their products. At Black Hat USA in 2005,

tried to stop Michael Lynn from speaking about a

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

that he said could let

virtually shut down the Internet. However, in recent years, researchers have worked with vendors to resolve issues, and some vendors have challenged hackers to attack their products. Conference attendees had been known to hijack wireless connections of the hotels, hack hotel television billing systems, and in one instance, deploy a fake

automated teller machine An automated teller machine (ATM) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account ...

in a hotel lobby. In 2009, web sites belonging to a handful of security researchers and groups were hacked and passwords, private e-mails, instant messaging chats, and sensitive documents were exposed on the vandalized site of

Dan Kaminsky Daniel Kaminsky (February 7, 1979 – April 23, 2021) was an American computer security researcher. He was a co-founder and chief scientist of Human Security (formerly White Ops), a computer security company. He previously worked for Cisco, Av ...

, days before the conference. During Black Hat USA in 2009, a

USB Universal Serial Bus (USB) is an industry standard, developed by USB Implementers Forum (USB-IF), for digital data transmission and power delivery between many types of electronics. It specifies the architecture, in particular the physical ...

thumb drive A flash drive (also thumb drive, memory stick, and pen drive/pendrive) is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and u ...

that was passed around among attendees was found to be infected with the Conficker

virus A virus is a submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Viruses are ...

, and in 2008, three men were expelled for

packet sniffing A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...

the press room

local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, campus, or building, and has its network equipment and interconnects locally managed. LANs facilitate the distribution of da ...

Venues, dates, and locations

Black Hat had initially started within the United States but expanded over the years across USA, Europe, Asia, Middle East, Africa, Washington DC, and Abu Dhabi:

References

External links

* {{Informa Computer security conferences Las Vegas Valley conventions and trade shows Informa brands