Black Hat Knock Report Details Network Deployment and Management at Black Hat 2024

The Black Hat Knock Report presented at the Black Hat 2024 conference details the deployment and management of the event's network by the team led by Neil "Grifter" Wyler and Bart Stump. The network, deployed in 4 days with a team of 15 to 20 people (including 70 partners), supports 20,000 participants and 90 training classes. It relies on partner equipment (Palo Alto, Arista, Cisco, Lumen) and uses tools like ThousandEyes, Cortex XDR, and XIM for monitoring and alert automation. Traffic was 91% encrypted (compared to 75-80% in previous years), with 62 TB of data captured and 2,800 plaintext passwords detected. The team set up Raspberry Pi and Orange Pi sensors for proactive anomaly detection, as well as an open-source tool called Vibes for real-time traffic visualization. Notable incidents included data leaks via poorly secured applications (plaintext translation, GPS location) and a malicious Chrome extension infecting a speaker. The network maintained 100% availability despite increased latency in some areas.