A Modern History of Offensive Security Research


Dino Dai Zovi


The landscape of offensive security research has changed significantly since the mid-90's when it just started moving out of the underground and into the professional security world. We can divide its history into three periods based on two landmark events a decade apart: the first BlackHat Briefings conference in 1997 and the first USENIX Workshop on Offensive Technologies in 2007. As I have been involved in offensive security research through much of this timeline, I'll share some perspectives on how the targets, research, and mindsets have changed across these periods. I'll also discuss how to best put offensive security research to work to help guide security engineering. Finally, I'll conclude with some thoughts on what offensive security research will look like 10 years from now.

Dino Dai Zovi

Dino Dai Zovi is an information security industry veteran and entrepreneur. Dino is also a regular speaker at information security conferences having presented his independent research at conferences around the world including DEFCON, BlackHat, and CanSecWest. He is a co-author of the books The iOS Hacker's Handbook (Wiley, 2012), The Mac Hacker’s Handbook (Wiley, 2009) and The Art of Software Security Testing (Addison-Wesley, 2006). He is best known in the information security community for winning the first PWN2OWN contest at CanSecWest 2007.

@conference {222139,
author = {Dino Dai Zovi},
title = {A Modern History of Offensive Security Research},
year = {2018},
address = {Baltimore, MD},
publisher = {USENIX Association},
month = aug