In its 20th year, Black Hat 2017 began on a reflective note. Alex Stamos, the CSO of Facebook, looked back on his early days at the conference. For him, it was a place to be accepted, and to learn from the community. He challenged that same community to be more empathetic, and to prepare for the next generation of hackers by welcoming more diversity.

The Black Hat sessions have always been the place to see surprising—and sometimes horrifying—examples of security research. This year, we saw how to fool Apple Pay’s web interface and how to topple a hoverboard using ultrasound, and we learned how vulnerable wind farms could be to a cyber attack.

Another remarkable talk looked at attacking industrial infrastructure. After two successful attacks against the Ukrainian power grid last year, securing critical infrastructure like power plants and factories is a major issue. This time, we saw how bubbles — yes, regular bubbles — can be used as a malicious payload to destroy expensive, critical pumps.

Perhaps the most remarkable achievement of this year’s show was in the field of cryptoanalysis. Using sophisticated techniques, a team was able to create the first SHA-1 hash collision.

After 20 years, Black Hat is still the premier stage for hackers. But the future is uncertain. Nation-state cyber attacks have gone from being a rarity to a regular occurrence, and the stakes are bigger than ever before. How we’ll deal with that still isn’t clear; perhaps Black Hat 2018 will have the answers. Until then, check out some of the more eye-catching moments from this year’s conference.

ULTRASONIC GUN ATTACKS DRONES, HOVERBOARDS