Sign In
Go back

Dispatch from the Desert: VulnCheck at BlackHat, Security Wasteland, and DEFCON

This year marked my 10th anniversary of parking myself in Vegas for a week of hacker summer camp, running into friends and “hacker family,” soaking up the latest research, and getting the update from colleagues on what they are building.

From a VulnCheck perspective, here’s what stood out over the week and a few predictions about where we’re headed as an industry in the latter half of 2025.

Security Wasteland

Year two of our off-strip event, Security Wasteland, was equal parts playground and laid-back lounge, hosted at the Keep Memory Alive Event Center -- a Frank Gehry fever dream of a building. We wanted a space that could fuel the party energy and spark meaningful connections.

  • Hidden conversation nooks, rock music, and a chance to re-experience vinyl (Purple Rain, Led Zeppelin, Nirvana albums as swag).
  • Conversations about real exploitation data, swapping TTPs over drinks, and sharing stories you won’t find in any vendor deck.

We even had a custom latte art printer, which included a camera to put your face on the latte? Wild.

No badge scans, no awkward elevator pitches... just hackers, researchers, and defenders trading ideas. Judging by the late-night conversations, we nailed our goal.

On the Black Hat Floor

Our booth was where real-world exploitation intel met the chaos of the business hall. Even though this year felt lighter on foot traffic, it worked in our favor, providing more time for long, honest conversations about the problems people are facing and the kind of intel they actually need. Special shoutout to the healthcare IT pro who gave me a deep dive into his toolset and threat model.

  • Live walk-throughs of active exploitation evidence.
  • Deep chats with red-teamers, threat intel analysts, and vulnerability managers about what really matters in vuln prioritization.

We didn’t just hand out swag (though, yes, the tactical bracelets and water bottles disappeared fast), we traded knowledge. We even got to see the NOC's network threat hunt map in action.

AI in the Wild

The AI booths this year were impossible to miss, but between the hype cycles were some solid working prototypes:

  • AI SOCs - live demos of AI-assisted SOCs handling triage, threat hunting, and automated incident playbooks. Makes tons of sense to me as a former SOC manager as many events in an environment are repeatable patterns that once your analysts understand, should be automated out of the ecosystem.
  • AI Pentesting - chaining LLMs with exploit frameworks to map, probe, and even exploit targets with minimal human input. Exciting and terrifying in equal measure due to the way this could increase speed of exploitation across the board.
  • Purpose-built players like XBOW, who I didn't realize was a whole entire company instead of just an AI hacking bot, showing how specialization lets you uncover huge vulnerability volumes in record time.

The takeaway from my perspective? AI in cybersecurity is making the move to displace the jobs that rely on repeatable, pattern-based circumstances -- pentesting first passes, phishing responses, and report writing.

Rolling into DEFCON

When Black Hat shut down, a few of us stayed maybe a little too long, but not without the utmost excitement for what we encountered.

We made the rounds at the Defcon Villages including Aviation, Space, Hardware Hacking, ICS, and Blue Team Village, where defenders shared in depth detections, playbooks, and stories from the trenches. Some of the best takeaways came from hallway conversations, where the skillsets range from seasoned pro to right out of coding bootcamp.

The highlight here for me? The talks with the juniors in our industry who look at emerging threats in an entirely different way because they're not battle hardened like the rest of us. The talks with every person who tore apart a random piece of equipment they purchased off eBay to understand deeper how it works and then manipulate its abilities.

What We Took Home

Events like this keep us honest. They remind us why we do this work:

  • To stay involved in the community that spots trends before they hit the news.
  • To test our ideas against the toughest critics: the hackers themselves.
  • To keep VulnCheck rooted in hacker-informed exploit intelligence defenders can act on immediately.

To everyone who came to Security Wasteland, stopped by our booth, or swapped stories over vendor party canapés or drinks... thank you. Let’s keep the conversations going.

See you next year, Vegas!

About Vulncheck

Interested to talk with us out in the wild? Catch us at our upcoming events.