My first DEFCON Experience.

DEFCON is the hoodie conference that follows the BlackHat suit conference.  It has a very different feel from other security conferences with no corporate sponsors, no advertising, no marketing mailing list and an aggressive inclusion policy.  Normally I can go to a conference, sit in some sessions and do a little lab work and feel like a success.  

DEFCON is all about participation and inclusion.  There is an entire wall of competitions often called Capture the Flag (CTF) that originate in the various villages.  It has 20+ semi-structured lab tracks.  Attendees literally wear the results of their conference activities.

DEFCON 26 was my first visit to the Las Vegas hacker conference.  I was completely unprepared for the almost any of the lab / village sessions that I worked on.  It was still awesome but I would have gotten so much more out of it with some serious preparation.

Prepare

There is a good chance you will be a complete poser at DEFCON if you are not already a security professional, blue team hacker, red team hacker, IOT engineer, or some type of penetration analyst. Everyone else should do serious prep before you arrive.  I didn't do any prep and I still had a great time.  I just couldn't meaningfully participate in everything.

Pick a hacking or security area you are interested in and do at least the basic on line free classes or guides.  Install some tools know how they work.  The simplest prep is to use the "known bad applications" in your area of interest and do a basic attack or run scans for defense.

Capture the Flag (CTF)

Competition and leader boards appear in a lot of the village and workshop areas.  Humans normally get the white human badge.  Contest winners strive for the coveted black badge or other prizesSome of the workshop areas are basic one person efforts.  Others require whole teams to compete.  I saw dozens of groups who spent much of the conference heads down working on various competitions.  People sat everywhere working some project. Others worked remote from their rooms or other workspaces.

Villages

Villages are the core of the conference.  DEFCON 26 had over 20 villages including the kids area that required you be accompanied by someone 12 or under.  Each village focuses on a single problem space each its' own hands on area.  Most villages ran some type of contest.  Many of them had beginner areas.  All required some thinking.

IOT, Biohacking, Packet hacking, Crypto, Wireless, Rootz (kids), lock picking, hardware, social engineering, tamper evident hacking (physical tamper resistant), soldering, vote hacking, AI (attacks and usage in protection), drone hacking, crypto currencies, ethics, blue team, SOHO devices, industrial devices and automobile.
The packet village's notorious wall of sheep that showed everyone's insecure network traffic, bluetooth connections and other information available to spectrum sniffers

Sessions

DEFCON has sessions just like any other conference but you will miss most interesting parts of the conference if you attend them. There are 3 conference tracks, individual village and social engineering talks and Skytalks.  The organizers record as many of the sessions as they can afford and broadcast them over the hotel channels. The track sessions were generally good.  Some were dry and very technical in line with what you would expect at a hacker conference. Skytalks are slightly more sensitive with no recording allowed.  The buzz was good about the Skytalks 

Schedule

Conference registration starts Thursday morning in the conference hotel.  It probably starts at 6 or 7.  The line can start the night before.  Getting in line at 5:30AM was fine for me.  You can sign up for as may people as you want since they don't take down your name. You give them cash and they give you the appropriate number of registration packets.

The main conference is 3 days, Friday, Saturday and Sunday.  Some workshops start on Thursday along with a couple overflow talks.  Villages open on Friday.  There is no true keynote.  

There are parties, karaoke and music events every evening.

Badges

Electronic badges are big.  They are like challenge coins at a military event or pins and sporting events.  Groups, hacker-spaces and companies all had their own custom electronic badges.  Village specific badges were available in the villages and in the vendor area. Most badges were hackable in one way or another. They 2018 badge had a built in game, a USB serial port and an inter-badge connectivity port.  Hackaday has a whole series on electronic conference badges.

Alternative Titles

  • "I was a poser at DEFCON"
  • "I was unprepared for DEFCON"
  • "DEFCON, a conference you have to prepare for"
Created August 2018

Comments

Popular Posts