DEFCON 21

Ah @_DEFCON_, where to start…

My DEFCON experience was interesting in a couple of different ways. First of all, it’s my second conference ever, second I was doing Vegas for the first time under 21 (more about that in a bit) and then of course there’s DEFCON itself. Lets take it from the top!

What is DEFCON

I can’t do the history of DEFCON justice, so this section is going to see a whole lot of work and rework as I learn for myself the backstory of this infamous annual hacker bash. The short version of DEFCON’s sordid and storied history is that 21 years ago The Dark Tangent (DT) invited the users of his BBS to get together for a party in Vegas.

21 years later, DT is still throwing the party every year and DEFCON has grown from a simple (hacker) BBS user con to one of the flagship conferences of the computer security world. And it’s changed a lot. The con itself has grown from a few dozen people to an estimated head count of 15,000 this year and this has lead to a number of culture changes. DEFCON has become for better or worse a more mainstream conference and attracts a broader base of slightly lower technical background attendees than it used to but it’s my perception that most of the old timers have really grown up and fostered a welcoming and awesome community around the remains of the original drunken BBS party.

DEFCON as it stands today is an amazing four day marathon of technical talks, live hacking demos, crazy contests involving skills such as social engineering and lockpicking. So here’s my rundown of my DC1

  1. Everything is a contest. Seriously. There are technical and semi-technical contests everywhere. They look hard, they are hard, but they are designed for sleep deprived and largely drunk DEFCON attendees to tacklke in three days and the are completely worthwhile.

  2. Every contest has a party at the end of it. Remember that DEFCON was originally a drunken meet for BBS users who had self-selected in on the basis of personal technical skill. This tradition lives on in the form of DEFCON contest invite-only parties which give those who demonstrated sufficient technical skill the opportunity to get drunk and have a good time together.

  3. Black badge contests are amazing. At some point, DT started handing out black badges to the winners of contests who had to demonstrate exceptional technical skill in order to win. The DEFCON hacking CTF is the classic example of a Black Badge contest, as is the tamper evident challenge and some others. Black badges are a big deal because you can only get one (in theory) by winning a contest and the badge grants you lifetime free entry to DEFCON. These are a big deal, OK?

Doing DEFCON right

While DEFCON itself is located at the Rio and many people choose to stay at the conference hotel due to the Blackhat and BsidesLV sister conferences which have sprung up around DEFCON it is quite common to find DEFCON attendees and parties at other hotels. Also other hotels are probaby much cheaper to sleep and eat at than the Rio so investigate at length and choose carefully.

Talks are (for the most part) overrated. Read the programme, pick out stuff you think is interesting and by all means go to talks, just realize that the talks are all being video recorded and will be on youtube for posterity but the people (and technical skills) physically present in the villages are amazing and will not be available on demand after the con.

Parties & challenges. Remember the part where I mentioned that every challenge has a party somewhere at the end of it? Yeah. If someone’s running around with a challenge (jgor ( @indiecom ) and @_al3k_ had “lol boxes” this year) solve the shit out of it fast as you can. It turns out that the “lol boxes” were one route to winning enterance to the “lol bitcoin” party hosted and paid for by ExploitHub (I think it was). I all but got into the party, but took my sweet time in solving the last step because I thought that I had time to spare and as a result missed out Q_Q.

Be over 21. Seriously. It wasn’t just not being able to drink (which was seriously irritating in and of itself), but because I was under 21 technically the Rio wasn’t allowed to execute ATM transactions with me, technically they weren’t allowed to let me check in to my own room, and I had no access to most of Vegas’s “attractions”. Yeah. I can’t wait do to DEFCON over 21 next year :D.

Meet people. Sure there are awesome contests and some really good tech talks, but the bottom line is that the first DEFCON was all about community and that community is no small part of what makes DEFCON unique. Whether it’s hanging out in the chill out room striking up a conversation with some other random hacker at your table or it’s making jokes with the people next to you in a talk just freaking meet people.

Okay. I mentioned parties, that being under 21 sucks, and the people… Oh. Contests. If you know other people who are going, absolutely plan and prepare to take part in at least one DEFCON contest. Next year I want to be a part of the tamper evident contest, and Deviant Olam’s Black Bag Challenge was amazing to watch.

Finally, you can’t miss out on the after hours crap. Unless you are attending some super s33kr3t osum l337 sup4 h4x0r party, you should be at Hacker Jepardy (a thousand boozing hackers chanting “don’t fuck it up” is quite an experience).

My first DEFCON (and technically BsidesLV too)

DEFCON Day -1 I flew in and got to see some of BsidesLV. It was interesting… I only got over to the Tuscany for Bsides late as BsidesLV was ending so I only got to one talk about driver injection under wind0ze but the FALE lockpicking booth there was a fun crowd and I had a good time haxing locks with al3k and jgor.

DEFCON Day 0 I woke up late, about 1pm (yeah yeah laugh it up) by which point my mate Fox ( @frozenfoxx ) with whom I shared a room for the majority of the con had landed and was checking in. Fox and I got our DEFCON conference badges and went over to the Tuscany to hang out with jgor and al3k some more because there wasn’t a whole lot of DEFCON scheduled for day 0.

DEFCON Day 1 all hell broke loose. Fox and I were up bright and early and boy we missed nothing. Talks, the hardware and lockpicking villages… we hit all the con there was to hit, and then went back for seconds. I got set up and started playing schemaverse (more about that another time), then managed to rm -rf / the linux install on my laptop so much of the evening was spent in an attempt to rebuild it. I think this was the night that DT did a screening “The second premeere of ‘The Making of DEFCON’”, which was really illuminating (and free officially on bit torrent!).

DEFCON Day 2 the first order of buisness was putting my laptop back together and getting a working linux install, which lasted me till about 11:00. We ran into some friends of ours from Spider Labs’ Austin division, watched @savagejen’s talk “Home Invasion 2.0” which was awesome. I also made an interesting talk about the state of anonymity tech entitled something along the lines of “de-anonymizing alt.anonymous” which was a facinating presentation on the technologies used by the a.a mail list crowd, as well as some purely metadata based identification attacks agains the a.a mail list’s logs. Hacker Jeopardy day II was amazing and I really sort of sorry that I mised day I for The Making of DEFCON.

DEFCON Day 3 was the last day, and man did the con feel short. I made a few talks, but the con was really winding down by about 14:00, with attendees and vendors making good their escapes for the Vegas airport. I managed to catch a few last talks, buy some last minute swag (and some (entirely too expensive) bogeta lockpicks!) and say hi to @snubs of @hak5, Fox flew out 16:00 ish but I stuck around for the closing ceremonies and flew back on

DEFCON Day -361 really wasn’t interesting as basically just woke up, grabbed food, checked out and hit the airport for the long ride back to Austin.

So I definitely did DEFCON wrong… but my first time was still amazing. I look forwards to making arangements to compete in at least one ‘con contest next year and I also intend to get more of an idea about what talks and contests are scheduled from the DEFCON forums in the weeks before flying out. I definitely felt like I was “just passing through” in that I sas a whole lot of cool talks and had a good time but didn’t really manage to engage with the rest of the ‘con goers, especially what I shall term the heavily engaged ‘con hardcore like @deviant and @scorche.

I also didn’t go out and get shitfaced or even have a good time dancing at one of the con parties, both of which seems to be primary hallmarks of a successful DEFCON adventure along with black badge wins. But both of these things will sorta solve themselves for DEFCON 22, and I’m totally up for building a black badge seeking team for next con. I’m friggin pumped already :D.

^d